Happy New Year! As we get back to work and recover from the holidays there are a few things to do to begin the year in cybersecurity. They may not all be fun, but they beat responding to even a handful of the 678 emails waiting in the inbox.
Of course, there are lots of fun things to do around the office for the new year and some revolve around cyber security. These are some from the top of my list.
- Change your passwords. Since passwords still prevail as an authentication method, and since there have been multiple reported password leaks from websites this past year, changing them once in a while is a good idea. The new year seems as good a time as any to change those passwords you aren’t forced to change regularly. I use a password generator in my password vault (KeePass), and I know others have other methods, but if I haven’t changed a password in a year, I tend to change it in early January. Oh, and KeePass tells me when I last changed each password in its database; if I update KeePass when I change the website password, I know when I last changed that password.
- Evaluate and verify online (and other) backups. I use an online backup tool and a local RAID server to backup data. The first is automatic and the second probably should be. Every six months or so I check to ensure I can retrieve files from each.
I remember years ago a sysadmin who told me that he had someone back up his systems each day or so. The software also checked to ensure all the files on the backup were good. It seemed, however, that the tape backup wrote no files to the tape, and the verify tool said that indeed there were no errors in those zero files. They discovered the issue when the system suffered a catastrophic failure and there was no backup. After that they tried periodic restores to verify that the whole process worked.
- Get rid of old data. With very inexpensive disks this isn’t about storage – it is about data that could be misused somehow. Check with the appropriate legal team, of course, to verify that you don’t need to keep data for legal reasons.
- Re-evaluate physical security. Who has keys and access codes to what needs to be assessed some time and the first of the year is a great time. Check the cameras and other physical security tools, too. Are you doing the best job you can to keep unauthorized people out of secure areas?
- Check your batteries (portable, notebook, UPS, etc.). All batteries have a limited lifetime. Some newer ones have long lifetimes, but they all die. Some do better if they are discharged periodically – UPS batteries often have this characteristic. I have a large power backup with wet cell deep-cycle batteries. The first of the year is a good time to check them. I also check to make sure the little power backup unit I travel with is fully charged; it is no good to have a backup with no power.
I hope this have given you some ideas of what to do or check at the start of 2015. If you have other tasks you think are important to add to this list, please add them in the comments below.
May your 2015 be a prosperous, safe and secure year.
To your safe computing,