One of my contributors (I won’t divulge his name, but his initials are B.R.A.N.D.O.N B.R.O.W.N.I.N.G) submitted https://threatpost.com/americans-fail-cybersecurity-quiz/149041/, which posits that while we are getting slowly more knowledgeable about security, the vast array of security tools, systems, protocols, etc. are dizzying. People barely have time to keep up, and aren’t. It’s a busy world out there, and there are too many security issues to track for non-security pros.
So, what’s a busy education professional to do? If there is just too much security “stuff” out there, pick your battles for maximum impact:
- Use complex passwords (good)
- Use different complex passwords for each site and program (better, but difficult)
- Use a password manager, with a long, complex passphrase (great, after some initial setup work)
MultiFactor Authentication (we are closing in on a possible MFA solution for the JC as well, stay tuned…):
- Use it wherever you can!
- Google Authenticator and Microsoft Authenticator are two free examples that allow you to use your cell phone as an additional “factor”. That way, even if your username and password are both compromised, the bad guy can’t get to your account because they don’t have your phone. Yeah, MFA is not perfect, but it’s way better than nothing. https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/ does a good job of explaining the benefits. The article talks about some password issues that we will look at in the future.
- Patch your applications!
- Patch your operating system!
- Don’t put it off! When you get reminded by the application, or the operating system, that’s the time to update.
- Install one, set it up!
- There are several free options that are pretty good. It’s not appropriate for me to advocate for a particular brand, but a few minutes research will reveal several good options.
- Patch your router
- Set up a “Guest” wireless network on your home router
- Install a VPN for privacy
- Use a more secure DNS
All the above can be done fairly easily, Google search is your friend…
If you do the above, you have your own “Defense-in-Depth”!
If you keep up with the basics, that’s a large part of the battle.
Security is a team sport!
If we all work together we can protect our school, our students and ourselves.
Thank you for your attention, and for your help keeping our data and personal information safe!