Blog

Image of city high risk towers in Seattle in Washington State USA

Security Awareness and 2023

I must confess to becoming somewhat alarmed at the raft of cyber-attacks and security breaches over the holiday season of 2022. As 2023 starts, news of the massive attack on Twitter where our account details circulated in a database around the dark web is just one of the many security events we were notified about. The impact of these data thefts is somewhat known but here is what we know for sure. If we are personally lax about our online security, the risks and associated impact on us, our employer and our family are decidedly more serious.

Can I reuse my online account passwords with other services?

A huge win for the cyber-criminal would be your Twitter password being reused by you for your other social media accounts, work login, bank account login plus other digital resources. Whilst more convenient, it’s a surefire way to open your life to digital piracy affecting the full surface of your life from home to work and back again.

How do I know if my passwords are safe?

You ultimately don’t, but you can choose to reduce your risk by a considerable margin if you think about adopting the following practices. Select a password that is greater than 12 characters long, and ensure it has at least 1 uppercase character, 1 number and 1 special character like a # or $ sign in it. It should be more a phrase than a password as it will be easier to remember. You can check the strength of your creation on howsecureismypassword.net, which will redirect you to a site managed by security.org. Please take the time to construct unique passwords for all your digital profiles and devices.

Should I use a password manager?

Yes, it is strongly recommended! If you are just using your browser to access your different digital accounts, an ‘offline password manager’ with local storage would suit your need. They are just as well encrypted as ‘online password managers’ but don’t send data over the internet to sync connected devices. Online password managers are very handy but you should shop around for a well-rated service for your needs. Some do just passwords, some have a range of features with associated subscription fees. I have yet to see a fee-paying service plan that I thought was expensive for what it does.

Are online password managers safe?

I would say that given the rising risk is cybercrime, the potency of attacks and our reliance on digital products, online password managers always improve our digital safety footprint. That said, we always engage in good password management practices like those discussed above. Applications themselves are rarely breached but it does happen from time to time. The cloud (online) solution LastPass was the focus of a cyber-attack in late 2022 based on a small oversight by a development engineer. When selecting a service, consider the convenience of using an integrated web/phone-capable service against the impact you would suffer if a cybercriminal broke in and stole your sensitive data. How does the service mitigate this risk?

Do I need multi-factor authentication?

With today’s rising risk levels around cybercrime, it's a strong recommendation to have all your online accounts activated that support this service. Bear in mind applications like MS Authenticator, or Google Authenticator are stronger authentication options than using SMS or email as multi-factor authentication methods for your sign-in. Is VPN recommended? If you are in a good broadband area, then it's recommended. The security benefits are substantial as it encrypts your traffic flow from your device over the internet to the VPN data centre hosting the connection you have made on your device. There it will reach out over the internet to the desired endpoint e.g. Amazon.com broadcasting the VPN endpoint’s IP address as your traffic leaves the protection of that encrypted tunnel made to that point. Your local IP address is protected. Good VPN services also block malicious tracking cookies via their service which makes any approach by a hacker all the more difficult. It’s one of the many positive features VPN offers.

If someone asks me in a compelling manner for my account details, what should I do?

Just say no, and terminate the call, chat or whatever medium you are communicating on. Block the number, email or whatever approach was used as best you can so you do not become harassed by these cyber-criminals. Companies that service your digital needs know better than to ask you for your personal details over these interactive mediums. It’s a matter of good security practice.

There is no doubt that it all mounts up cost-wise to a small fee for a dramatic improvement in your online safety posture. A fine bargain for staying safe in the digital world. Stay tuned for more on Cloud Infrastructure in this blog along with articles on other areas of interest in the Writing and DevOps arenas. To not miss out on any updates on my availability, tips on related areas, or anything of interest to all, sign up for one of my newsletters in the footer of any page on Maolte. I look forward to us becoming pen pals!

Related Articles

Image of RabbitMQ examination pass and course completion for John Mulhall on his CloudAMQP course examination page.

RabbitMQ Broker and Microservices

Image of Jenkins CICD tool login

Jenkins V Vendor Managed CICD Tools

Image of an illuminated keyboard with a hand typing on it.

Cyber Attacks and Social Engineering

Image of St Stephens Green in Dublin, Ireland during the Christmas season 2022

Site Reliability and Santa Claus

Image of AWS Resource Access Manager aka. AWS RAM

AWS Resource Access Manager