Matt Johansen, '08, senior manager, threat research center at WhiteHat Security provided some tips to avoid becoming a data breach casualty.
Target. Home Depot. Sony. Anthem. By the time this article has gone to print, another big name will no doubt have joined the ranks of corporations and organizations that have been hacked.
To find out how to better protect ourselves, we turned to Matt Johansen 鈥08, senior manager, threat research center at WhiteHat Security. According to a ranking by Marble Security, he鈥檚 one of the top 100 cybersecurity experts to .
鈥淲e are storing more information than ever before at unprecedented amounts and speed,鈥 Johansen said, adding that information on everything from our location and browsing patterns to what we watch on Netflix is a gold mine for hackers.
Johansen offered these tips for lessening your chance of becoming a data breach casualty:
- Use strong passwords
鈥淭he keys to the kingdom are in your email address protected by nothing more than a probably weak password,鈥 he explained. 鈥淲hen breaches occur, we analyze passwords that were dumped and find that 99 percent were weak passwords that are easily cracked/guessed. If I can break into your Gmail account, I could not only access your sensitive information, I can also reset your password to any online account you鈥檝e made with that email address.鈥
- The longer, the better
Long passwords鈥攄ouble the length of what most of us use鈥攃an put you in that safe top percentile. Johansen offered this tip for creating lengthy but memorable passwords: 鈥淭ake your current password that you鈥檝e been using for a while and just append it to the end of a new password you make. Your old password should be muscle memory by now so you aren鈥檛 really adding a level of difficulty.鈥
- Try Two-Factor Authentication (2FA)
Johansen advises using 2FA on any service that allows it鈥擥oogle, Facebook, Twitter, GitHub, to name a few. In essence, you authorize a site to require more than just your password to log in, such as a code sent to your mobile phone. Johansen uses an app, Duo Mobile, to manage his 2FA accounts.
- Your friends are not always who they seem
Have you ever received an email or text, or seen a social media post, that seemed out of character? 鈥淏e mindful of everything before you click it,鈥 he advised, as it may be a malware-infected link.
- Neither are apps
Johansen said there are plenty of fake apps out there just waiting to infect phones and steal information. 鈥淗ow many times have you seen the 鈥楾his app will have permission to your location, email account, blood type, Social Security number, firstborn child, etc.鈥? How many times has that stopped you from installing the app? If you say anything greater than never, you are the minority. Nobody reads that stuff! That app is most likely developed by a handful of people, or outsourced to the lowest bidder. Think they have the years of security development training and experience necessary to keep all those permissions safe?鈥
- Keep updated
Browsers and operating systems are constantly being updated for good reason: to protect you. 鈥淲indows XP is still out there in wide use and it鈥檚 just Swiss cheese鈥攆ull of holes,鈥 Johansen said, adding that by keeping up to date, 鈥測ou are no longer the low hanging fruit.鈥
- And finally, use your common sense
Gaining access to a password or social security number can be as easy as asking for it (see sidebar). So be careful.
To keep up with Matt Johansen and all things cybersecurity, follow him on Twitter .
For further information, please contact:
Todd Wilson
Strategic Communications Director听
p 鈥 516.237.8634
e 鈥 twilson@adelphi.edu