Safer Internet Day: Security vs. Convenience

It isn’t easy to be secure all the time — this is especially true if you are new to cybersecurity. A well-formed security plan takes deliberate effort at the very least, and constant vigilance at most. Even the top experts have room to improve because cybersecurity is a constantly moving target.

Unfortunately, most internet users aren’t using best practices.

The top two [passwords] have been left unchanged for the fifth year in a row. They are, maddeningly, “123456” and “password.”  – Melanie Ehrenkranz, Gizmodo.

Safer Internet Day

For Safer Internet Day 2019, it’s a good time to reflect on your personal security decisions. Take a moment to consider the balance of security versus convenience in your digital life, and those you care about.

Make a plan to improve your security and help others understand the basics of staying safe online.

Here are some questions to ask for Safer Internet Day:

• How much is my identity or brand worth to me?
• What would I do if someone stole my identity?
• Can I recognize a scam or phishing attempt?
• When was the last time I checked my credit?
• Have I fully explored the security options of my devices and accounts?
• Are my digital assets protected from theft, abuse, or destruction?
• Do I have secure passwords and 2FA on all my accounts and devices?
• Will my backups work, and do I know how to restore them?
• Are my family and friends practicing safe online habits?

Understanding the Risks 

Would your answers to these questions change if you knew you were a target for hackers?

At Sucuri, we often say the risk is never zero. While certain online habits are riskier, cautious users are targets too — often more than they think.

Over a third of the internet uses WordPress. From the moment it’s installed, it becomes a target for malicious login attempts. Brute force attacks do not discriminate. Automated hacker robots scan the internet for WordPress login pages and try different combinations to crack passwords.

Data breaches happen at scale and phishing attempts are becoming more difficult to spot. Without cybersecurity literacy and a plan to improve, the number of victims will continue to rise.

Nearly 60 million Americans have been affected by identity theft. – The Harris Poll

Why do we brush our teeth? It’s not exactly anyone’s favorite task, but we brush multiple times a day to keep our teeth clean, strong, and free from disease. Ideally, we floss too. Users can only protect themselves if they understand the potential impact of doing nothing.

Now that we’ve identified that there’s more than just a little risk out there, let’s look a bit closer at the impacts.

Understanding the Impacts

A common thread in cybersecurity is the triad of confidentiality, integrity, and availability.

Imagine all your personal data, files, devices, or websites. What would happen if they were exposed, altered, or destroyed?

Here’s what attackers might do:

• Steal your banking or shopping information.
• Impersonate you for credit fraud.
• Lock you out of online accounts like email and social media.
• Spy or record through your camera and microphone.
• Get into accounts related to your workplace, website, or brand.
• Abuse your network or CPU resources to attack others.
• Destroy your online photo galleries.
• etc.

Enhancing your security posture helps prevent loss of integrity, availability, and confidentiality. While the process is time-consuming, a better understanding of your level of risks and impacts can help you decide whether to tip the scales and sacrifice a bit of convenience for better overall security.

Owning Your Security Process

Who is responsible for securing your hardware, software, and online accounts? Hint: it’s you.

This doesn’t mean that you need to do it alone. You can leverage trusted software and service providers to achieve better security. The most important thing is not to assume that someone else is taking care of it for you.

While technology providers invest in security, they are in the market to sell products. Sales come easier when there is less friction in the user experience. Security prompts, training, or notifications, are a nuisance to the average user. The scales are probably not in our favor, and many security settings go unnoticed by the average user.

The rules, process, and maintenance of your security are up to you. Eventually, the initial effort becomes a habit and gets easier the more you do it. If you’re already comfortable with your security practices, it might be a good time to re-evaluate your plans and discover new ways to reduce your overall risk.

Personal Security Planning

A personal security plan helps you improve your security posture by taking stock and determining how far you’re willing to go to protect your online assets. If it becomes overwhelming, remember to prioritize and improve a little bit at a time.

The Electronic Frontier Foundation offers a pretty great article on how to approach your security plan by assessing the level of risk you’re willing to accept.

Here’s one method you might try:

1. First, take an inventory of all your connected devices, accounts, and technologies. If you have a website, list the software, plugins, and scripts.
2. Second, ensure all software is up to date with the latest security patches. Remember that updates often include patches for code vulnerabilities.
3. Third, make it difficult to log into all your devices and accounts. Use a password manager, generating long passwords, and use 2FA. You might even restrict access to your device’s SSH keys or MAC addresses if available. The Sucuri Firewall offers IP whitelisting to make sure only you can access your website’s protected areas.
4. Next, become familiar with the security settings of each. For example, your phone has security settings but each app also has permissions that can be restricted.
5. Back up everything you care about in at least a few different places.
6. Finally, activate trusted security tools for monitoring and protection.

This is just one approach. Look for #SID2019 for more ideas on modifying or expanding this approach based on your needs.

To peek at the paranoid end of the spectrum, check out our comprehensive series of posts on personal security.

Security Evangelism

Tech savvy people are in the best position to raise awareness about safer internet practices. Who else is going to tell your friends and family about 2FA and encryption? Are the risks and impacts really clear to them? Look for articles and videos to share and start the conversation among your family and friends.

The campaign’s slogan, “Together for a better internet“, is a call to action for all stakeholders to join together and play their part in creating a better internet for everyone.

If you are in a position to teach or advise your clients about website security, Sucuri can help you with that chat through our marketing kits, research, and free consultations.

For those seeking to help others with basic internet security, the EFF also offers the minimum viable teaching method:

• Turn on encryption
• Create long and complex passwords
• Don’t reuse your passwords
• Turn on two-factor authentication
• Avoid clicking on strange links and attachments
• Use end-to-end encrypted messaging like Signal or WhatsApp

It is going to take patience, time, and effort to encourage better security habits and raise the bar. As more people learn and adopt better security strategies, perhaps we’ll see encryption and 2FA becoming just another element of good hygiene — as common as brushing your teeth.

Start your cybersecurity journey today. Follow the #SID2019.