thirty odd years I’ve owned computers, not a single one was ever infected with
a virus (that I know of…I can’t speak for what the NSA has done). I know many IT professionals that can make similar
claims. It’s not because we are geeks or
particularly paranoid but rather, because we use common sense and we observe
details. With that in mind, here are
some tips to help you avoid your computer from being compromised. This will be a multi-part blog that will
include Passwords, Email, Internet, and Mobile Phones. Just remember, you can follow all of my
suggestions but common sense is your best defense.
Passwords: Passwords are your first line of defense against hackers and are frequently compromised due to simple scams and hacks. So follow good password hygiene.
- Don’t share your password. Remember, if you share your password with someone, you’ve shared it with everybody that person knows (think venereal disease).
- Use a strong password. Contrary to popular belief (and many programs’ and websites’ requirements), at least eight characters with a mix of case, symbols, numbers and letters is no longer the best practice. Where possible, the best practice is to use a longer phrase like a sentence. Throw in a symbol or character and you are golden.
- Change your passwords frequently. Passwords age like bread, not wine. The older they get, the more likely they are to be cracked. Try to change your passwords every 90 days.
- Use different passwords. While it’s much easier to use one password that passes all of the complexity tests, if someone gets ahold of that one password, they have the keys to your kingdom.
- Save your passwords in an encrypted file. Assuming you don’t have a photographic memory, and assuming you have lots of different passwords, record them in an encrypted file. Excel or Word are both fine for this. There are also programs that can save (and even create and enter) passwords for you.
- Use dual factor authentication where possible. Dual factor authentication follows the concept that the best security involves knowing something and having something. By way of example, you know your password and have a phone. When you enter your password, your phone gets a text that asks if you want to allow access. This is a best practice and there are several free and paid applications that can help you set up dual factor authentication for your most secure information (eg. bank logins, medical information, etc.).
Email: Email is a great tool but it is an enormous source of scams, viruses, malware, and other evil (spam, chief among the evil). That said, email is relatively easy to secure if you follow a few simple rules.
- Always look at the sender’s email address. This is often the first giveaway that someone is trying to scam you. Bank of America is never going to send you an email from a Gmail address. The IRS, simply put, is never going to send you an email asking for anything. If an email address has an odd extension (eg. .rus, .science, .ukraine, etc.), it’s probably a scam.
- Make sure your systems anti-virus software is checking all incoming emails. All good anti-virus software has the ability to scan incoming emails in real time. If there is a known virus attached to one of your incoming emails, your AV software should catch it.
- Identify and send spam to your junk email folder. Beyond being annoying, spam is also a prime source of email scams and viruses.
- Avoid conveying important personal information via email. If you must do so, try to send that information broken up across two or more emails (eg. never send a user ID and password in the same email).
- If you frequently send email with sensitive information, consider using an encryption service. While such services do add a layer of complexity to sending or receiving email, they will keep your data secure.
Internet Security. The internet is a place of soaring wonders and the darkest evils. That said, it’s pretty easy to stay safe on the internet these days. Once again, common sense can protect you from most threats. Here are my basic rules for internet security.
- This is a terrible way to lead off this section, but the pornography industry has always been an early adopter on the internet. It is also one of the greatest sources of viruses, malware and spam. If you go there, expect problems…NUF SAID!
- If your browser tells you that a website isn’t secure (Chrome will warn you), DON’T GO THERE unless you are absolutely sure that the site is safe. Look at the address line and if it doesn’t start with https, avoid the site (notice the emphasis on the ‘s’).
- If you receive an email with a link that says NSFW (not safe for work), don’t click the link. Nothing good ever comes from clicking that link.
- If the site address doesn’t end with .com, .gov, .org, or .net, be careful. Other domain extensions can be safe. That said, if a site is unwilling or unable to pay for one of the main extensions, it could be sketchy. This is where you want to exercise common sense. If it’s a friend’s website about their favorite dogs, have at it. If the website is offering free trips to Nigeria, maybe not.
- Ooooh. That looks cool!!!! The internet has boatloads of cool stuff from surfing dogs to sexy robots. Most of it is benign and fun. The trick is to recognize when that site is unsafe. First, see ‘b’ above. Second, see ‘d’ above (this covers you if you are dyslexic). Third, ask yourself why they made the link so cool. Sometimes it’s legitimate. Other times, not so much. Again, use common sense.
Mobile Devices…the biggest security threat of all: Just about every business from the one man operation to the largest enterprise has come to rely on a variety of mobile devices. Smart phones, laptops, and tablets (among others) are used to access an enormous volume of data and are rarely under the complete control of the IT experts. By way of example, I access my bank, credit cards, email, and CRM all from my smart phone. This access is incredibly convenient but comes at a significant security cost. Fortunately, there are several easy ways to protect yourself.
- Secure the login to your mobile device. My personal preference is biometric security such as face ID, fingerprint readers, and/or retinal scans. All work well and are quite secure. Your backup password or PIN should meet the requirements I noted earlier in this blog.
- Make sure your mobile device is encrypted. Most of the major phone manufacturers include optional encryption and there are several third-party software developers as well. Windows 10 comes with built in encryption software. Be sure to securely save the encryption key (this is usually a long alfa-numeric sequence that is only needed if you lose your other authentication information such as passwords).
- Mobile devices are MOBILE. That means that they can easily be stolen or lost. Apple comes with built in tracking software that, among other things, allows you to remote deactivate, wipe, and locate your phone. The Google Play store has similar apps that are either free or very inexpensive. For devices such as laptops, consider using Find My Laptop on Windows systems (turn it on in the Updates and Security Section). You could also hide a RFI device such as those sold by Tile in your laptop case.
- Make sure everyone is following the rules. If your spouse, assistant, partner, etc. has access to sensitive information from their mobile devices and doesn’t follow good security practices, all your efforts on your devices will have been in vain.
This brings to a close my blog on securing your devices. If
you have additional suggestions or differences of opinion, please don’t hesitate
to share them with me.