We all own computers. You probably wouldn't be reading this if you didn't have some type of computer! Whether it's a phone, tablet, laptop, or a desktop they are all computers. You must take responsibility for your own computer security because no one else is going to do it for you.
To help you protect yourself, I want to suggest a few actions you can take. Individually each of these is simple, but when combined should give you excellent protection.
- Run a single, reputable security package
Regardless of which security software you choose, it must be configured correctly and updated on a regular basis. Also, note that I said that you should “Run a single, reputable security package”. Multiple security packages are not a good idea. In this case “more” is not “better”. Multiple security packages can slow down your computer and in some cases conflict with each other.
My personal recommendation for Windows is Windows Defender. It has been included in Windows since the release of Windows 8. Before that, it was an optional download called Microsoft Security Essentials and worked with Windows XP, Windows Vista, and Windows 7. Another reason for using Windows Defender is that you've already paid for it since it is part of Windows!
For other operating systems you will have to do your own research. (I'm a Windows guy and haven't touched a Mac in over 20 years!)
- Keep both your operating system and applications up to date
No software is perfect. As the saying goes, "To err is human, but to really screw up requires a computer!" Known security vulnerabilities are corrected by these updates. Most software and operating systems now have the means of updating themselves. Turn on automatic updating in Windows! If any applications you use offer automatic updates, turn it on also! If your software does not offer automatic updates, check with the publisher often for newer versions.
- Run only the minimum number of programs on your computer necessary to perform your work
Each program added to a computer increases the possibility of a vulnerability being introduced to your system. Remember the KISS principle.
- Have an offline backup and keep it current
Most modern viruses and malware will seek to infect files on each computer attached by way of a network. This means one computer can infect ALL computers on a local network. The only way to reliably protect against this is to have a backup that is not connected to the local network.
A backup stored on a removable device such as a USB flash drive or an external hard drive is ideal in my opinion. Once the backup is made, the device should be removed from the computer or network and stored in a safe location away from the computer. By separating your backup from your computer, hopefully, the same disaster that takes out your computer will not take out your backup.
Another popular method of backup is to use a service such as Carbonite, Mozy, or iDrive. These services are great in theory. Since they backup your files as they are changed and back them up offsite. However, these services require a monthly subscription fee.
- Don’t click on popup windows – Use ALT-F4 to close them
Attackers are getting more clever all the time. Popup windows and messages are one of the many ways infections can happen. They can do mean things like this: No matter what part of the popup window you click on (even If it is a “close” or “cancel” button) you can still get infected. If you see a window that looks suspicious, use the keyboard combination of ALT-F4. This will close the active window without having to click on it.
- Do not download anything that you did not seek out and only download it from the original source
Did you just see an ad for software that promised to make your computer run like new? Don’t click on that ad! Stop and re-read my third point. If it is still something you need, then use your favorite search engine to find the website of the company that makes the software and then download it from there. Don’t go to your favorite software aggregation site to download a piece of software you need. If you need something, go to the author’s or publisher’s site to download it.
- Don’t click on links in email and beware of attachments
When you receive an email giving you a link and asking you to use it to accomplish a task, be careful! Example: you receive an email from your bank stating that your latest statement is available and gives you a link where you can view it. Don’t click that link! Instead manually navigate to your bank’s website and then log into your account to view the statement.
Email attachments have been a source of virus and malware infection for years. Don’t open email attachments from senders you don’t know or from friends/co-workers that you were not expecting. If there is a question about the attachment, contact the sender before opening it.
- Practice the principle of least privilege
This means that you should have as your main user account on your computer one that has only the minimum privileges necessary to accomplish your work. In other words, don’t use an account with administrative privileges to do your daily work.
- Use strong passwords, avoid password reuse, and use a password manager
What is a strong password? A strong password uses a random mix of upper case letters, lower case letters, numbers, and punctuation. The longer the password the better. This is a good strong password: 1$yTc7@rosRz. Notice that it uses uppercase and lowercase letters, numbers, and special characters. It is also not a good idea to use the same strong password on multiple sites. If one site gets compromised, the bad guys have your password to all the sites on which you used the compromised password.
Because strong passwords are hard to remember, a program called a password manager will help you keep up with your passwords. In addition to remembering all those complex passwords, many of these programs will help you generate good passwords and warn you about password reuse. There are many password managers available. A few examples are LastPass, Dashlane, and Sticky Password.
- Avoid questionable websites
Today all it takes to get infected with malware is to view a website that has been infected. The simple act of displaying the page is enough to compromise your system. Stay away from sites promising free music, coupons, etc. If it sounds too good to be true, it probably is! Stay on well-known and reputable sites.
- Employ multi-factor authentication if an application or service offers it
Some sites and services offer what is known as multi-factor authentication. These generally involve two or more items. Usually, something you know and something you have. An example of multi-factor authentication might be this: you log into your email site with your username and password (something you know). The site then asks for a code. You would then check an application on your phone (something you have) for a code and you must enter this code on the next screen of your email site before it will complete the login process.
This gives much stronger security since a bad guy would need both your username/password and your cell phone to gain access. He might get one, but probably not both.
- Lock your computer/phone when not in use
When you get up from your computer, you leave it available for anyone to access and possibly install malware, or steal sensitive data. When you leave your computer system you should either manually lock it or have the screensaver set to lock after a short period of inactivity.
- Use drive encryption
Computers and phones are stolen every day. Imagine the treasure trove of personal data contained on your system. They would be of great value to an identity thief. Laptops and phones that leave your home are especially vulnerable to theft.
To protect these systems you might want to use drive encryption. Microsoft includes BitLocker as part of Windows 10 Pro. BitLocker is also available on the Pro version of Windows 8 and the Ultimate versions of Windows 7 and Windows Vista. Other vendors such as McAfee and Symantec also make drive encryption software. There are also free, open source programs that provide drive encryption such as VeraCrypt.
Both iOS (Apple) and Android (Google, Samsung, and others) phones offer encryption. In some cases, it is turned on from the factory. Check your phone and make sure that encryption is enabled. Phones are lost/stolen more often than computers.
- Explain these security practices to your family
Try to ensure that all family members old enough to use a computer are familiar with these security practices and that they understand the purpose behind each. One of the best defenses you can have is an informed and vigilant user.
Hopefully, this article will give you something to think about.
No comments:
Post a Comment