Sunday, February 26, 2012

Personal Online Security

I had the opportunity to attend a meeting on February 24 at the New York Federal Reserve Bank. It was arranged through Fordham University, and the focus was cyber security.

Much has been said on this topic – and the more I hear the more frightening it gets. I will not try to summarize the presentation or the discussion that ensued among participants, who included CIOs of several major private and public institutions. It is far too complicated to capture in a single blog entry.

But the meeting caused me to think about personal security. Many of us have online access to bank accounts, credit cards, private information (e.g. email and contacts and calendars) and other highly confidential information. We are all used to two factor security arrangements (i.e. a user id and password). Some of us have had experience with one time passwords and other personal methodologies as well.

Keeping track of passwords is a challenge. So some of us store them in Outlook. Others use various ‘secure’ password storage facilities that are generally available. The common weak link to all of this is our email identity.

Why do I say that? What happens when you forget a login id or a password? Often you need to answer a preselected security question but in most cases you get a link emailed to your email account of record. That link ‘authenticates’ that the authorized party is requesting the password change, and allows it to be made.

But what if a hacker has access to your email account? Unless you are carefully monitoring your email account, and even if you are, a hacker can intercept that email link, change your password and access your private information, credit cards, bank accounts and who knows what else. And by time you figure it out – if you do – the damage is done and is irreversible.

What are we to do? There is no simple formula nor is there a foolproof methodology. I suggest the following as a starting point.:

1.       Eliminate all stored passwords from Outlook contacts and other repositories

2.       Use a unique password for every important access point of interest – personal information, banks, credit cards, email, etc.

3.       Change passwords often – monthly or more frequently for critical access points such as bank account access

4.       Change your email password very frequently – weekly!

5.       This will cause you to worry – as it does me – about how to remember all of these rapidly changing passwords. The process I suggest is to change your email password, then immediately request a password change at the site you wish to access. Use complex passwords – a combination of capital and lower case letters, numbers and if allowed by the site, special characters. Make sure the passwords have no meaning.  Do not worry if you do not remember it – you can do this for every access if need be.

6.       NEVER access any accounts or email via unsecured wireless connections.

7.       Secure access to mobile devices – PCs. Tablets, phones – though a password.

Is this enough to provide absolute security? No – the bad guys are continually seeking to find new ways of intruding on your privacy. But it is a start. Is this a pain in the neck to do? You bet. But losing your assets or personal identity is a bigger pain.

For more information about SIM Associates, please visit www.simassoc.biz. You can access this blog directly from there, as well as directly at simassocblog.blogspot.com/

No comments:

Post a Comment