Sierra Ward //
Editor’s note: Though infosec professionals may see this advice as basic to the point of being obvious, as we visit with people and interact with swaths of other industries, we realize that it isn’t. Even if you know about security, you know many people who think even basic information security is an enigma (ie. your mom). Sometimes when we know very advanced stuff it’s hard to explain the most basic steps, but the most basic steps have value so share this with someone you care about.
A couple of months ago I was reading the newspaper and saw that our small town was having a rash of car break-ins. Horrified, I read the articles closely. They were happening at a certain time and place and then I read a quote from a police officer, “People are advised to take their keys with them when leaving the vehicle, lock their doors, and keep all valuables out of sight.” Apparently the thieves had walked up to unlocked cars, taken wallets out of purses left on front seats and realized it was so easy they’d done it several times. *facepalm…. It’s easy to live in a small town and think that the evils of the world can’t touch us.
The way we deal with our computers is very similar to this, we assume that nobody would care or be interested in what we are doing online or have on our computers and that we don’t need to really take information security very seriously. But that’s as foolish as leaving your keys in the car with your wallet on the front seat!
First let’s establish that bad guys will do bad things, nothing will stop someone that’s motivated to do those bad things. A thief can certainly smash your car window in and take your entire car, but that’s going to attract a lot more attention, possibly set off an alarm and get people calling the police. We still can take the keys, lock the doors and hide our money. We want to make it more annoying and slightly more difficult for a thug to get what he’s after. Many times bad guys will get annoyed and move on to a target that requires less work – because the world is full of suckers.
You’re not a sucker, so start making these small changes to the way you conduct your own information security!
We should think of security as many layers of protection. One layer won’t keep you safe, but many smaller layers will keep you safer than one or none. Here are 15 things to do, not arranged in any particular order of importance. They’re ALL important!
- Use anti-virus. Yes yes yes, John says to kill it. But what he means is that AV alone won’t do the trick. It’s not a “set it and walk away” deal. It’s one simple layer. It won’t catch everything (not even close) but it’s still worth enabling. If you’re running Windows, the built in one is fine, just make sure it’s on. Even a free one is fine. Test it out by downloading the inane fake virus, Eicar. It’s safe and does nothing, but should be caught by every AV program.
- Enable your firewall.
- Enable full disk encryption (on a Mac it’s FileVault, on Windows Bitlocker).
- Make sure your passwords are long 20 characters – like a sentence only you would know, something like “Makeupyourownpassword.Don’tusethisone.”. (And PLEASE, use a password manager!)
- Don’t reuse passwords (Are you using a password manager? People reuse passwords when they’re having a hard time remembering the four billion passwords they need. Stop trying, and get a password manager.)
- Enable 2-step authentication (See these adorable videos by Betty White).
- Use an Adblocker in your browser. (Browsers have extensions you can set up in the settings.) So much malware/ransomware comes through advertisements on websites you would otherwise trust!
- Blacklist (tell your browser what kinds of traffic aren’t allowed). This is especially useful if you have kids in your household, who might stumble across unseemly things. Set up Open DNS to help. (Directions at their website).
- Make sure your network/Wi-Fi is password protected with a strong password. There’s a good chance your mom has Wi-Fi (how modern) but she never put a password on it, and it’s open to the entire neighborhood. Or it might have just the default password still. Change that.
- Treat every environment as if it’s hostile. You wouldn’t walk up to a stranger in a coffee shop and give them your social security number and birthdate, so why are you using free Wi-Fi? If you must use free Wi-Fi, get yourself a VPN with 2-factor authentication. (Or use your phone’s hotspot/internet).
- Always keep your system and application updated. It’s too easy to ignore this when your computer alerts you, but do them ASAP! One word of caution if a program pops up and says, “I need to be updated, allow” don’t. Cancel out and visit the website directly to check. Sometimes malware poses as a program you already likely have in order to get itself installed onto your system. Be careful.
- Educate yourself about phishing attacks, be wary of opening attachments and links even from people whom you know. If anything looks suspicious call and ask the person what they sent and if they did actually send it.
- If someone calls you saying you have a virus on your computer and they can help you get it off, HANG UP! And do not ESPECIALLY DO NOT give them any kind of personal information or your credit card. How many of our parents/grandparents have already fallen for this scheme? These people are con artists, preying on the uninformed. Be informed. (My grandma fell for this, and it makes me sad. Don’t let this happen to yours.)
- Cover up your webcam when you’re not using it. It’s one of the easiest things ever to turn this on remotely and watch you.
- In general take the stance that the internet is a dangerous place. We all need to go there, but we don’t all have to be morons when we’re there. Pay attention to the URLs you visiting, the things people ask you to download, the popups. You wouldn’t wander into dark alleys in a city, and if you found yourself there you’d be sure to be hyper aware. If someone offered you a drink in that dark alley you sure wouldn’t take it would you? The same goes for your life on the internet, and the things people are asking you to do.
This might seem like an overwhelming task. There might be a part of you that’s tempted to just give up, ignore this problem and hope it never bites you.
None of these things is too hard. If you aren’t sure how to do one ask someone. Or Google it. Or search around until you figure it out.
The best way to learn is to have a problem and try and fix it. Not only will you learn more about where things are located on your computer, but you’ll become more familiar with it as a whole. If you have learned to use a computer, you can learn to be safer about using a computer!
More good stuff here: http://krebsonsecurity.com/tools-for-a-safer-pc/