It is important to make sure that your home computer is also password protected if you use it for any task that contains confidential information.
You may think that only large firms or companies need to worry about cyber-security, but that is not true.
We all need to make sure that we protect ourselves against a variety of threats especially when using our mobile devices.
Let’s face it, we have come to rely heavily on our mobile devices – laptops, smartphones, and tablets. It is not realistic to think that we are going to stop or reduce using them because they may be vulnerable to attack from hackers. So the best defense against these threats is a good offense.
This month’s column is going to focus on giving you some practical and easy tips on how to make your mobile devices more secure. These are tips that should be used in all aspects of your life and not just work related.
The first step should be to put a password or passcode on all your devices – laptop, home computer, smartphone, tablet, and any other device where you store information.
It is important to make sure that your home computer is also password protected if you use it for any task that contains confidential information. If you use your home computer for client work, then only you should have access to it. If you would not allow anyone from your family to go into your office and have access to all your client work, then you should not allow it at home.
Passcodes should be at least eight characters long and alphanumeric. However, 12 character passcodes are now being required in many businesses. According to an article, “Essential Law Firm Technology Policies and Plans,” by Sharon Nelson and John Simek in the March/April 2012 issue of Law Practice from the ABA Law Practice Management Section, “the Georgia Institute of Technology has proven that any eight-character password can be cracked in less than two hours. It also proved that it takes approximately 17,000 years to crack a strong 12-character password.”
Your mobile device should also have the ability to be wiped remotely. This can be done on both the iPad and iPhone automatically if a passcode is entered incorrectly 10 times.
There are many apps and software that will help do this. For my iPhone and iPad, I use Lookout which is a free app for both iOS and Android devices. It will scan your phone for malware and viruses and let you know if your phone is clear. It also tells you whether or not the wifi network you are using is safe. This is critical if you are using free wifi sites. It also helps find your phone if it is lost and will remotely wipe your data.
Many tech-saavy people want to perform functions that are not allowed by the carrier or manufacturer, and so they will bypass restrictions within the tablet software to allow the download of various apps and functions. This operation is known as a jailbreak. Do not do it. When you jailbreak, you de-activate some of the built in security features. Make certain that you tell your staff that jailbreaking is not allowed.
We know that we should not give computers away without scrubbing the hard drives, but we may be less cautious about our mobile devices. Make certain that you delete all information stored in a device prior to discarding it. Make certain that your staff does the same.
Although most of these tips have been recommended before, they bear repeating.
- Do not use a password more than once. No exceptions. If you currently use the same password for a variety of login locations, you need to take the time to reset them. If you think you do not have the time, ask yourself if you will have the time if your data is compromised.
- Do not have a file named “passwords” on your computer. We have all done it. If you have such a file, delete it.
- Passphrases work best: Complexpasswordsaresafer.
- Intentionally misspell a word: Complekspasswordsaresafer.
- Add a number: Complekspasswordsaresafer2012.
- Add a symbol: Complekspasswordsaresafer2012&.
- Replace a word with a single letter or number: ComplekspasswordRsafer2012&.
- Change your passwords regularly. If you have others in your office, make sure they do the same. Schedule reminders to do it. If you do not want to do it on all your passwords, it should be mandatory for any passwords for highly confidential or financial information.
- Do not use passwords with information that others may know such as your favorite team, names of your children, or pets.
- Do not give your user id and password to anybody including your secretary or even the IT support personnel.
- If you have staff and others who use their personal mobile devices for client related work, you should require them to follow these same procedures.
Although many people complain that you can only download apps for iPhone and iPad from iTunes, it does increase security. Android does allow you to download from other locations but for safety sake, you (and your staff) should only download apps from Google Play.
QR Codes are those weird looking black and white squares that you see in many places including the MSBA Bar Bulletin. Many of these are safe but you should be careful when scanning QR Codes. You should really only scan those for vendors you trust.
Sites to Help
Microsoft has a good tool to help you determine if your password is strong or weak. Visit its Safety and Security Center at microsoft.com. You type in your password, and it tells you if the password is strong enough. However, Microsoft does note that: “This does not guarantee the security of the password. This is for your personal reference only.”
Another interesting site is www.shouldIchangemypassword.com. At this site, you simply enter your email and click “Check it.” What the site does is check a large database of compromised account passwords and associated emails to see if you are in one of them.
Obviously if you are, you should change your password immediately. I checked a number of mine and was happy to find out they were safe for now. Again, note that this does not mean that your accounts are completely safe, but it is good place to start.
Now that you have 50 different passwords and have deleted the password folder from your computer and have discarded all the sticky notes from the inside of your desk drawer, how do you keep track of them all?
There are software products that manage all your passwords. In essence you enter all your passwords, and they are stored on your server or hard drive, but you only need to remember a master password as the software automatically fills in the form when you enter a password protected site.
Each one of these works a little differently so you need to read the details but it is a good way to manage all your passwords. I use Lastpass and my passwords are stored on their servers, but they have been consistently rated very secure by many reviewers. It costs $12.00 per year.
There is so much more to discuss about mobile security, and at the first Wednesday Webinar for 2013, I did a session with many more details on security and other tech tips.
The webinar and materials are available on the MSBA LOMA site. The Wednesday Webinars will be held on the last Wednesday of each month.