Security update recommendations for 2015, Part I

Internet criminals are armed with a growing repertoire of stealthy, often automated, tools. These threats require constant vigilance

In previous OWDT blogs, I’ve written about cyber security threats ranging from malware to cyberwar. Unfortunately, coordinated international action towards any major systemic fix–as with, for example, an ‘erasable Internet,’ is highly unlikely in the near or far future.

Whether you’re a business owner trying to protect confidential customer and proprietary information or a retiree who likes to surf the Internet, you need to add new, proven security measures as they become available to minimize your risk for identity theft, Ransomware, etc. –I say ‘minimize,’ because if even the most protected public/private security organizations are vulnerable to attack, so are we all. Though most of us are comparatively low priority cybercrime targets, Internet criminals are armed with a growing repertoire of stealthy, often automated, tools. These threats require constant vigilance.

A checklist of security measures

The basics revisited
  • Change your email account passwords MORE frequently (every 3 months, e.g.)
    When was the last time you changed your email account password? Most of us postpone this critical task far too long. Another critical issue: if you’re like the many folks who use the same password for their email and online banking accounts, you’re leaving yourself wide open to identity theft and/or someone draining your accounts.
  • Develop a reliable system for creating new passwords The best strategy: Choose a sentence that is meaningful and easily remembered, such as, “I met my wife in San Antonio.” 

Create at least three different passwords using this or a similar formula:


Use the first letter of each word, alternating upper and lower case and combine with some numbers (in this case, you could embed your wife’s birthday) resulting in–ImMw012274IsA. That could be for your email account.


Now, apply the same formula to create a second password that you use exclusively for your banking and other financial transactions.


Finally, create a third password for all your remaining accounts.

Email spear phishing

If you haven’t yet received emails from hackers impersonating one of your friends or business associates, consider yourself lucky.

How can I identify a phishing email?
  • One quick giveaway that their email account is being phished: a subject line promoting a product or service (often well known and trusted), unlike anything they’ve forwarded to you in the past. Once you click on the link or attachment the hacker can then take over your digital device and steal personal and/or company data. Of course, even visiting a website can infect your computer with malware.
  • Be alert to incorrect or unusual URLs (hover over the URL address to determine its actual source) that claim to be from friends, your bank or other reputable institution. Unless you’re completely confident the email is legitimate, don’t open it. Do not click any attachment OR ‘message body’ (it may be an infected image). Some of my friends have had their current and/or defunct email addresses hijacked 3-4 times. Contact the friend/institution and request confirmation that they sent you any questionable message.
  • PLEASE do not let yourself get so distracted that you share your personal information online. You’ve heard it before, but your bank, etc., would not send you an email asking you to do this.

I shared parts of the above recommendations in several 2014 blogs. In Parts II and III of this series, I’ll further update that information and discuss new measures made available since then.

More Insights