The Only Security Tip That Matters
Time To Take Ownership of Your Security & Privacy
In 2013 President Obama proclaimed October as National Cybersecurity Awareness Month. That’s nice. You probably didn’t even know that. October is almost over, and you likely didn’t even see all the emails, tweets, and posts from organizations trying to make you aware of it. I get it. You’re busy. But I’m here to tell you the one thing you need to hear this month:
Your digital security and privacy are your own responsibility.
That’s right. It’s not Google’s job, it’s not your credit card company’s or bank’s job, it’s not your smartphone manufacturer’s job, and it’s not the Government’s job to keep you digitally secure and private. It’s your responsibility, and it’s time you finally take ownership of it.
The good news is that it’s not hard to do. The bad news is that lists of tips from cybersecurity experts won’t help if you don’t approach security as a practice and make it a part of your digital life with the perspective that it’s your own responsibility. Like security expert Bruce Schneier said, “…security is a process, not a product.”
To be clear, it’s not that the big organizations you thought should be responsible for your security are morally bad or intentionally do things to harm you, like letting massive data breaches happen. These big companies ordinarily spend boatloads of money on security, approach it as a process, and never want the negative consequences of attacks on their customer’s data. What I am trying to tell you is that security, the process, is not only about preventing attacks from occurring, but it’s also about knowing when they occur, making sure the damage is limited, and doing what needs to be done after you’ve been compromised.
And this is the hardest part. You can’t buy software to do it for you. If my info is breached at some megacorp, and now lots of bad people have access to my info and password, I need to make sure I never use that password again. Moreover, I need to go and change it anywhere else I’ve used it. A password manager helps, but it doesn’t do that work for me. It doesn’t ensure that I’m not reusing passwords. In fact, I see people using password managers the wrong way all the time.
You can’t buy software to do it for you.
What about keeping your operating system up to date? I could argue doing that is more valuable than buying antivirus software. There actually is software that makes sure your OS on your computers and smartphones is always ‘patched’ and up to date. But that’s for big companies, and it still needs a person to operate it and enforce those rules. It’s not for you and me and my grandparents.
WE have to do it ourselves. Plus, the more frequently our data gets caught up in data breaches, the more we have to worry about every other aspect of our security like ID theft, phishing, ransomware, etc.
I’m not trying to tell you anything new. There is no reinventing the wheel with security. No one has better advice or ‘technology,’ and even if they did, it wouldn’t matter that much because the tactics aren’t what is important. The core concepts haven’t changed all that much. What truly matters is that some people have better discipline and will do the work needed to keep with the process.
So what now? Watch this talk, The New Attack Surface, by Martin Casado. I’ve probably watched it 20 times. He does a great job of explaining why you and I are under attack and things you can do to be more secure.
Lastly, here are a few quick things you can do right now to get started:
- Keep your devices’ OS updated all the time.
- Use a good, privacy-focused web browser like Brave or Firefox
- Use strong, unique passwords — a password manager used correctly can help with that.
- Enable 2-factor authentication everywhere. (Stop reading this and actually do it right now)
- Get a software-based security tool like an antivirus. They’re basically the same, just make sure it’s not free.
BTW- If this is interesting to you reach out! We’re changing personal security at Achilleion with what we call Security as a Process (SAAP).
