Christina asked a question on her blog, Infosec and Data Privacy:
- On a scale of 1 to 10, where do you rate your personal infosec practices? Name three practices you do to define that level.
- If you rated yourself above 6, name two practices someone at levels 2 through 5 could do to raise her level.
- If you rated yourself below 6, name two practices of yours that most people should do but don’t. What would you like to learn.
I guess I rate myself above average, so... 7? I am tragically aware of Illusory superiority. Specially now that I know Christina rated herself a 4. 😢
Here are three things that I do which most people don’t do:
- My laptop disk is encrypted. My backup disks are encrypted.
- I have two sets of backup disks and one set is always at the office.
- I deleted my Facebook account, got rid of Messenger and I’ve moved nearly all my friends and family away from WhatsApp to either Signal or Threema.
Here are two simple things you can do to raise your security level:
- Make backups and keep one set of backups outside your home in case of fire, flooding or break in.
- Use a password manager with a long, unique, randomly generated password for every service you use.
I think it’s important to look at your threat level. What is most likely to cause you harm in the near future? I’ve heard a lot of people complain about lost pictures and documents because they didn’t do backups. That’s why deleting Facebook is not as important as making backups. It’s also why encrypting disks is not as important as making backups in the first place.
Same with your accounts being hacked because you used simple to guess passwords, or hard to guess but popular passwords. Remember that there are enormous lists of passwords out there with all the passwords other people have used: thus crackers start with those passwords because chances are, somebody will have thought of the same password.
Tags: Security
