It is true, safe computing starts with yourself. You may have a lot of good security measures in place, like antivirus, firewall, spam checker, and so on … but if you are the weakest link in the chain, then all these security measures can be not sufficient for your overal safe computing experience.
The list we’ve compiled below is a start of things you can do for safer computing. It’s evident that you can do more, but this seems like a good starting point to us.
1. Safeguard your passwords like your money – choose them wisely – do not share
You probably would not leave your wallet with your money in it on a table somewhere without protection would you ?
The same goes for your passwords. Passwords might give access to resources which would cost you if they were known to others.
You do not share your PIN-code from your bank card with other people neither do you ? The same goes for passwords. Passwords are personal and should not be shared with your co-workers or friends. You should not use the same password everywhere.
And make them strong enough. Your girlfriends’ name, or the name of your dog are not good examples.
In the article ‘The mission of Security Awareness‘, published here recently we suggested that you might consider a passphrase instead of a password.
As this is easier for you to remember and harder for bad guys to guess. Use a mnemonic to make it easier to remember without writing it down. This works for your own personal passwords as well as organization ones. Which is easier to remember and harder to guess using the mnemonic of ‘fast food?’
Off course, in time you might need some help as a lot of sites and systems are requesting for password authentication.
A good solution for this is to use a Personal Password Manager which might even gegenerate strong passwords for you. An example of this is LastPass, on which we will soon have a review here on ITsecurity.be.
2. Do not click on links in emails
If you get an email from your bank, PayPal or whatever other official looking organisation, do not click on the link included in the email.
Instead, open your browser and go the site yourself by typing in the URL.
Afterwards log in to the site and see whether you get a message or other form of indication that some action is required from you. If it is not, you probably just avoided a pishing attack.
3. Keep your security software up-to-date
An obvious thing to do is to keep your security software up-to-date.
You really should do this, because virusses, worms, trojans and other malicious stuff tend to mutate every so often or new ones appear.
If you do not keep your security software up-to-date, your computer might still be infected as it does not yet recognise these new or mutated threats.
Tests have shown that although payed security suites most of the time seem more feature rich, they do not always offer substantial additional value compared to the free suites which are available on the market.
The importance here is to have a security suite installed and to keep it up-to-date.
4. Keep your security software on
You might have all the security software installed on your PC, but if you do not leave it running, then it has no effect whatsoever.
Turning off your antivirus solution for example just because it slows down your system is not a good idea as you become vulnerable to all kinds of malicious content.
5. Install the latest patches
Besides your security suite, your operating system (and other installed software) needs to be updated as well. Most operating systems offer some for mechansims for automatic updating.
Use these mechanisms in automatic mode if your a personal user. For corporate users it might be wise to first test patches before they’re implemented, because in some rare cases there might be side effects with other corporate software.
6. Use common sense
You probably are not going to swing packs of money in a dangerous neighbourhood.
You have common sense that you shouldn’t do that in a mugging-prone area. Same goes for computing.
If you get an email and they want you to click on some attachment, it’s better to save that attachment first, have it scanned by your antivirus software, and then when that software says it’s safe, then your risk is much less.
That’s just common sense.
7. Encrypt your sensitive data
Sometimes you have data which is of personal value to you or has value for your company. Whatever the case, it might be a good idea to encrypt this information. There are a lot of (free) encryption tools available, so you might use them for additional security whenever your laptop gets lost.
Sometimes you can encrypt by means of operating system features (FileVault in OSX, BitLocker in Windows), or you might want to test some open source software like TrueCrypt for the safeguarding of your sensitive data.
8. Only download programs from trusted sources
You might be a big fan of BitTorrent to download music and movies. We do not promote or encourage you to download illegal media, but the reality shows that most users occasionally do this for their personal use or to see whether it’s worth to pay their good money.
Now if you also download software from these sources, then you not really known if you get the real thing (best case) or software with some additional malicious component like a trojan or backdoor included.
Always also scan your downloads for viruses, as it just not worth the risk you will be running.
Downloading from a trusted source like a known software vendor or from known open source repositories like SourceForge is better than go and seek your luck in the BitTorrent world (or similar).
9. Backup your important files often – test recovery
Large companies have automatic backups in place. And even in these controlled environments sometimes data gets lost or can not be recovered easily. For normal users, or small companies, the statistics are even worse. A lot of computers do simply have no valid backups.
That’s not good.
I recently had a family member which had years of digital photographs on his desktop machine until his hard disk crashed. All these memories were lost for good because he did not have any backups.
Another case was a small business which did have backups (on tape). But when the need arised to restore something the backup could not be restored. They were using the same backup tape for more than 5 years already. And never had the need to restore. Off course, the tape was completely worn out and was useless.
They put in weeks of work afterwards to get their accounting system up-to-date and actual again. So don’t let this happen to you. If you backup, test your backup by trying to restore some data. And never keep your backup data at the same location.
It might also be a good idea to consider an online backup solution, which backs up your files off-site. If something really goes wrong like a fire, your data is safe elsewhere.
I personally use the Mozy online backup solution for a few years already now and I’m very satisfied with that solution (although they’ve increased their prices recently).
10. Clean up your old PC when you get a new one
If you get a new PC or laptop you probably transfer your data to the new machine, and when the new one is up and running, you will probably sell the old one or send it to the junkyard.
In any case, the data on that old machine might be of a personal nature and is still available.
It might be social security information, banking data, or perhaps photographs or video you do not wish to share outside your intimate circle.
Whatever the reason, you should safewipe this data from your hard disk. Just deleting it with the OS does not cut it. There are tools which are able to recover this information. Formatting alone does not help either.
So get some clean wipe tool and make sure all your sensitive data is safe. Google is your friend here
As always … taking precautions for the worst has never hurt anybody.
It’s always better to be safe than sorry. So keep it safe!
Source : ITsecurity.be