The Cloud: Once a word that would have only inspired images of a white puff in a blue sky can now inspire confusion and fear about the complex systems that run the Internet. The Cloud is made up of physical locations that house software, hardware, and services that run on the Internet (as opposed to locally on your computer or mobile device). The Cloud dominates the Internet age today because of its many benefits, including convenience, cost and scalability. With the Cloud, you can access information from any smart device at any point in time, wherever you’re located. (For more on the Cloud, check out this Inc. article.) The Cloud also introduces new risks and security-related concerns, however.
I’ve been working at Triax for two and a half years as a Software Engineer, primarily focused on the Cloud services that power our Spot-r connected jobsite solution. My passion for technology goes as far back as I can remember, fiddling with every electronic device I could find, and my passion for quality goes back nearly as far to the first time I found a flaw in one of those devices.
There was a time when these flaws were innocuous, but in today’s digital age, a bug can cost a company hundreds of millions of dollars and expose sensitive information for hundreds of millions of people (e.g. the 2017 Equifax security breach). A misplaced click or a typo can cripple your computer, jeopardize your savings, or expose your health records.
While Triax takes careful steps to secure our system (more on this in a future post) and promotes the following practices for all our employees, as technology becomes widespread at the jobsite, it’s important for contractors to educate themselves and adopt some basic cybersecurity practices.
With minimal education and preparation, it’s easier than you might think to be safe on the web. Here are my top three tips:
Tip #1: Use a Password Manager
Why? Reusing the same password across multiple sites means every one of those sites can know your password, and having your password compromised on one site compromises every site. In addition, a weak password (check out this Business Insider article for some examples) means that anyone could easily guess it and enter your account.
What? Password managers can generate and store strong, unique passwords for you. This means you get the benefits of separate passwords for every site without the burden of remembering them all. All it requires is remembering one unique, strong “master” password.
How? I recommend creating a free LastPass account. You can then download plug-ins for any web browser and apps for any mobile device, so that LastPass will automatically populate your passwords for you. Security without the hassle.
Tip #2: Update Your Devices
Why? People are constantly finding new security holes in the devices you use every day, and the only way to protect yourself is to patch them meaning you must update! Don’t believe me? The massive 2017 cybersecurity breach at Equifax was caused by an engineer not installing updates.
What? Updates come in many shapes and forms, but generally bring new features and improved security to the software you’re using.
How? Updating is automatic on a lot of devices, but sometimes you will be prompted with a notification that updates are ready to be installed. When you see the notification, approve the updates.
Tip #3: Two-Factor Authentication (2FA)
Why? Have you ever forgotten a password and needed to reset it? This has probably caused the website in question to send you an email with a link to reset your password. What this also means is that if someone can get into your email, they can get into any of your accounts by resetting the password. With two-factor authentication (2FA), attackers need a second way to verify it’s actually you making the request (e.g. entering a verification code that gets sent to your phone), adding a second layer of verification against attackers looking to get into protected accounts.
What? 2FA requires you to enter a one-time code when you log into your most important accounts (email, bank accounts, etc.). Usually, there is an app on your smartphone that generates the code to verify it’s actually you.
How? Most email providers and banks will allow you to turn on 2FA somewhere in Settings. Some may then ask you to scan a QR code with an app to enable 2FA. (If you have the choice, I recommend Authy). Once 2FA is enabled, logging into that important account will require verification, so make sure to have your smartphone handy.
Passwords are often the only barrier between an attacker and your data, and they are not enough on their own. A password manager will make your passwords stronger without the need/burden of remembering multiple passwords; Updating your devices will ensure the latest security; and two-factor authentication keeps your most at-risk accounts safe even if your password is stolen.
Start with these three – in your personal life as well as in your professional, encouraging your family, friends and organization to do the same – and you’ll be on your way towards protecting against the most common threats on the web today.
Dylan Anthony is a Software Engineer at Triax Technologies. He can be reached on LinkedIn.