Which bad security habits should you be giving up for Lent?



We all know that Lent is traditionally a time for preparation and fasting ahead of Easter but, in recent years, many see it as a time to give up and break bad habits. With that in mind, we spoke to a selection of security professionals to ask them what they think we as internet and social media users should be giving up.

Take time to review and maintain your email security

James Linton, Lead Researcher for the Agari Cyber Intelligence Division (ACID)

Lent is a time of preparation; a time of forsaking certain daily luxuries. This Lent consider dedicating one of your most valuable luxuries - time - to the review and maintenance of your email security. It’s all too easy to assume what is problem free today will be problem free tomorrow, but in the world of email, that’s far too simplistic an approach to adequately protect you over time.

40 minutes! That’s all you would have to put aside to take an objective and proactive review of your email’s current structure. The number of email accounts; primary uses of these accounts; services/apps/data specifically associated with them; passwords used; these are the blocks that make up the structure of your email. They change shape and importance over time. A password applied to an email account many years ago stands a far greater chance of featuring in a data breach, and the ‘value’ of that account could now be far greater than when you first set it up. For example, your salary could be far greater than it used to be, and your banking, again set up some time ago, could be linked to that account. So, anyone gaining access to your email account would be able to cause some real harm. If you do find yourself coming to a similar conclusion, I would highly recommend using unique complex passwords on such accounts and also activate multi-factor authentication.

In summary, the best and most efficient time to review your email is when there isn’t a problem, not after! So rather than giving something up this Lent, take time to identify where the sensitive and valuable data lies and implement measures that reflect the growing threat landscape.

Give up reusing passwords!

Rusty Carter, VP of Product Management at Arxan Technologies

But at the end of Lent, don’t go back… get a password manager and avoid being the next victim of a credential stuffing attack. If you’ve used BA, Sotheby’s Home, or hundreds of other services that have been compromised in just the last year alone, your username and password is in a malicious actor’s hands and they will be trying it against other services like banks, social networks, and ecommerce sites to steal from you!

Give up (re-using) your password!

Matt Walmsley, EMEA Director at Vectra

Come on folks we all know it’s not good practice but most of us have reused a common password at one time or another, and many of us do it habitually. Pick something that’s not obvious, has numbers and special characters, and if you’re really going for it, isn’t a meaningful word or phrase. While you’re at it, turn on multi-factor authentication on your accounts where its available.

There are password vault and manager tools to help you administrate and remember your newly improved passwords too. You’ll need to take a view on whether you want all your passwords in one place though. I’m not a fan. They’re not inherently bad but they do introduce risks around losing access to passwords or being breached and locking yourself out of all your account details and associated passwords. Others like them though, often for the ease of using multiple long, complex, unique passwords and website legitimacy checking features.

Finally, sign up on haveibeenpwned.com – a free service that checks your email address against known data breaches and alerts you if your password of choice is out in the wild.

Step away from the public wifi!

Matt Lock, Director of Sales Engineers – UK, Varonis

Those looking to give up a dangerous cybersecurity practice during Lent should consider giving up public wifi. Like other vices, we know using public wifi is bad for us, but we keep doing it anyway.

When checking your bank balance on your phone at the coffee shop or shopping on your phone on the train, it’s tempting to simply select the first free network you see, no password required. Those warnings that your online activity is unsecured and accessible by third parties are there for your safety. Click at your own risk.

Free wifi might save your money, but you could end up losing in the long term. Your data, including usernames and passwords, could be intercepted and monitored in a man-in-the-middle attack or by a hacker who has tricked you into logging on to their own network. It may be tougher to face your monthly mobile statement, but you will be protecting yourself by keeping your information more secure.