Defining the word Security:
"The state of being of feeling secure, by having the ability to avoid being harmed at an irrecoverable level, by any risk, danger or threat, when/for protecting a specific asset." (G.Fragkos, 2005)
(where ‘secure’ is defined according to the Oxford’s dictionary definition)
- 1) You HAVE TO make use of passwords.
- 2) You set up a boot password to your system.
- 3) You have different usernames and different passwords for every account you have.
- 4) The passwords are not related in any way
- 5) The pass-words are meaningless in natural language, do not exist in the dictionary, composed of random characters (Uppercase, lowercase, digits, symbols). If English is not your mother tongue it doesn’t mean you can use words from your country’s dictionary written down with English characters.
- 6) Your password doesn’t have less than 14 characters for Windows ® based systems.
- 7) Your password has more than 10 characters for Linux based systems.
- 8) You do not write down your password anywhere, and especially at the back side of your keyboard.
- 9) You are aware of password patterns. So a password look like the following is easy to guess
qwertyuiop -> Top line of QWERTY layout
!"£$%^&*()_+ -> Shift keys of number’s line
1234567890 -> The number’s line sequence
1!2"3£4$5%6^7&8*9(0)-_=+ -> Each number key with shift
…even thought they are composed of many characters.
- 10) You change your passwords on a regular basis.
- 11) You make use of a secret question and a secret answer that has nothing to do with each other but you can remember. You use a different secret question and secret answer for each account. The secret answer is many characters long making use of alphanumeric characters and symbols.
- 12) You make sure you know what hardware and software keystroke loggers are.
- 13) You never login to any kind of personal accounts from any other computer than your own.
- 14) No one else has physical access to the computer that you are using to logon into your personal accounts
- 15) You do not reveal personal information like Date of Birth, age, sex, location, phone number, address, etc.
- 16) You have an e-mail address named "firstname.lastname@example.org" in order to use for public subscription to websites, newsgroups, forums, online shopping.
- 17) You never give out credit card numbers or any personal information thru online chatting mechanisms or e-mail.
- 18) You do not store in any digital form credit card numbers, passwords or sensitive personal information, except if you have a high level encrypted location to deposit them that noone else is aware of or can find out about it.
- 19) Not all levels of encryption are secure. You can start having a flavour of security (privacy) at 512 bit encryption and start feeling secure at 4096 bit encryption.
- 20) If you hear about RNG (Random Numbers Generators) you must know that such thing does not exist. RNG is true If and only if you are talking about actual Quantum Random Number Generators.
- 21) You do not open e-mails that you do not personally know the sender.
- 22) E-mails that are sent to you for business purposes and you obviously cannot know the sender in advance; they should be opened only while you are at work. Thus, the system will pick up any suspicious contents assuming(*) that your security team does a good job. You do not download the attachments if you are not sure. (just opening a potential harmful e-mail will not cause any serious damage, downloading the attachments or the pictures will do cause damage). If there is a case that you are not sure and you do not know what to do, or you are in dilemma, just ask the security department.
(*) You are allowed to assume that only if you have a secure encrypted location that you have backed up your data. See point 18
- 23) You do not click on hyperlinks included in e-mails if you haven’t check first where that link will actually take you.
- 24) You know that you have one or more, up to date, up and working antivirus & firewall applications.
- 25) You make sure that your Operating System has all the latest updates. Furthermore you make sure that the applications you are using are up to date.
- 26) You use different web browsers and not only the one that ships with the Operating System.
- 27) You install Microsoft Defender if you are a Windows ® user. You make sure you know how to use it.
- 28) You do not use a Wireless connection unless you know how to do it properly and it is absolutely necessary. If you use Wireless you must know that WEP (Wireless Encryption Protocol) is only for privacy and not for security. So, buy an expensive wireless router what will have high level encryption channel and allows you to set up your ACL (Access Control List) down to MAC (Media Access Control) addresses.
- 29) If you make use of Bluetooth connections, switch it off when not using it. Setting it up as "not visible" or "not discoverable" doesn’t do much. Same thing for Infrared connections. When you pair Bluetooth devices you should use at least 8 digits key. You MUST change the default device name of your Bluetooth device and do not give it your name.
- 30) You must learn how to check if you are using an encrypted high secure channel before starting online shopping.
- 31) Make sure you know what "Identity Theft, Phising, Spam" is before start using the Internet.
- 32) You never give away, sell, or lend a digital repository (e.g. hard disk, floppy disk, flash memory etc.) if you haven’t wiped clean the data stored.
- 33) Use both boot PIN and SIM card PIN on your mobile devices
- 34) If you are situated behind a well configured firewall and you are protected from a well structured, up to date security policy it is most likely that potential threats could come from the internal network than from the ‘outside’ world.
- 35) You are aware of the phone number of the Computer Crime Unit in your local area.
- 36) You must be aware of the actions you have to take if you suspect or discover that something has been compromised.
- 37) If you are not familiar with some of the technical terminology used in this checklist use http://www.google.com/ and http://www.webopedia.com/ to find out. Ask your security department.
- 38) When dealing with security you do not make assumptions. Thus,
- 39) You DO NOT assume there is no reason for someone to target YOU for exploitation.
- 40) You are totally aware that if you follow and apply all the above rules you are still not 100% secure but you have minimised the risk.