Change Your Passwords (but not too regularly)
As Steve Ranger notes in Changing Your Password Regularly is a Terrible Idea, and here’s why
“If users are forced to change passwords they will mostly choose something that is a slight variation on the original one, or one that they have used elsewhere, or a weaker one. These behaviors can be exploited,” CESG said: “attackers can often work out the new password, if they have the old one.”
I can say with a safe bet that most of us are guilty of this. It’s just too hard to come up with a new password that’s entirely different from our initial one but is still memorable. More so, this practice could potentially leave your passwords more vulnerable than you initially thought by writing it down or saving it to a 3rd party app, both of which are susceptible to theft.
With all this being said, it’s important to note that it’s still critical to change your passwords and have them vary between personal, financial, communication, and business accounts. Even still, take a portion of time to hash out combinations you can genuinely remember.
Finally, seek out services that monitor login information. This can be one of the best practices to prevent hacking as these services send a notification with any unfamiliar login attempts.
If you’re sharing content with a team, lock it up
As cyber security firm Carbon Black notes, hackers are getting more sophisticated with their attacks. By utilizing common file formats shared on collaborative clouds, phishing schemes are on the rise to get after entire teams of collaborators.
However, while major services like Google have tirelessly made their cloud collaboration efforts ironclad tight, teams that are using private/local servers are still considerably at a huge risk. To combat this trend, companies like Fire Eye are creating protection for shared content systems that you can check out here.
Beware of Extensions
Extensions from different services can help us when we need to check sources or our grammar, as well as serve other utilities for our blog. However, sometimes we overlook if these extensions are legit and if they are, how vulnerable they are cyber threats.
Attacks in this manner have in the past been able to use malicious software that’s signed and distributed through a network by acting as the extension you initially intended on installing. While this doesn’t necessarily mean we shouldn’t be using extensions at all, be mindful to check and see if what the source is, as well as the terms of their user agreement. Some extensions have a pretty open-ended policy that allows over time for more malicious attempts when the user-base expands.
Your blog is home to your personal ideas, opinions, and thoughts…and that should be the only thing ‘personal’ that gets out.