New Year’s Resolutions For Better Security In 2015

By Fahmida Y. Rash 

The countdown is over, and the confetti has been cleaned up. It’s time to make resolutions for a better and improved me. Why should information security take a back seat to my health and personal goals?

I fell on data privacy. I turned on full-disk encryption on all my computers—desktops and laptops—and got encrypted USB flash drives and portable hard drives. I got rid of most of the regular USB drives, but I get so many of them, as freebies at conferences, that I sometimes forget and save files on them. I need to get better at making sure I didn’t use the insecure drives in 2015. I researched cloud storage services which let you encrypt your files as you upload them, but I never actually got around to signing up and using them.

It’s easy to start again, but when faced with the prospect of moving hundreds of files I already have in Google Drive, it’s much easier to postpone the whole endeavor altogether. I can’t give myself that excuse in 2015. I am intrigued by the encryption mechanisms Google has introduced for an email in Google Apps so that I will be looking into that. But I need to stop sending scans of important documents via email without first password-protecting the files. I have a account—2015 is when I figure out how to use it.

So What’s Ahead for 2015?
I know where I have to improve, but I also have some promises for 2015. First of all, I will delete the software and apps I am not using. There is no need to keep the software on my machine which is outdated or vulnerable. This ties into my second goal—to audit myself so that I know what I have. Experts regularly advise businesses to make sure they understand what machines are on the network, what kind of software is on each other.  If, as the latest statistics seem to suggest, the average user owns five Internet-connected devices, then I should know what I have on my home network. I should find out why the mobile app is uploading my images to a cloud service.
One common theme with the breaches in 2014 was that basic security failed.

JPMorgan Chase was compromised because a server did not have two-factor authentication enabled. A target was breached because a user fell for a phishing attack. We shake our heads over these mistakes, but hindsight is 20/20. We need to make sure we are doing whatever we can to protect ourselves, while at the same time demanding businesses and companies providing services step up and do a better job securing our data.
Here is to a safe and secure year ahead!
Fahmida Y. Rashid is an analyst for networking and security at