Start with passwords. Analyses of password databases stolen by criminals often reveal that the most used passwords are laughably easy to guess. You'd be surprised how many people use “password” or “123456”. Criminals have automated attacks that look for the most common passwords, so just using tougher passwords makes their lives much harder. Creating a memorable but tough password isn't that hard. I finished school in 1990, the year in which Australia's best-selling song was Sinead O'Connor's Nothing Compares 2 U. That fact can make a nicely secure password.
Start with the first letters of the artist's name – soc – and then use the first letter of each word in the song title – nc2u. Next, add the year the song topped the charts and mix in some capital letters to create the password “SOCnc2u1990”. That kind of password looks like random gibberish, but is quite easy to remember.
There are lots of ways to play this game: Daniel Day Lewis won Best Actor for the 1989 film My Left Foot. Which gives you “DDLBA1989MLF” as a password.
This kind of password is unlikely to be guessed by criminals*, who prefer to make guesses about your passwords based on easy to find information such as your pet’s name. Don't think those names are obscure: chances are you mentioned “Cuddles” on Facebook without thinking twice that a criminal would consider it as a way to attack the internet banking account you secured with the password “Cuddl35”. But that's just the kind of thing criminals look for, so keep Cuddles out of your passwords!
If you like the idea of complex passwords, but worry something more cryptic like the musical concoction we've described above is too hard to remember, consider software called “password managers”. Password managers store all your passwords for every site you use, and all that is required is one very complex password to access your ‘vault.’ Password Managers don't mean you should revert to “123456”, but they do make it easier to manage a different secure and complex password for each website or service you use. Some password managers, such as the excellent LastPass, are even free (for the basic version).
That’s not to say a Password Manager is a silver bullet capable of taking out all security vampires. Indeed, it introduces a new risk because every new piece of software is another tool you need to keep secure with the latest security patches. Operating systems such as Windows, Android and iOS, as well as the apps you run on them, nag you to update them when they need a security patch. But your printer and the modem you use to connect to the internet probably don't. Nor will software-like plug-ins for your browser or content-management system. A huge 73 per cent of all WordPress installations had known vulnerabilities, according to a WP White Security study.
With different plug-ins created by different developers, the possibility of security weakness increases. Most people never think to list all the things they use in their business: just creating a list of them all and checking to make sure they're updated puts you a step ahead of any hidden vulnerabilities a cybercriminal might exploit. The same goes for updating and backing up your CMS and other databases.
Maintain a list of all the apps, services, platforms, plug-ins and more in your world that need to be checked for updates. This could help you stay on top of possible problems before they get serious. Secure that list with a good password and you'll have taken two precautions to help reduce your exposure to basic criminal hacking.
* Please don't use these examples as your password – we've kind of given the bad guys a leg up by explaining these methods!