A part of my civil service career meant having a heightened sense of security, both physical and non-physical. It didn’t mean going around checking doors were locked (although I may have done that a few times) but I started looking at potential security pitfalls and how to help prevent them.
In my current position, I can apply that ethos to any project as a Value Added Service – some security advice comes with a price tag, much doesn’t.
On the internet it’s impossible to personally monitor social media accounts and web resources 24/365, even though the threat is ever present. I have assisted friends who have had accounts hijacked, normally only one person is severely inconvenienced. Corporate accounts are different, a reputation can be destroyed by a third party gaining unauthorised access or by a wayward employee/volunteer/
The usual single point of failure is a weak password, or re-used passwords, associated with one email address. The most common passwords on the planet right now are “Password”, “Password1” & “Password123”, if you use these anywhere CHANGE THEM!
Use of two-factor authentication (2FA) will help mitigate password weakness but shouldn’t be used to cover up poor password security. 2FA is now offered by many major platforms including Gmail and Ebay and can use your mobile phone to confirm you, and you alone, are connecting to the relevant web service. This can prevent rogue login attempts but it is often difficult to explain the benefit to an individual who only sees it an an incumberence.
How common are online attacks? I manage many websites but ensure a suitable security package is installed as part of the initial rollout. I built a site a week ago that has already attracted the attention of attackers; the security software pulls down the shutters and tells me, if possible, where on the planet the attacker is located. My home server has a preinstalled admin username of ‘root’ and this was being hit several thousand times a month. One website I manage suffered a Denial of Service attack following an onslaught over several days, users were seeing ‘site unavailable’ messages, I was seeing a hundred security advice emails per hour! And then there’s the huge data losses, including AOL, Linkedin and several hotel chains. There is an industry in stolen online credentials!
Having said that, the biggest single mitigation against online threats is common sense. Often a strong password is the ‘best’ solution.
Contact me if you’d like any advice.