Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New Years Resolutions - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Years Resolutions

No, not eating more broccoli, or going to the gym ... I'm referring to security related resolutions only. It is time to think about them now, so that you don't have to pick the first thing that comes to mind at midnight on December 31. Because, knowing you geeks, that first thing would probably be "MUST buy new toy" :).

Here's a couple suggestions for improved security in your everyday computing use in 2016:


1. Remove Flash.

You won't miss it, and if you miss it, you'll get over it.  Today's vulnerability advisory was just one more in a long list of issues. I actually think Adobe should edit the corresponding text on their web page a little, to change it into something like this: Adobe Flash Player is the standard for delivering high-impact, rich Web content exploits. Designs, animation, and malicious applications user interfaces are deployed immediately across all browsers and platforms, attracting and engaging crooks users with a and making them rich Web experience.
 

2. Enable 2-Factor authentication where available.

Yes, logging in can be a bit more annoying and time consuming. And no, the security advantage that it provides isn't perfect. But you don't have to be perfect. You just have to be slightly better than average, because the average crooks are making their money off the average user. Don't be in that group.
 

3. Take the time to enable storage encryption on your mobile device

Yes it asks for the PIN more often. Maybe it even gets a bit more sluggish to use. But the number of mobile phones that are lost or misplaced every day in New York City alone would make a pile that can be seen from space. Imagine the doubt and anguish of the former owners, whose entire life is on those phones. Backups help against the loss, but only PIN & encryption help against the feeling of likely being violated by someone, somewhere, who browses through your private life.
 

What are your security resolutions, either for you personally or for your day job?  Please share in the comments below, or via our contact form.

 

Daniel

367 Posts
ISC Handler
Continue checking posts everyday at SANS ISC. So much help and knowledge. Have learned so much. Many thanks to the Handlers who take the time to post and share.
Anonymous

Posts
* Pay attention to details * In Security this speaks lot. I Personally experienced similar situation where i Overlooked few facts/details, which later was identified to be Root Cause.
RameshS

2 Posts Posts
Jac

69 Posts Posts
Have the FTC force ALL software developers/vendors to exercise ALL due diligence, follow the "state of the art" and stop them distribute/publish poorly crafted products^Wbanana ware.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!