With all the recent high profile security breaches making the news, eBay being the latest, it has squarely focused every ones attention on security. Most of these breaches are out of the end users control and the outcome is usually resetting passwords, selecting new pin numbers, or being issued new credit cards or debit cards.
The eBay breach fell into this category and was caused by the login credentials of an eBay employee being compromised causing a database containing user data to be breached. Again, nothing the end user could do and even though the database was encrypted eBay did force all of its users to change their passwords.
Being an eBay user I had to change my password and it was probably more than five years since I had last changed this password contrary to what security experts recommend and what I preach in my own security awareness classes to change passwords more regularly.
So why was I not following my own advice to change my password more often? Was my thought process as with most people “it won’t happen to me”, or “why would someone hack my account?” Granted the eBay breach was out of my control, but that should not be the only time I change a password.
Besides eBay there are many other sites I have an account with and there are probably a dozen or so sites I have never changed the original selected password. I know of two high profile websites that offer two factor authentication that I’m not taking advantage of.
It is definitely not my lack of knowing it is available, or how to set up or use the features, but again more of putting it off or having a laid-back attitude to security.
How many people have purchased a home wireless router and have just plugged it in without changing any of the default settings. Even if some form of encryption or a password to join the wireless network is enabled by default it is not a secure network.
The information to change the default settings and setting up proper security were more than likely included in the instructions. Searching the internet can yield hundreds of articles for all technical skill levels for how to secure a home wireless router. The features are there and the documentation is available and it is the effort that needs to be made.
I have taught security awareness for years and during the classes it is easy to reach people and make them believe security is important. Weeks after the classes when I touch base with some of those that attended a small percentage have applied what they learned.
For the rest it isn’t that they don’t want to be secure, but I hear I meant to do it, or it is on my do to list, or having a different complex password for every site is too hard to remember.
I have heard so many excuses from people for not setting up proper security. Websites may have their own security options and it can get confusing, but all sites have documentation and help is also available from their support.
I realize it’s hard to remember every password, especially a complex password, but password manager programs are available. Web sites are offering more options for security and users need to take a more active role in their own security and take advantage of them.
Good intentions will not keep you secure! Make the effort and protect your devices and accounts now. Don’t wait for something to happen and then realize it could have been avoidable. We have moved passed the days when installing an antivirus scanning program was all the security you needed.
Take the time to learn about security. With mobility and a constantly connected world security has become a full time job and there is no time off!