I read an article recently from a CT industry “expert” about network security. It was mostly scary statistics about how your entire life is going to be ripped out from under you. But it didn’t ever really give any usable, applicable information about how to actually secure a network. In fact, it didn’t even cover the most basic and fundamental issue everyone should know by now – how to create a secure and memorable password.
After reading the article, I thought it would be a good idea to do a series on network security for The Insider. In this series, we’ll break down topics by devices (wired and wireless) and 3rd party services (remote monitoring, cloud-based storage, devices requiring open ports, etc.) and how to manage your security; with fundamental, easily applicable steps you can take for your company, your home, and for your clients’ homes. Think of this series as a best practices tutorial. Many of you know these simple guidelines, but it’s amazing how many people let things slide – like not backing up computers once a week (yes, I’m talking to you!).
First things first. If a determined hacker wants into your system, they will get in. That’s a fact. So we’re not going to go too deep into encryption and heavily fortified security aspects. And we’re not going to cover the basics of what not to click on, like porn ads, spam and phishing emails – if you don’t know that by now, secure passwords aren’t going to be of any value to you. We’re going to cover the basics – what an IT department would know and advise the business owner to reasonably undertake.
Okay, so think of your network (system) as a house. There are doors and windows and air vents and many, many ways to get in (think of these multiple entry points as devices and services – computers, modems, routers, wireless networks, etc). Think of a hacker’s automated malware code as a mouse. Think about trying to keep mice out of your house. Nearly impossible if the mouse is resilient, no?
Now, think of the use of passwords as the key that unlocks all the doors and windows and vents. Would you leave your front door or kitchen sliding door open or unlocked 24/7? That’s what you’re doing if you don’t deploy secure passwords. Every one of your IoT devices and gateways (from the modem to the router to switches to individual nodes such as wireless music systems, IP cameras, etc.– basically anything that offers or requires a password) to computers and email should have a strong password – and if you only use one (which is just lazy, but what 98% of people who have strong passwords actually do!) – make it a doozy. Make it secure. Make it memorable. Here’s how:
- Make it secure and make it memorable (no sense creating a password you have to look up every time you want to use it! Or passwords so complex that you need to rely on a 3rd party password manager. And, please, don’t create a folder on your computer labeled “Passwords”. Just. Don’t. Do. That. In fact, when you create a Word doc to list your passwords, come up with a name for User and a name for Password (Adam and Eve, for instance). Don’t use the terms ‘user’, ‘user name’ or ‘password’ in any Word doc – here’s why – if I get into your computer, I can file search those terms and boost your master password file.
- Create a password of at least 12 characters that includes upper-case letters, lower-case letters, a symbol, and some numbers. Think of a memorable phrase.
- Example of a highly secure, memorable password: !jenniferAnistonis110%SEXY
- If you are creative, you can create similar passwords and use them by device/category; use #1 pass for your internet-based activity (Amazon, Roku, etc.), #2 pass for your personal stuff (banking, etc.), #3 pass for devices on your network, etc. That way, if your system gets hacked and a password is compromised (how this is done is way too deep for this series), you won’t necessarily compromise everything.
- Don’t be lazy and think that any given device is not vulnerable or a gateway into your entire network. Secure EVERYTHING.
Got it? Now, create your own secure, memorable master password(s) and deploy it/them on everything. Every single device and computer and email account. On your wireless router. On your PC. Use them on your Mailchimp, iCloud, WordPress, Social Media and every other 3rd party service you use.
The simple reality is that if you deploy strong, secure, memorable passwords, you’re going to fend off the majority of automated or targeted attacks. It isn’t rocket science – it’s just a matter of getting it done and not letting your guard down. Don’t be lazy.
Next up – securing gateway devices.