editione1.0.0
Updated October 9, 2023The first thing to have set up is a screen lock for all your devices on your list. This includes mobile phones, laptops, and any other devices that are logged into important accounts like your personal or work emails. Screen locks can come in multiple shapes and sizes.
For mobile devices: Avoid using patterns, like connecting dots on a four-by-four dotted grid. Instead, use a PIN (personal identification number) that is at least ten digits long. You can also use a password, meaning you include alphanumeric characters, but I’m personally not a fan. I find phone screens to be too small to properly type it in using trained reflexes. Once your PIN is ten digits or longer, it would take years for a machine to be able to iterate through and crack it, whereas a four digit PIN can take as little as 15 minutes.
For laptops: Use a long and unique passphrase; I say passphrase because you will have to type this baby multiple times per day. Five random words strung together is one great technique I recommend, or a phrase that makes sense to you but isn’t easy to guess. “My name is Erica” is a bad phrase, but “Baby Yoda slurps his soup” is a pretty good one.
Biometric authentication, like fingerprints and face scanning, have started to become more popular. Even if you have these enabled, you often have to set up a PIN or password backup because they aren’t always reliable. Not all biometric authentication is perfect. In general, fingerprint authentication has been harder to bypass—and even then, only after making tons of fingerprint molds and spending a whole heck of a lot of time trying to get a match. Given the context that we started off with at the start of this part of the book, it is unlikely the person trying to get into your phone is that motivated or well researched. They might find it more worth their time to just wipe your iPhone and resell it on eBay.
When Samsung originally launched their facial recognition in 2019, they faced backlash when researchers discovered that a phone could be unlocked using a photo of the owner’s face. Before relying on facial recognition or any new biometric options aside from fingerprints, do a quick search online. Look for any biometric bypass research for your device type. Not all technology is made the same, and some use a lot more sophisticated methods for checking biometrics to avoid bypass techniques. For example, Apple also uses facial recognition, but theirs relies on more data points than Samsung’s, which makes it harder to bypass with just a photo. We are still a while away from being able to solely rely on biometrics without having some PIN or password as primary backup.
danger Sharing is caring, but not when it comes to the devices you use for your business. It is tempting to give our phones to a kid who is causing a scene in public to keep them distracted, or to a partner for their own personal use. If you also use that phone for business, then this habit needs to change. Even if you tell others to be careful, the risks are too high to gamble with when that device has inside access to the most sensitive parts of yourself and your business.
Now that we have covered who can use your devices, let’s get into how we secure them.
The software on your devices provides an opening to bad actors as well—software is made by people, and it often has mistakes or bugs that crop up that can be misused. Imagine an attacker delivers an email that looks like an invoice, sent via a macro-enabled Word document. Most likely, that document has a script that will try to take advantage of a bug that hasn’t been patched in your operating system software. Software developers release patches that contain security fixes to close these bugs, but it is up to us to actually make sure we apply them.
important Enable automatic updates within your mobile or desktop operating system. Keeping software updated means you’ll always have the latest security protections. Most operating systems now allow you to set updates to happen automatically; be sure these are switched on. Mobile phones usually do a good job of telling you when an update is available, and will even auto-update your apps when you plug it in to charge while connected to wifi. Windows, macOS, and Linux on laptops are also usually configured to automatically update, but now is the best time to double-check.
It is important to set these to automatic, because the last thing you will be thinking about when running your business is “Am I protected from that latest Windows vulnerability?” News like that might not even make it to your radar, so having automatic updates gives you that peace of mind.