Castles were used as centers of power, places of refuge and defense. They held stores to withstand siege, were centers of administration and were traditionally a seat of nobility. In the digital age, everyone needs a digital castle for the same reasons that folks in the 10th century needed a castle. Refuge, administration and defense. In our current environment of hacking, cybercrime, security holes with core products and ransomware you need to take the time to build a castle to defend your digital information and digital self.
A majority of Americans have a digital presence. A Facebook account, an email address or two through two different providers, maybe digital photo storage. Maybe all you do is pay your bills online or some online banking. It does not matter…if it involves the internet that means you have a piece of you, out there in the ether. How things are secured across the internet is pretty much the same way, passwords and way to reset that password if you forget it. Normally, that reset process involves an email address, which in turn…may have been your user name. This password and reset combination is good for users because it ensures that they have a way into their digital kingdom. The problem is that it is that it is the equivalent of a wooden castle (known as a Motte and Bailey).
Sure…you have a castle. It’s protected by a password and your email address is protected by a password. But passwords can be easily cracked by computers, which, contrary to popular belief, are what does the bulk of the work in the world of hacking. If your password is anywhere on this list, in any slight variation of them, you really need to change it. A computer can burn through the most common thousand passwords in less then a blink of an eye. Additionally, folks reuse the same password time and time again. If that is all you have defending your digital kingdom, it is like a wooden Motte and Bailey. Someone can walk up, start a fire and a very short time later they are in. Not only that, but if that same password and email address is the same defense for your online banking, your social media and your utilities…once the bad guys compromise that…they are in to all those things that were in the same circle of protection.
Most castles we think of are made of stone with big, thick, tall walls with folks guarding them. However, there is much more than that to a castle. The castles that have stood the test of time and siege were more like an onion, with layers of defense. First and foremost… they were intimidating. They had multiple walls, with moats, choke points, bridges and towers, all of which was built around the keep. Your digital castle should be intimidating. You want folks to take a look at it, decide that there are easier targets and move on. If folks decide that they still want to proceed with trying to break your castle, you need there to be substantial defense there.
Before I go too far some recommendations, I need to say, no matter what you do, given enough time, resources and maybe with a little knowledge of you, your digital castle will fall. Just like the ones of old did. The point is to outlast the person attacking. To make it so slow and painful for them that they move on to someone else.
The first step is to pick a good email provider. I like Google Mail (GMail) because of several reasons:
I covered two factor authentication in a previous post, so I won’t go into that again. Captcha is those set of random words/numbers that are frequently smudged looking which are designed to be readible by humans and not machines. When you try to enter your password too many times, it challenges you to enter the words so that it is sure that you are a human being and not a computer. You can’t progress until you pass the Captcha challenge and more and more services are making it so if you continue to get your information wrong that it will require captcha at every attempt.
Between these two items, it makes it hard for hackers/crackers. Captcha is a moat surrounding your castle. It slows the attack down and can inform the defenders of the castle (you and your provider) that an attack is occurring. Your password is the main walls and towers of your castle. It needs to be strong, with variations in height and angles (capitalization and special characters) as well thick walls (the length of your password) to prevent attackers from getting a foothold or easily plowing through your walls. The 2FA is that last line of defense. If they get past everything else, that unique key that is generated based on an algorithm is really the last thing keeping your castle from falling.
The other thing that you need to consider with your castle is how many ways do you have in. With tablet computers, smart phones, laptops and WIFI at every coffee shop those are a lot of paths into your castle. If you only have strong walls and a moat at one side, but a wooden structure with no moat on the other, all the folks have to do is to change how and where they attack and they are in. Part of ties into a future post but there is information out there that shows that the smartphone or tablet you have is a target as a way to get into your digital castle. More on that later.
Hopefully this gives you ideas and a better understanding about why we all need a castle.