Cybersecurity tip of the month (or so) - Kelowna Slack compendium #2

This is a listing of my posts on cybersecurity (and privacy) to the Kelowna (Tech) and/or Built in Kamloops Slack workspaces, from January to November 2023. My posts to these two workspaces were headed with "Cybersecurity tip of the week (or so)". I'm logging my posts here because all posts disappear very quickly in Slack free workspaces.

The previous listing of my Slack posts is here: https://www.gsharratt.com/2022/12/cybersecurity-tip-of-month-or-so.html


Great deal on Windows 11 Pro for a couple of days only:


Why would you want Windows 11 Pro? Because it lets you enable BitLocker full-disk encryption on your main drive and external drives. If your drives are NOT encrypted with BitLocker and your computer and/or external drives are lost or stolen, the person with your computer or drives can read their entire contents. That's very bad! BitLocker prevents this.

(Note: If you have a Microsoft Surface device, you already have Device Encryption. This is full-disk encryption but it's quite not as nice as BitLocker.)


Hopefully you at least occasionally think/worry about how secure your online passwords are. Here is a good resource for figuring that out: https://specopssoft.com/blog/best-password-practices-to-defend-against-modern-cracking-attacks/ Look at the big table halfway down the article.

You can apply that table to any of your passwords individually, but your security will so much better if you use a password manager (PM) and apply the table instead to your PM's master password. That's because proper use of a PM calls for every online account stored in the PM to have a unique password (i.e., never reuse passwords!) and for each password to be long (e.g., 20+ chars) and random. (And make sure you have 2FA enabled on your PM account.)


Today is World Backup Day. It's a reminder to back up all your important data, both personal and business; that's something that most individuals and professionals and many orgs do very poorly. If you want to see all the things you aren't doing, check out my blog post today: World Backup Day 2023


If your org is not using a password manager or you have not implemented a team/enterprise password manager for the org (i.e., you're leaving it up to each worker to use a personal password manager), this Bitwarden demo webinar could be useful.


(Bitwarden and 1Password are the two password managers that most orgs should consider, IMO.)


If you're a LastPass user you might be wondering how their big breach of customer vault data affects you. I wrote up a blog post with a short analysis of the breach and thoughts on actions to take beginning right away. This is a very serious breach so you should understand your risks -- which might be very high -- and how to mitigate them.

The big LastPass data breach and what to do about it (gsharratt.com)