Hi guys, I’d like to introduce you to Neil. He is a great friend and work colleague of mine. I know what he has to write will be of great value to you …
Most of you will have read about Sony having recently suffered a major security breach which has resulted in over 70 million people’s PlayStation Network accounts being stolen. If you are one of the many PlayStation owners who uses the same password for everything then your blog is at risk. Overall though, I don’t think there will be many blogs at risk but this breach is yet another reminder that even the big boys can get things so wrong.
This (let’s put it politely) ‘mess up’ isn’t as big a deal as it has been made out to be. I am an owner of a PS3. I have a blog. Am I worried? No I’m not.
I’m not worried because the majority of information which was stolen is very generic and with a bit of digging can be found publically anyway. The only piece of information I should be worried about is the password I use to log onto the PlayStation Network as this is a bit of information stolen which normally wouldn’t be something someone could find out. If this password is the same one I use to log into my email then I’m in trouble as the hackers would have both bits of the puzzle needed to log into my email account and then from there, who knows. Luckily, being an IT consultant I practice what I preach and don’t use the same password, especially for anything to do with the online world.
This got me thinking. If Sony can’t get things right then what chance does Joe Blog (:-)) have? The sad truth is, as soon as you plug in that LAN cable or connect to a wireless network you are leaving yourself vulnerable to a hacker, virus or any other nasty thing that chooses to pass by. Here are a few tips and things to keep in mind when running your Blog and using the internet in general.
- Change your Windows (or Mac etc) logon password regularly (every 60-90 days or so). If you don’t have one then create one! Ensure this password is at least 8 characters long and contains 3 out of the 4following character groups.
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Numbers (0-9)
- Symbols (all other characters – ?, !, ; for example)
- Treat your Blog login password like your windows login password. Use the same rules above and if you log on as yourself, don’t forget about that admin account which was set up at the beginning! Either disable the admin account or change that password regularly too.
- DO NOT use the same password. This goes for everything ranging from your email account to your shopping account at Argos. Use a different password every time and don’t just increment the last number at the end or change one letter etc. Create a completely new password from scratch.
- Think about where you are logging onto your Blog account from. Always keep in mind that unless the website you are viewing starts with the https prefix (in other words, all http addresses) you are sending the password you enter onto a webpage across the network as ‘plain text’. This means anyone who is intercepting information going from your computer to the destination (also called ‘sniffing’), will be able to see your password clear as day. Once the information gets to your ISP then it’s out of your hands but you can still ensure you are doing everything to keep your network traffic from prying eyes. If you are connecting to your Blog from your wireless network at home then make sure you have the strongest possible encryption available that your wireless network can support. WEP is no longer good enough these days, you need to have at least WPA. No encryption is just inviting trouble so make sure you use it. If I’m in an airport or wireless hotspot area in a hotel, café etc, then I would not connect to my Blog for the reason mentioned above. I don’t know who else is on my network and what they are doing. Instead, I would prepare the blog post in Word (or some other word processing app) and update it at a later date when I can get back onto a securer network.
- Keep up to date. Ensure your operating system and AV software have the latest security patches installed. Always use the latest edition of WordPress (or equivalent) with the latest releases for any plug-ins. This will ensure you don’t have any (known) vulnerability’s.
- Make sure your Internet Browser is up to date. The latest version of an internet browser will be more secure than previous versions. Avoid beta versions though as these are used for testing purposes.
- Change your ftp password regularly. Again, the same password rules above apply.
- Change your wireless network key regularly (if you have a wireless network). You guessed it, same password rules above apply.
- Backup, backup, BACKUP! As Sony has learnt you can’t think you’re invincible and have the mentality that it will never happen to you. Believe me, sometime it will and the most important thing for you to have to hand when it does is a (tested) backup and restore procedure in place. I may do a separate post on how to backup and restore your blog later.
You will notice most of the advice above is about having strong passwords. You also have to change these passwords regularly. How do you keep track of all of your different usernames and passwords? The easiest thing to do is have a diary which contains the latest passwords you use for all of your accounts. Some people may object to this idea but there is no way you will be able to remember all of the different passwords if you are following the rules correctly. Under no circumstances should you keep this information on your PC especially by using one of the many ‘password vault’ programs as this is just like having a 1 password for all plan. Once the master password is cracked, all other passwords are now known. Not good! In a business environment I would never recommend a password be written down onto paper due to the fact that this information can easily be seen by curious colleagues. At home though, I’m not too fussed if my other half sees all my passwords for my online accounts and I can hide the diary well from anyone else. My online banking password is the only exception to this and that one is safely tucked away in my head, just for me! The bottom line to this method is that I can keep my diary at home more secure than a file on my computer and I trust the people that I let into my home more than any application that I install or use on my PC.
- Change passwords regularly.
- Use strong passwords.
- Have a good backup strategy.
- Be vigilant. If someone is asking for sensitive information, think twice and then a third time before handing it over. In fact, scratch that, don’t give it to them no matter who they say they are.
Until next time, happy and safe blogging!