Insights For Success

Strategy, Innovation, Leadership and Security

Protect your online accounts from compromise before its too late

General, technologyEdward Kiledjian
Image by David Goehring used under Creative Commons License

Image by David Goehring used under Creative Commons License

As more and more of our services are delivered through cloud services, it becomes increasingly important to protect our accounts. As a security professional there are a handful of steps I perform regularly that many of you don't so here they are:

  • Install a well respected antivirus/antimalware software on your PC with real-time protection enabled and regular automatic updating of its database. There are hundreds of online posts discussing which one is "the best" but keep it simple and pick one of the products from the big manufacturers.
  • At least once a month, scan your computer with an online antivirus scanner (different from the one installed on your PC). Here are some examples
    • ESET Online Scanner (link)
    • Kaspersky Security Scan (link)
    • TrendMicro Free Online Scanner (link)
    • Bitdefender QuickScan (link)
    • F-Secure Online Scanner (link)
    • Norton Security Scan (link)
  • Regularly update your Operating System and installed applications. Virus' and malware often use known vulnerabilities in existing commercial off the shelf software to compromise machines. 
  • Update your account recovery options regularly (monthly if possible)
    • Google Account recovery options page (link)
    • Microsoft Account recovery code\
      • Sign in to your Microsoft account.

      • Under Recovery Code, tap or click Set up.

      • If you've created a recovery code before, your screen will say Replace instead. Tap or click Replace.

      • Tap or click Print

  • Use 2-factor authentication for any online services that allow for it. There is a good list of sites that support it here (link)

  • Never reuse an online password on more than one site

  • Use complex random passwords. A good site that generates true random passwords online for free can be found here (link). Just take as many characters as the site allows

  • Use a password manager. Once you start using unique complex passwords for each site, you can no longer remember them so use a trustworthy password manager. A password manager stores all of your passwords for you and all you have to remember is one complex password to unlock the password vault. My personal password manager of choice is LastPass (link).

  • Clean up your social media permissions (link). Over time, you give various apps access to your social media accounts and most people just forget about it. It is a good idea to review everything that has access to your accounts and revoke the permissions from apps you no longer use.