As more and more of our services are delivered through cloud services, it becomes increasingly important to protect our accounts. As a security professional there are a handful of steps I perform regularly that many of you don't so here they are:
- Install a well respected antivirus/antimalware software on your PC with real-time protection enabled and regular automatic updating of its database. There are hundreds of online posts discussing which one is "the best" but keep it simple and pick one of the products from the big manufacturers.
- At least once a month, scan your computer with an online antivirus scanner (different from the one installed on your PC). Here are some examples
- Regularly update your Operating System and installed applications. Virus' and malware often use known vulnerabilities in existing commercial off the shelf software to compromise machines.
- Update your account recovery options regularly (monthly if possible)
Use 2-factor authentication for any online services that allow for it. There is a good list of sites that support it here (link)
Never reuse an online password on more than one site
Use complex random passwords. A good site that generates true random passwords online for free can be found here (link). Just take as many characters as the site allows
Use a password manager. Once you start using unique complex passwords for each site, you can no longer remember them so use a trustworthy password manager. A password manager stores all of your passwords for you and all you have to remember is one complex password to unlock the password vault. My personal password manager of choice is LastPass (link).
Clean up your social media permissions (link). Over time, you give various apps access to your social media accounts and most people just forget about it. It is a good idea to review everything that has access to your accounts and revoke the permissions from apps you no longer use.