In honor of NCSAM (National Cyber Security Awareness Month) this October, I thought it would be a great time to share some security tips to help you stay safe while online.
Antivirus alone cannot stop cyber-crime. People need to educate themselves. For some reason, people seem to be more trusting when it comes to trusting things online. I’ve put together a list that I really hope helps those users. Most of the suggestions on this list are free. You only need to take the time to put them into place. This list isn’t meant to be completely comprehensive, but it should dramatically reduce the odds of getting taken advantage of by the hackers who want nothing more than to get a hold of both your computer and your information. Also, a lot of this is directly written for Windows users, but there’s some helpful information for Mac users as well. Finally, I couldn’t help but throw in a bonus #21. Enjoy and be safe!
A Little Bit of Skepticism Goes A Long Way
- We all have a little sixth sense that tries to tell us when something seems suspicious. For some reason, when it comes to doing things online, we tend to ignore that little voice. If you feel like something doesn’t seem right, it probably isn’t. Listen to your intuition.
Do Not Open E-Mail Attachments
- Okay, this one may seem obvious and you’ve probably heard it a thousand times, but, allow me to tell you a thousand and one. Unless you’re expecting something specifically, if you receive an e-mail with an attachment, do not open it. You can email the sender back or call them and ask if they sent you something with an attachment. If they did, it dramatically reduces the odds that it’s malware, but still doesn’t guarantee it as they may just be passing along malware without knowing it themselves.
Never Send User Names and Passwords By E-Mail or IM
- E-Mails can be intercepted. This is especially true if you’re on an unencrypted WiFi connection (like at a StarBucks or any place that offers free WiFi) where it’s easy for another user to set themselves up as a “Man In The Middle”.
Turn On Automatic Updates
- Again, this one may seem obvious to some of you, but you’d be surprised at how many people don’t have this turned on. It should be set to “ON“, at the very least for “Critical Updates“.
Use A Router
- If you are on DSL or have Broadband Internet, you should absolutely have a router connected to your Modem, then connect your computers to the Router instead of directly to the Modem. The Router acts as a “Dumb Terminal” between your computer and the Internet, so that when hackers are trying to ping you, they don’t get any helpful responses.
- There are few things to consider when setting-up a router. First off, you’ll want to login and and change the default admin login. Remember, “Defaults are the enemy of security”. Every model of routers comes with its own default login and hackers know what the default is by the Router type. Make this the first thing you do when you login to your new router or do it now if you haven’t already to your current router.
- Another thing you’ll want to do is take a few minutes and do an outside check against your router to make sure there are no Ports open. Go to Gibson Research Corporation and from the “Services” menu, choose “ShieldsUP!”. It will scan your network looking for common holes attackers would use to get a foothold into your network.
Never Download Anything That You Didn’t Deliberately Seek Out
- If something just appears out of nowhere and tells you that you need it or that your computer is infected and that installing this thing will fix it for you, do not download it. This is a type of attack known as Social Engineering, which is one of the most effective ways for hackers to trick you into installing the malware for them.
Never Trust Phone Calls Claiming That There is Something Wrong With Your Computer
- If someone calls you and tells you that they are from Microsoft (or some other large reputable company) and that they’ve monitored Malware coming from your computer and that they will help you fix it, Do not listen to them. The only exception to this is if they say that they are your ISP. If that is who they claim to be, tell them that you’ll call them back to take care of it. That way, you know you’re calling the correct phone number of the company that you already know you’re doing business with and it can’t be someone simply claiming to be them.
Always Run Antivirus Software
- Some users think that they can get away without using antivirus software because they don’t open email attachments or don’t visit those “shady” sites on the internet. But the truth is, if your computer is connected to the Internet, you are a potential victim. Even if you’re on a Mac. Yes, the glory days of being “invulnerable” on a Mac are over. In the last few months, it has become a major target for hackers, so now you really shouldn’t be without it any more than a Microsoft Windows user. We really like Eset’s Nod32. However, if you are unable to afford purchasing antivirus at the moment, Microsoft has recently released their own free version called Microsoft Essentials. It actually does a better job than some of the paid solutions on the market, but isn’t as thorough as Nod32 and it also is more resource intensive which can make your computer run slower as too many resources are being tied up by the antivirus software. Often McAfee Antivirus comes pre installed on many PC’s. In my experience, this antivirus is junk and just slows down your computer and interrupts you every few minutes asking you questions. You want a solution that doesn’t need to ask you something all the time before doing anything, especially if you don’t know what the question it’s asking you is. You want an antivirus software that just sits there quietly and works. At the very least, uninstall McAfee and install Microsoft Essentials, or better yet ESET’s NOD32.
Ensure That All of Your Software is Up To Date
- In the past, hackers typically targeted the OS (Operating System), but over the years, the manufacturers have actually done a pretty fair job of keeping the hackers at bay so long as you’re doing your regular updates (see #2 above). There is a fantastic, free tool that you should be using. Sequnia – The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions. Why install this? Because, one of the main ways hackers are able to get into your computer now is through third-party software that you forget to update when there are new security patches. Often people do remember to update their operating system software and even their antivirus software, but they leave huge holes available in other pieces of software that are running on their system. Sequnia tells you when any software on your system has a newer version that you should upgrade to.
