With the recent spate of computer systems being hacked and information being leaked over the past few months, particularly with Sony in mind and now with latest breach on Sutton Seeds, I thought I would produce a security guide for those who are not system administrators or computer security experts.
Key points – What you need to know
- Use of computing services leaves digital foot prints on the Internet.
- Recommend using your own home personal computer for all non-work on-line activity.
- Consider using a pen name rather than your real given name; this is circumstance dependent and a personal choice. Note, a pen name will not hid your real identity under most circumstances.
- Have a different login name for your: local username, remote username and email address(es); this has become increasingly difficult with on-line services requesting email accounts over self generated login IDs.
- Every login account, regardless, should have a different password associated to it. This means that if you use the same email address for different websites, such as Apple, Google, Amazon, etc. you should have a different password associated to the same login-name/email-account for every website. In addition, if a website allows remote username login accounts, the login account itself should be different for every site, as well as associated password.
- If your local login username account becomes compromised (on your Mac, Linux or PC), create a new account with a new strong complex password. If your local home computer admin account becomes compromised, wipe, rebuilt, create a new local username account, virus check your data disk backup, restore your data.
- If a remote login username account becomes compromised, create a new one with a new strong complex password and change the service that uses that account.
- If a remote login email account becomes compromised, create a new one with a new strong complex password and change the service that uses that account, e.g. your account on apple.com (iTunes), Amazon.com, etc.
- Avoid using guessable passwords, use complex pass-phrases. Substitute certain letters, both consonants and vowels with numbers, choosing around 9 letters to substitute. Do not substitute with similar numbers, e.g. o for zero, use a non-logical number such as 23 for 0. Include special characters such as %, #, £, [, &, etc. where possible in passwords. Pass-phrases can be composed of song names, story titles, a short sentence, something that is easy to remember, a mnemonic. However common or dictionary based mnemonics should be avoided even with substitution. The longer the pass-phase/password is, the more harder it will be to break. Do not use the name of your favourite pet, a family member’s name, 12345, 54321, password, or the name of a favourite food, television programme, character from a favourite radio or television programme, etc. You should also avoid using “dictionary” names. Make your pass-phrase difficult for someone else to workout.
- Backup you data on a regular basis; I cannot emphasise this enough.
- If you use a Windows operating system, it is advisable that you use an up-to-date virus checker.
- Regularly clean out Cookies from your web browsers, especially suspect ones.
- Avoid clicking-on and following marketing email links and click-bait. Manually find the product or information via your web browser.
- Protect your on-line identity by never uploading a passport photo a social networking site (or anywhere on-line ideally), use side shots, an avatar, cartoon graphic or symbol for your profile image.
- Think about what information you divulge, write or say about others and yourself as their can be consequences. A pen name is a mask, but one that can be easily unveiled in a court of law.
Note: This article was edited and amended June 2015.