sb-nz logo
Story image

Entrust your cyber security secrets to a safe pair of hands

10 Feb 2017

Imagine, if you will, that your security is flawless, and not a single other person can access your sensitive accounts or information. And then the unthinkable happens – you’re in an accident. How will your loved ones get past your security measures to tend to your affairs?

It may seem a bit counter-intuitive, if you’ve taken to heart all the admonitions to lock up your valuables, to then take steps that enable someone to get at them.

Much of the advice for allowing an entrustee to manage your affairs - either temporarily or permanently - reads like a list of cybersecurity faux pas.

But in reality, the best steps to take for allowing a trusted caretaker in are slight modifications of the techniques you used to achieve thorough security in the first place.

You no doubt have an asset list, either stored mentally or written down somewhere, that documents all the machines and accounts in your care.

This list will be essential for your “In Case of Emergency” kit. Be sure to include all devices (don’t forget oft-ignored things like admin accounts for your modem and router), email accounts, utilities like power and water, financial institutions, cloud services, and any servers you might be hosting for other people.

Authorization

Now that you have your asset list, choose an emergency contact. This person will be entrusted to take care of all your digital assets, and can be a family member or friend, or someone official like a lawyer.

If you have already written your will, you’ll likely have already chosen an executor to find and manage your assets. Some online services – like Google, Facebook and Instagram – allow you to designate an emergency or legacy contact who can administer your accounts.

Many password manager applications allow you to set an emergency contact too (which can also be helpful in less dire situations, if you ever need to reset a lost master password).

This is the point where you need to exercise a little extra caution, so as to avoid making security slip-ups. Create a list of your usernames and passwords, and create backup codes for any accounts that have two-factor authentication enabled.

To protect this list, there are a few things you can do. You can keep a copy on paper or removable media locked away somewhere, such as in a fire safe or safety deposit box.  You can entrust it to a lawyer, or sign up for an end-of-life planning service.

Keep in mind that law firms and companies can and do go out of business, so you may still want to keep an additional form of backup. Be sure to ask them questions about their security too, as losing this much sensitive information at once would inevitably be a massive pain to fix.

If you keep a digital copy of your credentials, be sure to encrypt it. Public-key encryption is a natural choice for this situation, but you may need to be aware of expiration dates.

And keep in mind that storage media degrades over long periods of time, so every five or ten years you should move your information to a new disk.

Preparedness drills

We’ve all been through a fire drill or other preparedness training at least once in our lives, so we understand the idea that they’re meant to help us act swiftly and sanely even when our emotions are running high.

Likewise, preparing your loved ones in advance with the occasional practice run can make taking care of your digital assets less difficult and distressing for them when the time comes.

Matters of mortality are not fun topics, and not something most people give much thought to until well into their autumn years.

When accidents happen, the stress on survivors can be overwhelming, even without the Herculean effort required to get through our airtight security. By taking a few minutes to prepare for the worst, we can save our family and friends from having an extra burden to bear.

Article by Lisa Myers, ESET blog network 

Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Criminals scale back DDoS attacks after 'abnormal' spike in Q2
The Q2 spike seems to have been short-lived as DDoS activity returns to ‘normal’ levels over Q3, with 73% fewer attacks than seen in the previous quarter.More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More