Later today (the day I’m writing this, not the day you’re reading it), I’m giving a talk to members of the Turlock Chamber of Commerce about online security. I’m doing this in my capacity as an SBDC (Small Business Development Center) consultant and I expect that the audience will have varying levels of understanding about what keeps them secure, or not. These are the topics we’re going to cover.
Some attack are from machines, most are from humans
It’s rare for an attack against an individual to come exclusively from a computer. Yes, there are malicious web pages that can infect your computer simply by opening them but in most cases, there was a human-provided inducement to go to the page in the first place. There is a strong social engineering component to most attacks, either exploiting people’s fear of technology or their general state of inattention when it comes to their online behavior. Illustrating this is the amazing story of Mat Honan, the Technology Editor for Wired Magazine, who was hacked in 2012 by people who persuaded Apple and Amazon to give them most of the information they needed to wreck his online life. The point is, your online habits and awareness can go a long way towards keeping you safe online.
Awareness isn’t enough
You probably know that the IRS will never send you a tax bill via email and that Microsoft is not calling you on the phone to report a problem with your computer. What are some other things you can do to remove yourself from the category of “low hanging fruit” for the bad guys?
- Use strong passwords. You know the drill: upper and lower case letters, numbers and symbols, at least 12 of them. Your job is to make your passwords like a needle in a haystack; a very big haystack. You can learn more and test potential passwords at security expert Steve Gibson’s page How Big Is Your Haystack?
- Use a different password for every account. When hackers steal your password from one site, you don’t want them to have the password to every other site. But how can you possibly remember all of those passwords? Don’t even try. Use password management software to encrypt and store all of your passwords, protected by a single strong password. Let the software create passwords for you and fill in the forms for when you sign in to your online accounts, and the process actually becomes faster, easier and more secure at the same time. My recommendation for password management software is LastPass, which is free to use on a desktop and ridiculously cheap ($12 per year) to use on mobile devices.
- Use two factor authentication. This process requires two authentication “factors”: something you know and something you have. At a bank ATM, the factors are your PIN and your bank card. Online, the factors are your login credentials and a second code that is delivered (usually to your phone) at the time of login. This code is often delivered via text message, although using a dedicated app is more secure. Two factor authentication is available on Google, Facebook, LastPass, Twitter and many more sites. Use it for anything that you consider high value.
- Keep your software updated. In a never ending cycle, the bad guys find ways to exploit software to gain access to your computer and the good guys plug the hole. The only way you can make use of the good guy’s efforts is to update your software. That means the operating system (Windows, OSX or Linux), applications (Microsoft Office, etc.) and utilities (Adobe Flash, Acrobat Reader, Java, etc.). If it’s on your computer, you should be using the latest version. I recommend letting software update automatically wherever possible. Yes, sometimes an update is released before it’s ready and causes problems, but the alternative of running unpatched software is much worse from a security standpoint.
- Make backups. Ideally, you’ll have three copies of everything: one on your computer, one on local, external storage and one in the cloud. I don’t have a recommendation for local storage (my Chrome OS/Linux system is too much of an oddball to use as an example) but you can search for “best of” software for your operating system. For cloud backup, I’ve used and recommended Backblaze for many years. Whatever systems you use, make sure that you verify that the backups can be restored. I have first hand, painful memories of full sets of backups that turned out to be useless when they were actually needed.
Keep calm and use the internet
Knowledge is power when it comes to online security. Apply the steps listed above and read up on accepted “best practices” for staying safe online. The sooner you can recognize problems, the easier they will be to fix.
If you think you might have been hacked, turn off your computer and seek help from a known, trusted source.
Until next week...
|