You are viewing this article in the archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see
Posted on Thu, Feb 7, 2013 : 11 a.m.

Three suggested cyber resolutions for 2013

By Kristin Judge


"Free image courtesy of"

New Year's resolutions can be difficult to keep if they take a lot of time or require too much work. Knowing that, I am going to suggest a few simple things to think about. This will be much easier than exercising five times a week, I promise.

Resolution #1: Make good passwords.

Seeing the latest list of top stolen passwords of 2012 is disappointing. With all the efforts being made to help educate users to be safe online, there is still so much work to do. The top three "bad" passwords of 2011 held their positions in 2012.

According to, “password” “123456” and “12345678” are still the most common passwords we are using. Really? Let’s get serious.

It is estimated that a password with six lower case characters can be hacked in about five minutes. We can only guess how many seconds it can take to break into an account protected by 123456. Having a complex password for important online accounts is critical. If your password for anything is “password” stop reading right now and take five minutes to change it.

Without my crystal ball handy, I don’t want to make any predictions about passwords in 2013, but I will hope that we will see something other than the word "password" being the most common password.

Resolution #2: Talk to your loved ones about online safety.

Young and old, people are going online. I feel confident with predicting the need for more education and awareness in 2013. With all the information about how to stay safe on the Internet, it can be a little daunting to find something simple enough for everyone in your life. Fortunately, after reading the Sophos Security Threat Report 2013, I found a resource to share that your family could read and understand.

Sophos created the resource called "Threatsaurus" to teach even your grandmother about how to be safe online, and it is available as a free download.

Resolution #3: Prepare for a cyber 9/11.

This resolution will take a bit more effort, but the importance cannot be underscored. Secretary Napolitano recently warned that a cyber 9/11 could be “imminent.” The Sophos 2013 Security Threat Report paints a daunting picture of the bad guys getting stronger and bolder. “Private cybercriminals were apparently joined by state-based actors and allies capable of delivering advanced attacks against strategic targets.

We saw reports of malware attacks against energy sector infrastructure throughout the Middle East, major distributed denial-of-service attacks against global banks, and targeted spearphishing attacks against key facilities.” My takeaway from reading these and other prediction reports is to be prepared. The threats against U.S. energy-sector infrastructure will continue to grow.

Preparing your family and home for a cyber attack is similar to preparing for hurricanes or other natural disasters. is a good place to start finding out what you may need in a prolonged power outage.

Today’s Quick Tips:

Make strong and unique passwords for important accounts. A strong password has 9-12 characters with at least one capital letter, number and symbol.

Have a conversation with your family and friends about online safety. Just as we teach our kids to wash their hands to avoid the flu, we need to teach them what they can and cannot post on social media. The resources are available for you, just commit to taking the time.

Prepare your home for a prolonged outage of electricity and/or water. Some of us live in communities that are hit by natural disasters frequently, but some don’t. Take some time this year to put precautions in place.

To get more great information about staying safe online, including access to free monthly newsletters, webcasts and more, visit the Center for Internet Security at Stay tuned for our next chat!

Kristin Judge is the executive director of the Trusted Purchasing Alliance, a division of the Center for Internet Security. She can be reached at