Source | www.ciodive.com : By Naomi Eide
hen it comes to cybersecurity, it is easy to descend into a climate of personal paranoia, cognizant of any potential privacy violations or breaches. In the modern landscape of technology, physical and digital threats are merging and people are increasingly more aware of the tenuous security bubble they live in.
For experts, practicing cybersecurity is part of their routine, whether it’s employing VPNs to use unsecured WiFi networks or using a password manager to ensure that no two sites have the same login credentials. Some experts even use burner devices when traveling, particularly to events like Black Hat or Defcon, where showoffs are looking to make examples of those lacking security.
At RSA 2017 in San Francisco, CIO Dive asked seven security experts about their personal cybersecurity habits.
Shawn Henry, president of CrowdStrike Services and CSO at CrowdStrike
“Turn off Bluetooth. Turn off WiFi … I am very aware also of the physical security side of it. So, people picking up your bag, people identifying the hotel room that you’re in and trying to get inside it. Think of the physical security side.
The merging of the physical and the digital world. It’s not just these remote access technology enabled attacks, there’s actually old world physical attacks that occur as well.”
Justin Fier, director of intelligence and analysis at Darktrace
“I learned in my days working as an intelligence contractor, you have to draw a fine line between being too paranoid and being able to function in day-to-day life. Just practicing good password hygiene is probably the number one thing I would recommend doing. And then just being on top of updating your software and hardware. That’s the least amount anybody could do.”
Terence Spies, CTO for Hewlett Packard Enterprise Security – Data Security
“I actually tend to do something that a lot of security people told people to not do for a long time, which is writing down passwords. For the longest time, the advice was, don’t write down passwords, memorize them. But for me and my family it’s just, you have a choice between either coming up with one default-ish kind of password that you end up spreading over the whole internet, or you come up with sort of reasonable passwords and mnemonic way of remembering them. The human brain is not built to remember random information.
I think that’s one big mistake, with respect to personal cybersecurity. ‘Don’t write down password.’ It’s like, why not? You write down passwords and you’re changing that attack, you’re enabling people to come up with much more variant, stronger passwords and they’re changing the attack from, ‘I can go grab that out of a database,’ to ‘I need to steal your wallet or break into your house.'”