Sometimes, small mistakes cause colossal damage.
In recent hearings into a breach of security at the US Office of Personnel Management, which compromised the records of millions of government employees, some of the testimony implied that, even if the systems had been encrypted, they still would have been vulnerable.
The hackers that breached the OPM systems had valid credentials, which allowed them access to sensitive data.
If you’re trying to keep secure online, you can learn from the mistakes of the OPM and avoid having the same kind of security breaches happen to you.
Understand What Encryption Won’t Protect You From
VPNs provide a very effective form of protection against snooping. They encrypt your traffic so that it cannot be read in transit. VPNs, however, are just one element of good security. Good security relies on habits as much as it does on having the right tools.
Those Valid Credentials
The hackers that got into the OPM got a hold of valid credentials that allowed them access. If you’re not careful with the credentials that you use to secure your data, the same could easily happen to you.
The first and, perhaps, easiest way to beef up your security is to use secure passwords. The best passwords are random, and there are many different tools, online and off, that you can use to generate them.
To further enhance your security, never use a dictionary word or a name, birthday or other information that could be associated with you by hackers.
If someone steals identity information from you, you can assume that they’re going to try to use it to guess your passwords. Quite often, they’ll guess right.
As for usernames, most sites encourage you to use your email address, which is unfortunate since it means that most anyone can guess half of your credentials at any given site. Having a spare email address or two is not a bad thing.
Change your passwords regularly to minimize the chances of them being stolen.
Etiquette plays a big part in security. For everyone’s sake, it would be better if people never asked anyone for their password to any secured resource. Unfortunately, people share passwords all the time.
Keep your passwords private. If someone needs to use a resource to which you have access, log in for them. If you cannot log in, change your password immediately after the person using it exits the resource.
It’s not so much that you have to worry about your friends and family stealing as you do about them being sloppy. If the password is saved to their computer or another device, anyone who acquires it has valid credentials to that resource.
You can use a VPN on your mobile device to increase your security when accessing public Wi-Fi. Unfortunately, many devices will connect automatically unless you turn that feature off. If you don’t happen to have your VPN on when the device connects, you’re wide open.
The best policy is to turn off Wi-Fi networking on your smartphone and tablet devices. When you need to turn it on, you can do so selectively and immediately connect to your VPN to encrypt your network traffic.
Remember that You Leave a Trail
The Internet has a way of making people think that they’re far more anonymous than is actually the case.
Be aware that most any user name you’ve ever used can be traced back to your real name with a bit of research. It doesn’t require law enforcement access or skills to do this.
Your social media accounts, activity on blogs, websites, business information and other information can all be bundled up in to a comprehensive picture of who you are.
Using that information, skillful hackers can start guessing at your credentials and, possibly, get access to everything from your Facebook profile to your bank account.
VPNs are incredibly effective tools for enhancing your online security. Proper security, however, also relies upon your habits.
Think of it this way: All the deadbolts in the world won’t keep your house secure if you leave the keys where anyone can find them.
Good hardware and software can enhance your security, but nothing will make up for sloppy habits and policies.