Guest written by Chris Bullock, Managing Principal at SecureWorks
National Cybersecurity Security Awareness Month brings to light what you already know – cruising the internet can be harmful if you don’t follow best security practices. The good news is you don’t need to be a cybersecurity pro to employ smart online safety habits that can go a long way in guarding against online crime.
Cybersecurity best practices make up an expansive list of things to do, but for the individual user, the tips below will be the ultimate steps you can take to protect your data:
1. Keep application software updated. Since many software programs don’t have an automated update feature, attackers frequently target those programs to gain unauthorized access to a computer. Several software products will let you know what applications installed on your PC are vulnerable to attack and need to be updated. Install an automated software update monitoring manager like Secunia Personal Software Inspector or FileHippo App Manager.
2. Encrypt your computer. Recent versions of Windows provide support for Bitlocker, a program that comes with Windows that will encrypt everything on your hard drive. You can also use third party encryption products. If your computer becomes lost or stolen, encryption can prevent prying eyes from seeing your data.
3. Migrate to a modern operating system and to the latest edition of Office. If you’re using Windows, bite the bullet and upgrade to the latest edition for the latest security preventions. For example, Windows 10 Home can push to your PC patches immediately upon their release. Microsoft Office 2016 can block macros from loading in certain high-risk scenarios. Macros are a set of commands intended to automate specific functions, and are often used by attackers to run malicious software on a victim’s computer.
4. Create two accounts for your Macintosh. The first account created when configuring a Mac for the first time is the local administrator account. You should also create a non-privileged “user” account and use it for the majority of activities on your computer. Your administrator account should only be used to install updates or software, or to reconfigure the computer as needed. Browsing the web or reading email as an administrator provides a path for an attacker to gain unauthorized access to your computer.
5. Don’t tamper with your smartphone. Never “jailbreak” or “root” your devices. Those terms refer to hacking the software on your phone or tablet. Users sometimes hack the software on the phone to allow it to do something it was not originally intended by the manufacturer. Hacking the software can cause vulnerabilities and can void the phone warranty.
6. Be cautious with social networking. Don’t post pictures or texts that reveal any personal information like home addresses, phone numbers, birth dates, or places you and your family regularly attend, such as schools or recreational complexes. Someone with ill intent could use that information to harm you or your children. When in doubt, remove it. Never accept connections from people you don’t know, and be sure you have your profile set to private so only those you trust can see your information.
7. Understand your personal Internet of Things (IoTs). Keep an inventory of anything in your home that connects to the Internet. This includes video gaming systems, televisions, thermostats, refrigerators and home video surveillance cameras. These devices are vulnerable to attack due to their limited ability to update their software. If a vulnerability is found in the software, there could be no way to update it to a safer version. Always change the default passwords for these devices. When possible, segment them from your home and work networks, and unplug them when they aren’t in use. Review and learn their various privacy configurations, and set them to the highest possible privacy setting.
8. Exercise caution when opening emails. Beware of emails with attachments or links urging immediate action, especially those purportedly from a delivery service or bank. Some malicious emails seem to come from popular businesses, but the attachments or links in them may surreptitiously download malware. When you open any email, even one from a friend, be cautious about clicking on any links or attachments. If your friend’s email account has been hacked, you could easily receive an email that purportedly comes from your friend, when in reality, it comes from the attacker.
9. Use computer protection products. A comprehensive host-based security suite provides support for anti-virus, anti-phishing, safe browsing, Host-based Intrusion Prevention System (HIPS), and firewall capabilities. These services provide a layered defense against most common threats, and you can enable the automated updates to keep software up-to-date.
10. Be careful when using Wi-Fi hotspots. Free public Wi-Fi may cost you. When you connect to Wi-Fi, your communications may not be private unless you’re using a Virtual Private Network. A VPN allows you to send and receive data across a public network as if you were actually on a private network, so anyone intruding on the Wi-Fi connection cannot see or capture your data or login credentials. Attackers often set up “open” Wi-Fi access points with names similar to the name of the establishment. This fools users into using the attackers’ “open” network, allowing them to capture your keystrokes and spy on your communication. For example, at LaGuardia Airport, there could be a fake network called New York Airport and an authentic network called LaGuardia. If there are no signs telling you the name and password of the authentic network, you won’t know unless you ask.
11. Be vigilant regarding common fraud and theft tactics. Look for credit card skimmers at gas pumps and ATM machines. Usually hidden, skimmers are small devices that can scan and store data from the magnetic strips on the back of credit and debit cards. Pull on the card reader to be sure it is part of the permanent fixture. If it is movable, report it to an attendant and don’t use it. Scammers often attach what looks like a genuine piece of the machine over the top of the slot where you insert your card. That piece copies your card number. On ATM machines, in addition to installing skimmers, thieves often install a tiny spy camera that records a digital video of you typing in your PIN. Use a magazine, or at least your hand, to hide your PIN from prying eyes. Jiggle the part of the machine where you insert your card to see if it comes loose. If it does, don’t use the machine.
12. Use Bluetooth sparingly. Although Bluetooth is useful for connecting headsets, hands-free speakerphones, and speakers to your cellular phone, it can also be an entry vector for unwanted devices and malware. Keep Bluetooth disabled until you need to connect to a device.
13. Don’t use trial versions of software. Trial versions of anti-virus products are good for testing products, but don’t continue to use the trial version as your protection for your home or work PC. The trial version doesn’t receive updates, so new malware that has been introduced after the trial version was released could access your PC.
14. Backup your data. Backup your data regularly with an offline device. If you become a victim of ransomware and you only have a cloud-based backup service, your files in the cloud will also become encrypted.
15. Oversee your children’s computer usage. Children should use a computer in a common area of the home so parents can ensure their children aren’t communicating with people or sites that could cause harm. Many different devices have internet connectivity, so monitor children using cell phones, tablets, e-readers, gaming devices and laptops. Know all the passwords for your children’s devices in case your child becomes endangered by someone online and authorities need to conduct an investigation into your child’s online communication. Know your children’s social networking connections and the people they play online games with. Keep computer webcams covered with painter’s tape or a sticky note when they aren’t being used to communicate with family members and friends. Attackers who have access to your computer can remotely turn the cameras on without a user’s knowledge. Regularly talk to you children about online safety, but keep the tone informal.
It’s likely that you, your family members and your business will be hacked at some point. As soon as you notice any strange activities occurring, such as seeing more popup ads than usual, seeing software applications that have mysteriously appeared on your computer, or getting redirected to a website whose address you did not type into the URL, take your computer to a repair shop. The sooner you get a threat out of your system, the least harm to you, your family and your data.