Don’t fret. Good security is really all about common sense and awareness. Perfect security is unattainable in the modern world, and you can quickly get into tinfoil hat territory when you attempt to lock everything down. Instead, I’d like to present you with a set of simple guidelines to keep your business and personal information secure. These aren’t truly “best” practices, because the absolute best practice is disconnecting entirely from the electronic world, paying for everything in cash, and living in a dark, musty cellar somewhere. So put away your rolls of aluminum foil and let’s get down to business.
Virtual Vaults
The biggest step you can take is actually one of the easiest: getting a password management tool. These software applications, like Last Pass and 1Password, do two things very well: generate high-quality passwords and store them securely; and provide an encrypted environment for your other sensitive information.
You can store secure notes, credit card numbers (your own, not your customers’) and any kind of data that you don’t want prying eyes to see here. These applications also generate complex passwords that are more difficult (though not impossible) to hack; and, perhaps best of all, they will fill in those passwords for you automatically when you visit a website.
These applications aren’t perfect, but they do add an extra-thick layer of protection around your personal data, and most of them now work across multiple devices - in other words, you can create a password on your desktop computer and, if you also have the companion app on your phone or tablet, it will automatically fill in your credentials on those devices as well.
Is that really you?
Another very simple and reasonably pain-free step to much higher security is enabling “multi-factor” or “two-factor” authentication wherever possible. If you ever worked in a big corporation for any substantial period of time, you might already be familiar with the little key fobs that change digits every minute or so, allowing you to log in to the corporate network.
Those 6 or so digits are a secondary form of authentication, and their purpose is to ensure that the person trying to log in actually has physical access to the secondary code. Since that code is randomly generated and changes every few minutes, it’s very difficult to hack - by the time a hacker could “brute force” guess the code, it’s already been changed!
For decades, multi-factor authentication was primarily a tool for securing corporate networks, especially when employees logged in from home or on the road. Now, multi-factor authentication is everywhere, and you don’t even need the little fob - all you need is your phone. With apps like Google Authenticator or Authy, you can have nearly the same level of security of a big corporate network, right on your mobile device.
Multi-factor authentication is really any authentication method that requires two or more challenges to your login. When your bank website says “We also need to know your favorite football team” before you log in, that’s decent security, but the best multi-factor authentication actually uses a completely separate communication method and device for the other “factor”. A hacker trying to get access to your bank account might be able to hack your password and guess your favorite football team. But with multi-factor, a hacker who hacks your password must also have your mobile phone in her hands in order to get past the second challenge. It’s not impossible, but it’s pretty darn close.
Many major tech companies (Google, Apple, etc.) now offer multi-factor authentication, and if it’s available for your website or application, by all means turn it on and start using it. The strongest password in the world isn’t half as powerful as good multi-factor security.
Look for the padlock
Awareness makes a big difference when it comes to security. For instance, by forcing my wife and daughter to use higher-quality passwords, I’ve made them acutely aware that there are risks out there, and they need to be careful about when and where they provide their personal information. Good passwords and multi-factor authentication are excellent practices, but it’s also worth noting a few things to avoid at all costs: