Skip to content
Home » Blog » infosec » Basic Security » Ten Commandments of Infosec

Ten Commandments of Infosec

Ten Commandments of Infosec


Presenting the Ten Commandments of Infosec. Here are ten things everyone can do today to improve their cybersecurity posture, plus one bonus for system administrators. As always, please reach out to us if you have any questions or need any help.

Ten Commandments of Infosec

General Public

MFA Everything.

Use some sort of multifactor authentication on all accounts. This might also be listed as two-factor authentication (or 2FA). This will provide an additional hurdle for hackers, like putting a second lock on your door.

Use long passwords, unique per site.

Always use a unique password for each site, and never reuse passwords between sites. Worry more about the length of the password than its complexity. Something long and nonsensical makes for the best password, for example, PianoCowJumpsMoon, or something completely random like rvAdmiM8wAWEQp2tUcgh. Uppercase, numbers, and symbols help, just not as much as length, so there is nothing wrong with 26 lowercase letters as a password if it is not easily guessable.

Use password manager.

Use a password manager to manage all those unique passwords and help create random passwords. Be careful, though, about choosing a reputable password manager and not malware posing as one. 1Password and Proton Pass are both great choices.

Curiosity killed the cat; do not fall for online scams.

Be aware that there are many scams out there trying to trick you into doing things you should not, like transferring money to a stranger posing as your friend or giving them information they should not have. Be very suspicious of everything you read and see online. If it is online, there is a high likelihood it is fake or a scam. A good rule of thumb to defend against romance scams (also known as trust scams) is never to send money or other valuables to an online friend you have never met in person. If you do, it is never an investment or a loan; it is always a gift.

To follow up on the last point, if you get a strange or unexpected email, just delete it. Clicking on links or opening attachments can lead to malware, viruses, or scams. Remember, curiosity can have horrible outcomes. If you are wondering what the worst that can happen is, read a news story about cybersecurity incidents, ransomware, etc.

Maintain multiple copies of your document in multiple locations.

This is more of a preventative measure. Keep multiple copies of your most important documents, pictures, etc., and make sure they are not all in the same location. That way, you have others to go to if something happens to one copy.

Keep all connected devices and all software updated.

The headline says it all: do your best to keep everything updated and not postpone updates. This limits the risk that a hacker can exploit a security vulnerability in your software and devices. If you can install it on a computer, tablet, or phone (all forms of computing devices) or connect to it via your computer or phone, it must be kept up to date.

Encrypt sensitive data.

Anything that is sensitive and should only be accessed or read by select individuals should always be encrypted.

There is no such thing as a free lunch; some cost money and others have privacy costs.

Beware that free apps and services can be very costly. Some are just a front from a scam operation. Others are there to distract you while they gather details about you to sell or steal your data. Many free apps are nothing more than a trojan horse for malware and viruses. Your data is a valuable community these days, even if it is just your likes, dislikes, and background information. Data brokers are a huge business, making millions just by trading details about you to ad agencies.

Beware of stray USB sticks; they will make your day bad.

If you saw a sandwich lying in the parking lot, would you eat it? I hope the answer is a resounding “What is wrong with you? Of course not”. Picking up a USB stick that is just lying around makes about as much sense as picking up a sandwich or other food item. If it has an enticing label, the USB stick (and the food item) is most likely poisoned. If you do not know where it has been, do not stick it in your mouth or your computer.

Bonus for System Admin

No Root for you

If you are a sysadmin, be very careful of who you give what access rights to. In Linux and Mac systems, the unrestricted access right is called root access; in Windows, it is called Administrator. Do not be afraid to channel the soup Nazi from Seinfeld and declare “no root for you”.