Matt Johansen, '08, senior manager, threat research center at WhiteHat Security provided some tips to avoid becoming a data breach casualty.
Target. Home Depot. Sony. Anthem. By the time this article has gone to print, another big name will no doubt have joined the ranks of corporations and organizations that have been hacked.
To find out how to better protect ourselves, we turned to Matt Johansen ’08, senior manager, threat research center at WhiteHat Security. According to a ranking by Marble Security, he’s one of the top 100 cybersecurity experts to follow on Twitter.
“We are storing more information than ever before at unprecedented amounts and speed,” Johansen said, adding that information on everything from our location and browsing patterns to what we watch on Netflix is a gold mine for hackers.
Johansen offered these tips for lessening your chance of becoming a data breach casualty:
- Use strong passwords
“The keys to the kingdom are in your email address protected by nothing more than a probably weak password,” he explained. “When breaches occur, we analyze passwords that were dumped and find that 99 percent were weak passwords that are easily cracked/guessed. If I can break into your Gmail account, I could not only access your sensitive information, I can also reset your password to any online account you’ve made with that email address.”
- The longer, the better
Long passwords—double the length of what most of us use—can put you in that safe top percentile. Johansen offered this tip for creating lengthy but memorable passwords: “Take your current password that you’ve been using for a while and just append it to the end of a new password you make. Your old password should be muscle memory by now so you aren’t really adding a level of difficulty.”
- Try Two-Factor Authentication (2FA)
Johansen advises using 2FA on any service that allows it—Google, Facebook, Twitter, GitHub, to name a few. In essence, you authorize a site to require more than just your password to log in, such as a code sent to your mobile phone. Johansen uses an app, Duo Mobile, to manage his 2FA accounts.
- Your friends are not always who they seem
Have you ever received an email or text, or seen a social media post, that seemed out of character? “Be mindful of everything before you click it,” he advised, as it may be a malware-infected link.
- Neither are apps
Johansen said there are plenty of fake apps out there just waiting to infect phones and steal information. “How many times have you seen the ‘This app will have permission to your location, email account, blood type, Social Security number, firstborn child, etc.’? How many times has that stopped you from installing the app? If you say anything greater than never, you are the minority. Nobody reads that stuff! That app is most likely developed by a handful of people, or outsourced to the lowest bidder. Think they have the years of security development training and experience necessary to keep all those permissions safe?”
- Keep updated
Browsers and operating systems are constantly being updated for good reason: to protect you. “Windows XP is still out there in wide use and it’s just Swiss cheese—full of holes,” Johansen said, adding that by keeping up to date, “you are no longer the low hanging fruit.”
- And finally, use your common sense
Gaining access to a password or social security number can be as easy as asking for it (see sidebar). So be careful.
To keep up with Matt Johansen and all things cybersecurity, follow him on Twitter @mattjay.
For further information, please contact:
Strategic Communications Director
p – 516.237.8634
e – firstname.lastname@example.org