Here are 3 quick and free ways you can increase the security of your firm online:
1. Get a password manager.
What is it?
Unfortunately, too many people are still using passwords they’ve thought of themselves and/or are using these passwords for more than one service.
The problem with human-generated passwords is that they are generally much less secure than those generated by a computer (mainly because a human needs to remember it) and for convenience, these human passwords tend to get used for more than one service.
What’s wrong with this?
Each time a password is used for more than one service, the potential for breach is multiplied every time that password is used.
For example, if you use three different web services, each with the same login and password and one of them has a security breach, the other two will be vulnerable since the same login details will work for the other services.
How this happens and how it can and affect you was covered in an investigation done by the Reply All podcast. Check it out here.
How do they work?
Password managers generate and store strong and unique passwords for each service you use.
When you need to access these passwords the password manager will fill in your login credentials for you.
You only need to remember one, strong, master password. Use this password only your password manager.
Where can I get one?
Most password managers offer the same or similar feature set. Here are some examples:
- LastPass . Free to use with the most features (including free syncing and two-factor authentication to mobile devices). Upgrading to premium costs $2 a month and adds password sharing between LastPass accounts.
- Dashlane . Also free to use with pretty much the same features. Their premium upgrade costs $3.33 a month for syncing to mobile devices, two-factor authentication, and more.
- 1Password . Free only for their 30-day free trial. After which you can pay $2.99 a month for a personal account or $4.99 a month for a “family” account that supports up to five people.
Once you’ve installed you password manager you should immediately transfer over all your existing passwords. Most passwords are stored in your browser or on your desktop with native apps. Eg. macOS Keychain.
Most password managers have an import feature to help you out. After you’ve imported all your passwords, it is vital to replace all your repeated passwords with ones that are strong and unique.
LastPass and Dashlane have a feature that can do this automatically for you.
Setup Time: 20 minutes – 2 hours.
2. Install the HTTPS Everywhere browser extension.
What is it?
If you’re entering information into a website does not have HTTPS in the URL, your connection is not encrypted and you are vulnerable.
This is one of the quickest ways you can secure your connection. With the whole installation process taking only a few seconds.
How does it work?
HTTPS Everywhere runs in the background of your browser. It automatically upgrades your connection from HTTP (not encrypted) to HTTPS (encrypted) wherever possible. This significantly increases the security your browsing experience.
Where can I get it?
The privacy themed browser Brave has HTTPS Everywhere built-in as part of their stock feature set.
Setup Time: 1 minute.
3. Authorize two-factor authentication wherever possible.
What is it?
Two-factor authentication (2FA) is becoming a more and more common feature these days. Unfortunately, you as the user cannot choose to turn it on with any app you choose. It is up to the service provider to build it into their app.
If a service you use introduces this feature, you should definitely take advantage of it. While it will not stop your account from being hacked, it will help prevent unauthorized access to your account.
How does it work?
When logging into your app you will need to verify your identity through more than a username and password.
You can usually do this via a code or link sent to your email, a code sent to your phone via SMS or a temporary code generated in a mobile app such as Authy.
Examples of apps that use two-factor authentication:
A more extensive list of apps that allow you to enable 2FA can be found here: https://twofactorauth.org/
Setup Time: 1 minute per app.
What processes and tools do you use to secure your firm?
Drop your tips in the comments below!