2020 Security Suggestions from the Pair Security Team
With many people moving and expanding their businesses online, it’s important to take steps to secure your online presence. Practicing good security habits keeps your virtual assets safe from those who would do it harm. With malware, ransomware, phishing, and other digital attacks floating around on the internet, you can never be too careful.
Luckily, if you practice good security techniques, you can make your account and online assets much less vulnerable to attacks. That’s why we asked our security team here at Pair Networks what security suggestions they had for our customers.
Here’s what they recommended focusing on:
Pair Security Team Recommendations
“Security practices do not particularly change over the years.” says Jaime, one of our security experts. “While the type of exploits are always different, the most common reasons always remain the same.”
These most common reasons are:
- Insecure passwords
- Outdated software
- Insecure file/folder permissions
“The most important security practices” Jaime continues, “are to follow strong password guidelines, routinely update your software, and follow the developers instructions when setting up permissions. Permissions can be the most confusing out of all of these, so always contact your web host if you ever have any questions. We’ll be happy to look at your files to make sure you are using the most appropriate configuration. “
Creating Strong Passwords
Not all passwords are created equal. Weaker or leaked passwords put your entire account at risk. So how do you create strong passwords? There are a number of good practices you can begin implementing to help you generate stronger passwords.
The first tip is to use a long password. Twelve characters or more is ideal. Shorter passwords are easier for bots to guess. That’s right – bots are usually the ones trying to break into your account. Hackers create bots to do their work for them. Depending on what security measures you have in place, bots can sometimes try hundreds of thousands of password combinations before getting banned. The longer the password, the less likely randomly generated guesses will succeed.
Adding complexity can also boost your password strength. Throw in some unique characters or numbers to really beef up your password..
Keep in mind to stay away from easily guessable password combinations. This is something like your name, your birthday, your children’s names, etc. These are easy to crack, and if someone is making a targeted attack on your account, the types of passwords are likely to be the first things they try.
Lastly, we recommend using a unique password for each account you have. Reusing passwords increases the likelihood of widespread damage. For example, let’s say your password is leaked in a company data breach. If you have reused the compromised password across accounts, all those accounts are now compromised as well. However, if you have a unique password for each account, then only the initial compromised account is affected.
How to Keep Track of All Those Passwords
Passwords are tricky because you want to create a strong password, but you also have to remember it. Luckily, this is where a password manager comes in handy. Because password managers securely store all your passwords, you don’t need to actually remember all those unique passwords.
We asked some of our knowledgeable support technicians if they had a favorite password manager.
“If I had to pick one,” says Sam, one of our talented support technicians, “It’d probably be Bitwarden. It’s available for virtually every platform and browser, even CLI for scripting, it’s open-source, and it’s free. You can pay for Premium, which is $10/year, and that gives you 1GB of encrypted file storage, 2FA using things like Yubikey, and priority customer support.”
Sean, our call center manager, also had a favorite. “I have only used KeyChain mostly because it was there already on my Apple devices. It doesn’t offer 2FA, but it makes managing and using more secure passwords much easier. Any time I create or reset a password using any device that is connected to Keychain, it suggests a complex password string. It also provides details such as accounts using a duplicate password or a weak password. Overall, I have found Keychain to be a good tool for managing passwords.”
Keeping Software Up-to-Date
Keeping software up-to-date may not seem like it has much to do with security, but trust us. Actively keeping your software updated can save you from a headache later. This is because software updates often contain security patches that protect your software against the latest threats. If a software security patch goes out, but you don’t update, your software won’t be protected. Instead, you’ll be open for exploitation.
Many have encountered this problem in the past and 2020 seems to be no exception.
“Without giving out too many details,” Jaime says, “I can say that this year has seen a large resurgence in old security exploits. That is to say hitting software that is 5+ years old that has sat quietly. This is why customers should always audit their accounts on a regular basis.”
While it may seem like a pain to keep on top of your software updates, there are lots of tools out there to help make the process easier. For instance, our PairSIM installations will automatically update, as will WordPress installations on our WP hosting packages. The key is to educate yourself on the tools you have at your disposal and make sure you make the most of them.
Securing File and Folder Permissions
File and folder permissions are the last commonly exploited vulnerability. When set up incorrectly, file permissions can give unfettered access to your account files. Depending on your file permissions, some instances may even allow someone to edit the files from outside your account.
This is a giant security risk.
But before we get ahead of ourselves, here’s a bit of background on file permissions.
File and folder permissions dictate who can view, edit, and run your files and folders. In hosting accounts, you can set the file permissions on a file-by-file basis. Depending on the access you give, different people may be able (or unable) to access your files.
Setting the wrong file permissions can give third parties unrestricted access to your files and folders. However, setting file permissions isn’t always straightforward. File permissions allow you to set different types of permissions for different types of users. You can read more about the types of users and permissions in our article on File Permissions.
If you would like to know what file permissions suit you best, contact our 24/7 support team! They’ll be happy to help you not only set permissions, but also find the right permissions for your files.
For More Security Tips
For more security tips, Jaime recommended that you check out our Care and Feeding of Your Website webinar. You can watch a replay of this webinar here: Care and Feeding of Your Website Webinar.
Want more webinars? We release new webinars on a regular basis. You can also check out all upcoming webinars here.