Monolith149 Daily

Another place to see what KG is doing...

Security Basics

The information world is a dangerous place these days. You can lose everything in an instant. There’s more at stake. The biggest one is probably your personal and family pictures. The next is personal financial and other important information, documents, etc. I don’t know if it’s any more dangerous but more of us have more important information stored on our computers and other devices.

Here’s my own list of the basics. There’s nothing original here. You should hear about the same thing from any security or IT professional.

Summary

  • Don’t open links and attachments in email, messages
  • Keep systems and apps, everything, updated
  • Keep Internet browsing on Main Street
  • Make backups, 3, 2, 1 (three copies, two media, one off site)
  • Use Google Chrome
  • Use Gmail
  • Use a password manager like LastPass or 1Password
  • Never install something you weren’t looking for

The Basics

Don’t open links and attachments in email, messages

This is one of the biggest threats today. You click a link and download an attachment and you’ve given malware, an attacking computer program, access to your computer. Fortunately most of our systems today are secure enough that they can’t be compromised unless you take the action yourself so the game is to trick you into running the evil code. Sending you email that looks like a legitimate, important message from your bank or the IRS, or maybe telling you you’ve won something or have an important message, maybe an unpaid bill.

If the message is from a bank or some institution or business, see if you can get to the same information by going to their web site on your own, not by clicking in the email, and finding what they’re talking about. If nothing else, call them.

If it’s from a family member, text them or call them and ask if they sent it to you and if they’re sure it’s okay.

Many of the largest company security breaches in recent news have been the result of finally tricking an employee to click on something in an email message.

Keep systems and apps, everything, updated

All software and, in fact, most hardware, is updated regularly. These updates are important. Many people are working hard to find and fix bugs that could expose you to attack. On Windows, Mac OS, and Linux, you should turn on automatic updates so your system is updated on a regular basis.

Keep Internet browsing on Main Street

This means stick to well known and reputable sites: people, businesses, destinations. Don’t go down the side streets of the Internet and definitely don’t stray into any dark alleys. As in real life, it only leads to trouble.

Make backups, 3, 2, 1

That means three copies, two media, one off site. This may be the second most important thing you can do, maybe the first. First, this is just basic data stewardship. It’s gives you the best chance of not losing it all. However, with the recent, dramatic rise in ransom ware, backups are even more important. Ransom ware gets into your computer (e.g., by getting you to click a link in email) and encrypts all of your files. Then you have to pay a web site anywhere from $100 to $1000 for a key to unlock your files. There’s no other way to get them back. However, if you have a recent enough backup then you can ignore the ransom ware attackers, wipe your computer clean and restore your files.

Here is the simplest way to do this. Buy a second, external USB hard drive which should cost from $60 to $90, attach it to your computer and use a program that backs up your files to it nightly. Then subscribe to a service like Carbonite or Back Blaze. They both charge about $5 per month.

Use Google Chrome

As Internet browsers go, Chrome is the most secure. This is proven often and Chrome was the clear winner at this year’s annual “Pwn to own” security contest, as it usually is. Chrome isn’t perfect but it will help keep you safe.

Use Gmail

Gmail is the best email period and it’s also very safe and will work hard to help keep you secure. It’s also not perfect, though, so you still have to follow all of the other guidelines here. I’ve used Gmail since it came out in 2004, that’s 12 years, and it’s sad when I hear people talk about email problems and issues that I haven’t even thought about for those 12 years.

Use a password manager

Maybe the two biggest are LastPass and 1Password. I personally prefer LastPass but pretty much everything I say here about LastPass applies to 1Password as well. You put all of your passwords into LastPass for everything you use. If you install it into your browser, it will log into sites for you automatically. Make sure every site has a different and long password, at least 25 characters, usually with a mixture of upper case, lower case, numerals, and other special characters. Lastpass will make up new passwords for you. Remember, you won’t be typing in these passwords. Lastpass will do that for you.

It’s a good practice to use a different user name for each site and it can also be a random jumble of letters. Similarly, if you have to answer security questions for the site, use a jumble of letters for that. In other words, don’t put your mother’s maiden name as “Smith” but enter it as “GAStiOnOgyRiVEnDETorpoyaL”. Use different answers for every site. Put them in the Notes section of that account on LastPass.

There is one important thing: Lastpass (and 1Password) uses a master password to unlock access by you to the rest of your passwords. You should make the master password easy to remember and key in, but also be absolutely sure to write it down and store it in a non-obvious, very safe place.

Never install something you weren’t looking for

This is a rule from Steve Gibson of GRC.com and Security Now. If you get a pop up message on your computer that says it’s time to install an update or something else, don’t do it. It could be fine, but don’t take the chance. This is what we mean by “something you weren’t looking for.” Instead of clicking on the popup, go to the actual application or go to the web site and see if you can find whatever the popup was talking about there. Maybe go to your system’s app store and see if there are pending updates there.

What about virus software?

Did you notice I didn’t mention virus software or anything to remove adware or malware. Those days are pretty much over. The types of attacks and the real problems usually aren’t viruses any more. If you have Windows, turn on Microsoft’s own, built in virus scanning. It’s sufficient and free. You definitely don’t need anything scanning your email or web connections, especially if you use Chrome and Gmail.

I do use ad blocking software, Ghostery on the desktop. I’m not qualified to recommend which ad blocking software is best right now. Anyway, ad blocking is more about avoiding browsing nuisances of ads covering a web page you’re trying to read and are not so much a security matter.

Next

I’ll soon follow up with part 2, Bonus Tips.