Friday, December 31, 2010

(Computer Security) New Year Resolutions

by Simon Biles

Simon Biles
About the Author

Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK.

The annual process of creating resolutions that we can break within a matter of minutes is a tradition to many of us – no new year would be complete without the heartfelt conviction that you will [delete as applicable] go to the gym/drink and/or smoke less/organise your garage etc. and that this will clearly make your life better, more complete and you will be “a better person”. I, for one, will be drinking less, going to the gym more and organising my garage – I know I will, because I’ve said I will on the first day of the New Year …

Aside from that though, here are some Information/Computer Security resolutions that you might like to give some thought to adding to your list. Like all good resolutions, these have value, but they are much more effective if you actually keep them up!

(1) Good for your security, and good for the environment – if you aren’t using the computer or router, switch it off or put it to sleep. It’s pretty challenging to break into a computer that is switched off, your carbon emissions go down and more importantly, if you are a climate change sceptic like me, so does your electricity bill. Unless your computer is performing an active task why leave it on? Boot times from sleep are negligible on modern systems, and if you really can’t spare 30 seconds to boot your computer – I think you might need to re-evaluate your life …

(2) We’re all guilty of this one, and I know so many security professionals that say the same, we reuse passwords – we have one or two _good_ passwords (complex 8 to 10 characters etc.) that we use for everything, making the assumption that, because it is a strong password that protects us. The trouble is that all websites aren’t created equal, just because we trust Amazon doesn’t mean that we should trust – yet we do. True, some of us are looking for the SSL certificates and the like, but to be honest – if they are then storing the password in plain text in a MySQL database that is accessible to the world and his dog then it makes no difference. As much as you can – don’t reuse passwords...


1 comment:

andrew said...

Hey Simon,

I read your blog regularly, I find it very interesting.

these are my new year resolutions:

. use strong passwords (at least 10 characters long)
. use a vpn to encrypt the traffic
. use a virtual keyboard