Story image

Entrust your cyber security secrets to a safe pair of hands

10 Feb 17

Imagine, if you will, that your security is flawless, and not a single other person can access your sensitive accounts or information. And then the unthinkable happens – you’re in an accident. How will your loved ones get past your security measures to tend to your affairs?

It may seem a bit counter-intuitive, if you’ve taken to heart all the admonitions to lock up your valuables, to then take steps that enable someone to get at them.

Much of the advice for allowing an entrustee to manage your affairs - either temporarily or permanently - reads like a list of cybersecurity faux pas.

But in reality, the best steps to take for allowing a trusted caretaker in are slight modifications of the techniques you used to achieve thorough security in the first place.

You no doubt have an asset list, either stored mentally or written down somewhere, that documents all the machines and accounts in your care.

This list will be essential for your “In Case of Emergency” kit. Be sure to include all devices (don’t forget oft-ignored things like admin accounts for your modem and router), email accounts, utilities like power and water, financial institutions, cloud services, and any servers you might be hosting for other people.

Authorization

Now that you have your asset list, choose an emergency contact. This person will be entrusted to take care of all your digital assets, and can be a family member or friend, or someone official like a lawyer.

If you have already written your will, you’ll likely have already chosen an executor to find and manage your assets. Some online services – like Google, Facebook and Instagram – allow you to designate an emergency or legacy contact who can administer your accounts.

Many password manager applications allow you to set an emergency contact too (which can also be helpful in less dire situations, if you ever need to reset a lost master password).

This is the point where you need to exercise a little extra caution, so as to avoid making security slip-ups. Create a list of your usernames and passwords, and create backup codes for any accounts that have two-factor authentication enabled.

To protect this list, there are a few things you can do. You can keep a copy on paper or removable media locked away somewhere, such as in a fire safe or safety deposit box.  You can entrust it to a lawyer, or sign up for an end-of-life planning service.

Keep in mind that law firms and companies can and do go out of business, so you may still want to keep an additional form of backup. Be sure to ask them questions about their security too, as losing this much sensitive information at once would inevitably be a massive pain to fix.

If you keep a digital copy of your credentials, be sure to encrypt it. Public-key encryption is a natural choice for this situation, but you may need to be aware of expiration dates.

And keep in mind that storage media degrades over long periods of time, so every five or ten years you should move your information to a new disk.

Preparedness drills

We’ve all been through a fire drill or other preparedness training at least once in our lives, so we understand the idea that they’re meant to help us act swiftly and sanely even when our emotions are running high.

Likewise, preparing your loved ones in advance with the occasional practice run can make taking care of your digital assets less difficult and distressing for them when the time comes.

Matters of mortality are not fun topics, and not something most people give much thought to until well into their autumn years.

When accidents happen, the stress on survivors can be overwhelming, even without the Herculean effort required to get through our airtight security. By taking a few minutes to prepare for the worst, we can save our family and friends from having an extra burden to bear.

Article by Lisa Myers, ESET blog network 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.