Working in the computer security industry is challenging – especially when you get questions from friends and family asking for computer security advice :). I was recently asked “How do I make my computer impenetrable?”. I responded with “It is impossible to make a computer impenetrable unless you unplug it, pull out the battery, and put 5 nails through the hard drive.”
I ended up thinking about how to respond more reasonably and came up with a list of pro-tips for someone naive in this arena – like my mother. I am posting this to our blog so that I can easily reference it in the future. Plus, I thought you might find it useful for your mother, sister or father’s brother’s nephew’s cousin’s former roommate!!
1. Be Careful – If you get an email and you don’t know the sender then don’t click the link or open the attachment. If you get an email from a friend with an attachment or link, then only open it if you expected them to send it. Don’t install random software from random places on the Internet. Downloading “attractive” software that you don’t absolutely need may come packaged with spyware. People opening or installing things they shouldn’t is one of the biggest problems in information security.
2. Install Updates and Use the Latest Software – Make sure you keep your software up to date. If Microsoft Windows wants to install updates then let it happen (this happens every Tuesday). If iTunes or Adobe needs to update, then make sure you get the latest version. These updates often contain fixes for bugs and vulnerabilities. Also use the newest version of software whenever possible. Newer software has mitigations and is often more secure than older versions.
3. Passwords – Don’t use simple passwords. Don’t use the same password at multiple sites. Don’t share accounts with others. Instead use a tool like 1Password, Keepass, or Lastpass to manage your passwords. Have those tools randomly generate long passwords for you automatically.
4. Two-Factor Authentication – This is a process of involving a 2nd stage of verification when logging in. This typically means you provide a username/password, and then a unique code that is provided to you by an application on your phone. This is very secure because an attacker would need your password and access to your phone. Google, Twitter, Facebook, Amazon, and many more already allow you to log in this way.
5. Encryption – Always perform full disk encryption of all computers, laptops, tablets, and mobile devices. That way if the device is stolen then the information will not be compromised. Also encrypt any data you care about and decrypt it as you need to access and use it. Consider a free tool like Truecrypt for solving this on a PC.
6. Perform Backups – Backup your important data often. Apple, Microsoft, and Chromebooks have programs that do this automatically. Malware can delete or encrypt your files holding them for ransom. Your system can crash. Make sure you have a backup, so that you can restore your data easily.
7. Protect Your Cell Phone – Pay attention to the permissions that an application is requesting before installing it and consider whether it’s reasonable for the application to require those permissions. Use a lock screen to ensure someone can’t impersonate you if you lose your phone.
8. Use Less Common Software – Use software that attackers target less. For example, the Google Chrome browser on Mac is much less targeted than Internet Explorer browser on Windows 7.
9. Anti-Virus – Anti-virus protects you from many threats, although certainly not all of them. I personally don’t run AV because of how much malware I handle. If you aren’t handling malware, then run AV and turn it on fully, so all of the auto-scanning and IPS features are running.
10. Don’t Run as Administrator – Run as a non-administrative user on your system. If you run as admin malware can more easily perform its malicious activities.
11. Segmentation – Don’t plug your computer directly into the Internet or modem. Instead, make sure you connect to a firewall or router that is plugged into your connection out to the Internet. Everyone with a Wifi access point already has this in place.
12. Virtual Machines – Use Virtual Machines like VMware Fusion or Workstation when performing tasks that might endanger your machine (like browsing pornographic or malicious websites by choice). By using a virtual machine, you can isolate any infections and then just wipe or reset the virtual machine when you are done.