Wednesday, July 20, 2016

Security for the Masses

Not long ago I was talking to my mom a little about what I do. I explained to her the intricacies of implementing solutions, securing large organizations, and some of the overall struggles we face day to day. After this conversation she came to me and said that I should write something about how the average person should be mindful and protect themselves day to day on the internet and on their computers. While this won’t be super technical content, I do hope that it will be an article you can share with your family members, friends, and coworkers on how to better keep themselves protected.
This is going to be a sort of laundry list of ways that the average computer user can better secure their life day to day. Being in the information security industry, I see super scary hacks and ways that bad attackers can take advantage of everyone. While I won’t go into what all of the scary things are, I’ll list the top 5 categories that will give the biggest bang for your buck.

Password Security

    Password security can be difficult depending on how you handle it. You have a hundred things that you need to use passwords for, there is no way that you’ll be able to remember them all, right? Wrong! That’s something that we all have to deal with in this day and age. There is a type of software called a password manager that you can install. This software will allow you to have a strong, unique password for each website or service that you use, without you having to remember it. It is securely stored in the application, and the only password you will need to remember, is for the application itself. A few reputable password managers include, KeePass, LastPass, PasswordSafe, and 1Password.
    You also should remember not to trust others with your password. Not only people, but never ever save your passwords in your internet browser. It is very easy for malware or viruses to steal that information.
    Since you’ll be using a password manager now, make sure your passwords are strong. An 8 character password will take anywhere from 30 seconds to 24 hours to crack with a free piece of software from the internet. At least for your important accounts (banking, amazon, ebay, paypal, anything connected to something money related) you should use a 10 character passphrase. Doing this correctly will make your password almost impossible to crack. One way of making secure passwords easier to remember is using phrases from books, songs, expressions, etc, and substituting characters. The phrase

    “You Are My Sunshine” == You@reMySunsh!n3. 

    This passphrase would take over several hundred years to crack because it contains a 10 character string with upper & lower case letters, a number, and a symbol. Here are the top passwords from 2015 that you should never use:


Enable Multi-Factor Authentication/MFA (or Two-Factor Authentication/2FA) on sensitive accounts

    2FA takes your login and password for a website or service and gives you a very high increase in protection. Many banks provide it as an option, as well as Facebook, Twitter, other popular social media accounts, Gmail, etc. 2FA adds another step in the form of a PIN or code to your login process by either texting it to your cell phone, emailing it, using an application such as Google Authenticator or Duo Security, or a physical device such as a key fob or token generator.
    On the website https://twofactorauth.org/ you can search for services and it will list who does and doesn’t offer it as a service. More than likely you will be able to find your 2FA setup in your account security properties on each individual site.


Learn to be suspicious

    You should be suspicious of any email, link, popup, or phone call that tries to create a sense of urgency. There are scammers out there everywhere. Many times they try to specifically target residents of retirement villages, but most will try their tactics on anyone. They come in many forms and here are a few:
  • A fake email (called phishing) that may look exactly like a service that you use. These emails are very easily created and are attempting to direct you to a malicious website or infect your computer. If you have concerns from an email, never click on a link directly in it. Instead open up the website in a browser and type in the address manually. If there is any problem with your account you can either find it there, or call the company directly.
  • A pop-up telling you that you have a virus or system slowness, and clicking *here* will fix everything. Do not click on it! It’s a malicious ad or pop-up on a potentially infected website that is trying to spread the infection or steal your information.
  • A phone call from “Microsoft”, ”Dell”, or another well known company asking for access to your computer. No one, ever, at any point in time, will call you at home to request access to your computer or information from you. If at any point in time you believe that it is a legitimate request, get their name and call back number. Don’t actually call them back at that number, but look up the service that you use, whether it be financial, medical, or otherwise and call that number instead to inquire about your possible account issues.

Perform Routine Maintenance

    Perform routine maintenance, such as updating your anti-virus (don’t let the renewal pass), and running anti-malware software monthly. There are several anti-spyware and anti-malware companies that are reputable. Download the software directly from their website and not from an ad elsewhere. www.Malwarebytes.org is a great piece of software that will find and remove security risks from your computer. Update and run Malwarebytes once a month, and remove everything it finds. There is a free and paid version.
    More than likely you are running a Microsoft Operating system of some type. You should always apply updates monthly. There are going to be many other pieces of software on your computer that you should keep up to date as well. Things like Adobe Reader, Firefox, Chrome, etc that will have constant security bugs that need fixed. A free piece of software called Secunia (www.secunia.com) will let you know what pieces of software are vulnerable to an attacker. Also, please, if you’re reading this and have Windows XP you need to do everything in your power to get onto a newer operating system. Just trust me.

Protect your browsing

There are a large amount of websites out on the internet that are infected, compromised, or  just plain bad news. Here are a few things you can do to mitigate this:

  • Use a web browser other than Internet Explorer (IE). www.google.com/chrome or www.getfirefox.com are both exceptional browsers that have the ability to be more secure than the default IE.
  • Install extensions on your new browser. Two extensions specifically, one named Ad-blockerPlus and another called No-Script, will turn off a large portion of very bad things displayed on websites.



I hope that all of the above tips can be something that you would handout to the circle of people that you know. Security is everyone’s responsibility and the more we all work towards a common goal, the safer we all become!

2 comments:

  1. Amanda: I read your article in the North Coast Business Journal. I was wondering if you would be interested in talking to my Senior Men's Club at the Senior Center in Downtown Sandusky on a Monday morning in February. I think the topic of credit card and internet security would be very interesting to the gentlemen.

    You may contact me at pkoelsch@aol.com.

    Thank you in advance!

    Peter Koelsch

    ReplyDelete