sb-au logo
Story image

Entrust your cyber security secrets to a safe pair of hands

10 Feb 2017

Imagine, if you will, that your security is flawless, and not a single other person can access your sensitive accounts or information. And then the unthinkable happens – you’re in an accident. How will your loved ones get past your security measures to tend to your affairs?

It may seem a bit counter-intuitive, if you’ve taken to heart all the admonitions to lock up your valuables, to then take steps that enable someone to get at them.

Much of the advice for allowing an entrustee to manage your affairs - either temporarily or permanently - reads like a list of cybersecurity faux pas.

But in reality, the best steps to take for allowing a trusted caretaker in are slight modifications of the techniques you used to achieve thorough security in the first place.

You no doubt have an asset list, either stored mentally or written down somewhere, that documents all the machines and accounts in your care.

This list will be essential for your “In Case of Emergency” kit. Be sure to include all devices (don’t forget oft-ignored things like admin accounts for your modem and router), email accounts, utilities like power and water, financial institutions, cloud services, and any servers you might be hosting for other people.

Authorization

Now that you have your asset list, choose an emergency contact. This person will be entrusted to take care of all your digital assets, and can be a family member or friend, or someone official like a lawyer.

If you have already written your will, you’ll likely have already chosen an executor to find and manage your assets. Some online services – like Google, Facebook and Instagram – allow you to designate an emergency or legacy contact who can administer your accounts.

Many password manager applications allow you to set an emergency contact too (which can also be helpful in less dire situations, if you ever need to reset a lost master password).

This is the point where you need to exercise a little extra caution, so as to avoid making security slip-ups. Create a list of your usernames and passwords, and create backup codes for any accounts that have two-factor authentication enabled.

To protect this list, there are a few things you can do. You can keep a copy on paper or removable media locked away somewhere, such as in a fire safe or safety deposit box.  You can entrust it to a lawyer, or sign up for an end-of-life planning service.

Keep in mind that law firms and companies can and do go out of business, so you may still want to keep an additional form of backup. Be sure to ask them questions about their security too, as losing this much sensitive information at once would inevitably be a massive pain to fix.

If you keep a digital copy of your credentials, be sure to encrypt it. Public-key encryption is a natural choice for this situation, but you may need to be aware of expiration dates.

And keep in mind that storage media degrades over long periods of time, so every five or ten years you should move your information to a new disk.

Preparedness drills

We’ve all been through a fire drill or other preparedness training at least once in our lives, so we understand the idea that they’re meant to help us act swiftly and sanely even when our emotions are running high.

Likewise, preparing your loved ones in advance with the occasional practice run can make taking care of your digital assets less difficult and distressing for them when the time comes.

Matters of mortality are not fun topics, and not something most people give much thought to until well into their autumn years.

When accidents happen, the stress on survivors can be overwhelming, even without the Herculean effort required to get through our airtight security. By taking a few minutes to prepare for the worst, we can save our family and friends from having an extra burden to bear.

Article by Lisa Myers, ESET blog network 

Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Link image
Gartner report: Why SD-WAN is becoming the de-facto option
Network service providers are increasingly challenged by established and new competition in the overlay SD-WAN management as well as in the underlay WAN transport, the report says.More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More