Don’t Run Java
Don’t Install Adobe Reader
- Instead of getting Adobe Reader (like everyone recommends), it’s a much better idea to get another PDF Reader. My personal favorite is Foxit. It’s a much more secure PDF Reader than the one made by Adobe which has been another of the largest culprits of having security exploits in their software in the last year.
Use Solid Passwords
- As a follow-up to #11, make sure that your passwords are really difficult. Never use words that appear in the dictionary. A good password should have a minimum of 10 characters and should use at least one number and both upper and lower case letters and at least one special character such as #, @, *, etc.
Use A Good Password Manager
- My personal favorite is LastPass. What makes LastPass so good? Because it’s a secure password storage container for all of your passwords. You only need to remember one single really good password to login to it and once you’re in, it will take care of remembering all of your other passwords for you. At some point I’ll likely write an entire article on this subject alone, but the big problem with passwords is that users will do one of two things (and maybe even both of them). First, they choose weak passwords so that they themselves can remember them. Second, they tend to use the same password for all of the sites they sign-up to. The problem with the first should be obvious. If it’s easy for you to remember, it’s easy for hackers to guess. Hackers also have programs that run dictionary brute-force attacks. The second problem is, what happens if one of the sites you belong to gets hacked and the hacker gets your login credentials? If you said that they would use that same login on every site they could, you’d be correct. You should have a unique login credential for every single site you visit. Programs like LastPass makes this possible without having to actually remember every one of your passwords. LastPass is so secure, that even the company themselves can’t tell you what any of your passwords are. Even upon subpoena they could not provide them because they are so thoroughly encrypted.
Do Not Share Your Passwords
- Happening a lot more than you think, is when you share your password(s) and either the person you share it with somehow lets it get out or for some unforeseen reason decides to do something to you (maybe you had a fight?), but regardless, very much in the same way that when your house is burglarized, more often than not, it’s someone who has been in your house before, the same thing holds true with Passwords.
Do Not Use Internet Explorer As Your Main Browser
- Instead, get one of the safer browsers like Mozilla Firefox or Google Chrome. Internet Explorer has had too many problems to count over the years and bug fixes are usually very slow in getting pushed-out. Get one of the other browsers and fortify it by using some of the security plugins that are available for it. If you go with Firefox, one of the first things you should do is install a plugin called NoScript. Out of the box, it’s a little strict even more my taste, but you can loosen some of the restrictions in the settings so that it’s not blocking everything. For example, you can tell it to not block any of the sites that are in your Bookmarks, etc. At the time of this writing, Google Chrome is the fastest browser and the one that uses the least amount of system resources, so if you want speed, it’s a great browser. Also, if you go with Google Chrome, you should run a plugin called Ghostery. This little plugin allows you to block scripts as well as helps protect your privacy while online.
Ensure That You’re Using An Encrypted Connection When Sending Personal Information
- Before you submit that form that has some of your important information, make sure that the page you’re on is using SSL. No matter which web browser you are using, look in the address bar and ensure that the address begins with “https://” instead of the usual “http://”. This tells you that the page is encrypted, so if you’re sending your credit card details or any other personal information, it will be safer.
Use USB Drives With Caution
- Flash Drives, also known as “Thumb Drives” tend to get passed around a lot. Use USB Flash drives with caution. If one of them has a virus on it, it could easily infect your computer just by plugging it in. Only use USB Flash drives if you know where they’ve been.
Do Not Use Real Player
- This is another security-ridden piece of software. Instead, go get VideoLAN. It plays almost every type of media and is much, much more secure.
Your Phone Is A Computer
- People tend to still think of their cell phones as just phones. The fact is, they are computers that fit into your pocket. They should be treated as securely as you would your desktop computer. Think before installing software on it. Malware on cell phones is hugely on the rise in the last year as more and more people use them and hackers start turning their attention to them.
Other Great Free Resources
- Malwarebytes Anti-Malware is a surprisingly effective freeware antimalware tool. Download it and run it to make sure your computer is malware-free.
- Prevent the installation of ActiveX-based spyware and other potentially unwanted programs by using SpywareBlaster. SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.
- Use “Microsoft Windows Malicious Software Removal Tool“. Most people aren’t even aware that this exists. Microsoft really did a terrible job by making it incredibly difficult to find. There are no menu items or icons for you to run it. In order to use it, go to START > Run. When the little “Run” box pops-up, type the letters “mrt” into it and press OK. A new window will pop open and you can simply follow through with it.
(Bonus) Take A Little Time To Keep Yourself Educated
- There are some free Podcasts about security that you can listen to in order to stay informed about things that are happening. My personal favorite is Security Now! by Security Guru, Steve Gibson. Steve Gibson keeps an Archive of every Security Now! Episode Here if you’re interested enough to go back and listen to them all. There is a goldmine of information here.