Story image

Entrust your cyber security secrets to a safe pair of hands

10 Feb 2017

Imagine, if you will, that your security is flawless, and not a single other person can access your sensitive accounts or information. And then the unthinkable happens – you’re in an accident. How will your loved ones get past your security measures to tend to your affairs?

It may seem a bit counter-intuitive, if you’ve taken to heart all the admonitions to lock up your valuables, to then take steps that enable someone to get at them.

Much of the advice for allowing an entrustee to manage your affairs - either temporarily or permanently - reads like a list of cybersecurity faux pas.

But in reality, the best steps to take for allowing a trusted caretaker in are slight modifications of the techniques you used to achieve thorough security in the first place.

You no doubt have an asset list, either stored mentally or written down somewhere, that documents all the machines and accounts in your care.

This list will be essential for your “In Case of Emergency” kit. Be sure to include all devices (don’t forget oft-ignored things like admin accounts for your modem and router), email accounts, utilities like power and water, financial institutions, cloud services, and any servers you might be hosting for other people.

Authorization

Now that you have your asset list, choose an emergency contact. This person will be entrusted to take care of all your digital assets, and can be a family member or friend, or someone official like a lawyer.

If you have already written your will, you’ll likely have already chosen an executor to find and manage your assets. Some online services – like Google, Facebook and Instagram – allow you to designate an emergency or legacy contact who can administer your accounts.

Many password manager applications allow you to set an emergency contact too (which can also be helpful in less dire situations, if you ever need to reset a lost master password).

This is the point where you need to exercise a little extra caution, so as to avoid making security slip-ups. Create a list of your usernames and passwords, and create backup codes for any accounts that have two-factor authentication enabled.

To protect this list, there are a few things you can do. You can keep a copy on paper or removable media locked away somewhere, such as in a fire safe or safety deposit box.  You can entrust it to a lawyer, or sign up for an end-of-life planning service.

Keep in mind that law firms and companies can and do go out of business, so you may still want to keep an additional form of backup. Be sure to ask them questions about their security too, as losing this much sensitive information at once would inevitably be a massive pain to fix.

If you keep a digital copy of your credentials, be sure to encrypt it. Public-key encryption is a natural choice for this situation, but you may need to be aware of expiration dates.

And keep in mind that storage media degrades over long periods of time, so every five or ten years you should move your information to a new disk.

Preparedness drills

We’ve all been through a fire drill or other preparedness training at least once in our lives, so we understand the idea that they’re meant to help us act swiftly and sanely even when our emotions are running high.

Likewise, preparing your loved ones in advance with the occasional practice run can make taking care of your digital assets less difficult and distressing for them when the time comes.

Matters of mortality are not fun topics, and not something most people give much thought to until well into their autumn years.

When accidents happen, the stress on survivors can be overwhelming, even without the Herculean effort required to get through our airtight security. By taking a few minutes to prepare for the worst, we can save our family and friends from having an extra burden to bear.

Article by Lisa Myers, ESET blog network 

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Security top priority for Filipinos when choosing a bank - Unisys
Filipinos have greatest appetite in Asia Pacific to use biometrics to access banking services
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.