Software Integrity

 

5 security new year’s resolutions

Happy 2015! With the dawn of the New Year we are betting you have made some resolutions, like losing weight, getting a promotion, or finally taking the two minutes to delete the unwanted U2 album from your iTunes account. But why not up your security game while you’re at it? Here is a list of quick things you can do that will improve your personal security, and your company’s security posture.

Update and differentiate your passwords.

According the 2014 Data Breach Investigations Report two out of three security breaches exploit weak or stolen passwords. Knowing that why not take some time to update your passwords and make sure each one is different, since it doesn’t do much good to change all your passwords the same thing. We’d also recommend updating your passwords every 90 days since it usually takes organizations months to detect a breach.

Get a password manager.

Now that you have a nifty new set of differentiated passwords, you might have trouble remembering them all. Instead of succumbing to the temptation of creating a word or excel document with these details, get a password manager!

LastPass and KeePass are just two of the many options out there.

Enable two-factor authentication.

While creating, rotating, and protecting strong passwords is a positive security step the fact is someone else may still steal your password. By implementing two-factor authentication, your identity is confirmed by combining two components (e.g., something you know (your password) and something you have (your phone)). Two-factor systems will usually send you an e-mail or text message, or call you, and will require you to enter a code along with your password before system access is granted. It’s just not fancy, high-tech sites that have two-factor options; Apple iCloud, Google Drive, Facebook, and Twitter all make this functionality available to users.

Knowledge is power.

If you want to keep climbing that corporate ladder or be the most impressive party guest find something new to pursue. Lots of organizations have instructor-led classes and online learning libraries, but if cost is a concern, there are free options you can explore. Here are a few free resources you might want to explore:

Expand your network

We aren’t talking about increasing your Wi-Fi bandwidth, but your interaction with people in the application security industry. While online communities are great places for connecting, don’t overlook the importance about attending in-person events like local OWASP chapter meetings. Not only do you get the opportunity to build relationships with folks geographically close to you, but you’ll probably also learn about challenges and solutions others are having that they may not want or be able to post about online. Worst case scenario you’ll probably get some free pizza and beer. Visit http://security.meetup.com/ to see what events are in your area.