Cybersecurity hygiene for the new year

Happy new year!  Here are some cybersecurity greetings for the new year -- it's a very dangerous world out there.

I hope all of you are doing these basic cybersecurity hygiene things:
  • You're using a cloud-based password manager, e.g., 1Password, LastPass, or Bitwarden -- and all your passwords are long, random, and unique (never reused).  (Proper use of a password manager will make you very resistant to phishing.)
  • You're using cloud-based 2FA, especially Authy -- and you've enabled 2FA on all services that support it.
  • You're backing up all your data both to at least one cloud backup service (e.g., CrashPlan, Backblaze, Sync.com, Duplicati) and to at least one external drive -- and those external drives have full-disk encryption.
  • You've hardened all your devices with strong passwords/PINs, full-disk encryption (for Windows you need BitLocker), and regular updates.
  • You've junked all computers, phones, and tablets that no longer get updates.
  • (I could go on and on, but that's a good start.)
  • You might think all this will consume too much time, but you'll be saving yourself a lot more wasted time from your digital life getting compromised.  Most of the above are mainly one-time actions to set up.
If you're still using your ISP's email service, like @telus.net and @shaw.ca, this is for you:
  • If/when you decide to look to greener hills, you'll find it really painful to move to a new ISP since your existing one has you by the short and scruffy. The issue is not all your contacts that use that address, it's all your cloud services that have that address as the owning email id.
  • I recommend that you start fixing this now: create a permanent email address like @gmail.com or @outlook.com and slowly move over all your cloud accounts to that new address. Then you'll be free to switch ISPs if you ever want to. The longer you wait to do this, the more cloud accounts you'll have, and the more painful the eventual fix will be.
  • (Yes, the above falls under security: it's availability, which is a key part of the confidentiality/integrity/availability security triad.)