I work in the IT and Security industry, I am not an expert but I do supervise some experts and lately have noticed how lax the digital security is with my friends and family. Last week I actually caught a family member with a printed-out list of ALL his passwords that he kept in his glovebox. And today while I was talking OPSEC with a coworker, he showed me a notepad file on his unencrypted, unlocked phone. His file included every username and password he uses, including banking and brokerage. That really got me thinking about how terrible the state of digital security.
This is a quick list of minimum precautions that should be taken.
Passwords, make them strong and change them often. Never reuse passwords. Don't be lazy. If your password is on the following list, you are in trouble. At the very least change parts of your password.
One strategy is to put the first five letters of the website followed by your strong password. For example, first, choose your strong password that is something that you can remember such as: Blue$murF@H0me1999. Then if you were going to WellsFargo.com your password would be wellsBlue$murF@H0me1999.
Secondly, enable two-factor options such as Google Authenticator (free) or YubiKey (about $40 on Amazon). Don't buy just one YubiKey, make a spare at the same time and keep it in your fire safe. When setting up Google Authenticator I print out the recover QR code, laminate it and secure it in my fire safe.
I recommend a password keeper app such as LastPass. It takes a bit of time to set up, but when you have your account set up it is easy to add new sites and accounts. Secure your LastPass with two factor authentication. Get started at LastPass.com
Next step is to encrypt your phone or tablet and the SD card in it. Usually, this is the second step. Enable remote control and remote wipe of your phone. Write down the website you use and keep it somewhere you can access it quickly, such as in your LastPass or on Dropbox. You might need to access this quickly in the event that your phone is stolen. I keep a copy of the procedure with a trusted family member.
If you use and travel with a laptop consider encrypting the entire drive with a program such as VeraCrypt. This is not as technical of a process as it sounds. Back up your data before you begin.
Backup all of your data often. I cannot stress this enough. We see this on a daily basis at work, a customer has lost valuable data or all of the pictures of their children growing up that wasn't backed up. There are numerous options such as DropBox, Google Drive, Amazon AWS, Microsoft OneDrive and others.
If you have cryptocurrencies such as Bitcoin and Litecoin, make sure to write down your Private Keys and put them in a secure place in a fireproof safe. I print the keys when I open a new account or wallet, then record them on TerraSlate paper, laminate them, then lock in the safe. You should also backup all wallet.dat files and put them on a quality flash drive or portable hard drive. I recommend the Glyph Atom portable drive, it is worth the premium price.
I hope that this write up helps you get motivated to secure your digital life!
Have a safe and secure 2018
Top 10 Bad Passwords of 2016 from:
http://fortune.com/2017/12/19/the-25-most-used-hackable-passwords-2017-star-wars-freedom/ 123456
Password
12345678
qwerty
12345
123456789
letmein
1234567
football
Iloveyou