6 easy steps to improve the security of your digital data (computers, phones and web) and that of your clients

I often hear: “I have nothing to steal! I have nothing of value! I’m not an interesting target!” You are more vulnerable than you think! Malware can render your computer inoperable, and hackers can demand a ransom to unlock it. Malware can record your keystrokes, access your bank accounts and steal your identity. You could be targeted to obtain privileged information about the organization you work for or about your partners.

Thousands of accounts on the new Disney app were hacked and sold on the black market!

A few weeks after the launch of the new Disney app, thousands of users are already unable to log in to their accounts. Was there a security flaw in the Disney app? Based on the information we have at the time of writing this article, the flaw comes from the users themselves! Are you one of those who use the same email address and the same password (or a variant) for every website? Well there you go! It only takes one of the sites you are registered on to be hacked for your personal data to end up sold on the black market for personal data. Other hackers take your information and create bots that test your credentials on all the major known sites. Hackers know all the tricks people use to create variants of their passwords, and they test them until they log in to an account. Once logged in, they change the password and email address and lock you out of your account. Your credit card is still active and your account renews automatically…

How to protect yourself?

Here are a few easy steps to make the previous actions less easy for hackers and lead them to look for a target other than you. Do not hesitate to get in touch with us to learn more.

1. Do your updates! All updates: PC, Mac, programs, apps, phones, tablets, browsers, routers, modems, servers, websites, printers, etc. Security flaws are continually being discovered, and all companies are actively working to fix them. The faster your programs are updated, the less time you are exposed to flaws. It’s all a matter of speed.
2. Use an up-to-date antivirus for your Mac and PC computers and your Android phone. The antivirus Avast is free for Mac, PC, and Android phones and tablets; they also offer a very affordable paid version with more options. You think a Mac doesn’t need an antivirus… think again https://www.howtogeek.com/217043/xprotect-explained-how-your-macs-built-in-anti-malware-works/. At the time of writing this article, there is still no antivirus for iPhone and iPad.
3. Learn to recognize phishing emails and phone calls. Do not open these emails, do not click on the links, and do not give your personal information over the phone to someone who calls you. Beware of email and phone number spoofing. There is also phishing by mail. The Canada Revenue Agency website explains the types of phishing and how to protect yourself from them https://www.canada.ca/fr/agence-revenu/organisation/securite/protegez-vous-contre-fraude.html Note that, for organizations, there is a lot of phishing related to domain name renewals. If you no longer remember the name of the company where your domain names are registered, contact us.
4. In an ideal world, never enter your personal information (name, addresses, cell phone, date of birth) on websites. As often as possible, use fake information. All sites are vulnerable to being hacked; the less personal information you leave on sites, the less chance you have of it ending up in the hands of hackers and on the black market for personal data.
5. Choose a unique password of 16 to 24 random alphanumeric characters, with special characters, for each site, computer, account, etc. This is where the password manager in the next step will make your life easier! A 6-character alphanumeric password with special characters can be cracked in ~1 minute. An 8-character password in ~3 hours. A 12-character password in ~3 years. A 16-character password in ~31,710 years. A 24-character password in ~3,169 billion years. Reference: https://www.expressvpn.com/fr/password-generator
6. Use a password manager, such as LastPass, 1Password or BitWarden for your personal credentials and those of your organization. A password manager is a program installed in your browser and on your phone that keeps in a vault all the credentials and passwords of all the accounts you own. The manager also lets you generate secure passwords of 16 to 24 characters (see previous step) without having to worry about remembering them or typing them manually, since the manager automatically fills in the login forms of the sites you visit. In the vault, you can also enter notes with text and attach documents. You will thus have only a single master password of 16 to 24 characters to remember. But is it a good idea to keep all my credentials in a vault managed by a program? We have done a lot of research on this topic. First, these programs encrypt your data twice. Second, if your master password is long enough (16 to 24 characters), it will not be possible for a hacker to decrypt your data. Third, the risk that your data will be stolen from your password manager is lower than the risk that your data will be stolen in cascade if you use the same password of fewer than 8 characters on every site you visit, even with some variant. Hackers and their password-testing programs know all the tips and tricks. They only need to find one password to quickly find all the other passwords for all the sites you use with the same email address… The security gain that a password manager brings you far outweighs the risk of using it.

As an organization, we have a legal obligation to ensure the security of the data of our employees, clients and partners. We strongly encourage you to put the first 6 steps into practice. If you do, we can confirm that you have just increased the security of your digital data by 600%! Bravo! There are other steps to improve the security of your data. To be continued in an upcoming article… If digital security interests you, we strongly recommend listening to the podcast Darknet Diaries, a wealth of information from a security expert. Each episode is built like a story; you’ll devour it!