With all the recent high profile security breaches making the news, eBay being the latest, it has squarely focused every ones attention on security. Most of these breaches are out of the end users control and the outcome is usually resetting passwords, selecting new pin numbers, or being issued new credit cards or debit cards.
The eBay breach fell into this category and was caused by the login credentials of an eBay employee being compromised causing a database containing user data to be breached. Again, nothing the end user could do and even though the database was encrypted eBay did force all of its users to change their passwords.
Being an eBay user I had to change my password and it was probably more than five years since I had last changed this password contrary to what security experts recommend and what I preach in my own security awareness classes to change passwords more regularly.
So why was I not following my own advice to change my password more often? Was my thought process as with most people “it won’t happen to me”, or “why would someone hack my account?” Granted the eBay breach was out of my control, but that should not be the only time I change a password.
Besides eBay there are many other sites I have an account with and there are probably a dozen or so sites I have never changed the original selected password. I know of two high profile websites that offer two factor authentication that I’m not taking advantage of.
It is definitely not my lack of knowing it is available, or how to set up or use the features, but again more of putting it off or having a laid-back attitude to security.
How many people have purchased a home wireless router and have just plugged it in without changing any of the default settings. Even if some form of encryption or a password to join the wireless network is enabled by default it is not a secure network.
The information to change the default settings and setting up proper security were more than likely included in the instructions. Searching the internet can yield hundreds of articles for all technical skill levels for how to secure a home wireless router. The features are there and the documentation is available and it is the effort that needs to be made.
I have taught security awareness for years and during the classes it is easy to reach people and make them believe security is important. Weeks after the classes when I touch base with some of those that attended a small percentage have applied what they learned.
For the rest it isn’t that they don’t want to be secure, but I hear I meant to do it, or it is on my do to list, or having a different complex password for every site is too hard to remember.
I have heard so many excuses from people for not setting up proper security. Websites may have their own security options and it can get confusing, but all sites have documentation and help is also available from their support.
I realize it’s hard to remember every password, especially a complex password, but password manager programs are available. Web sites are offering more options for security and users need to take a more active role in their own security and take advantage of them.
Good intentions will not keep you secure! Make the effort and protect your devices and accounts now. Don’t wait for something to happen and then realize it could have been avoidable. We have moved passed the days when installing an antivirus scanning program was all the security you needed.
Take the time to learn about security. With mobility and a constantly connected world security has become a full time job and there is no time off!
About the Author: Dale Rapp (@DaleRapp)currently works for a large school district in the St. Louis area, has been involved in network support, project management, and IT security for 10+ years. Rapp has worked on projects upgrading hardware and software systems, designing and installing wireless networks, and initiatives to secure systems and data. Dale earned his CISSP certification in 2011 and the CWSP certification in 2013, and is currently planning to sit for the CEH exam in 2014. Rapp has a passion for computer networking, especially anything to do with wireless security, and also writes for his own security and wireless networking blog.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Ten Secure Ways to (Not) Shoot Yourself in the Foot
- Confessions of a LinkedIn Imposter: We Are Probably Connected
- The Broken Link Between Physical and Cyber Security
- Measuring Risk – Physical vs. Online
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock