Tuesday, October 9, 2012

Online Self Defense - Part 1 - Your Computer

   Happy US Cyber Security Month!  This partnership between Homeland Security, NCSA and MS-ISAC is an opportunity to recognize the importance of information security.  How are you celebrating?

   Last week I ran a couple of sessions at work on awareness and security.  Over the next few posts I will be reviewing some of the 3 themes I covered in a talk entitled "Online Self-Defense". You can view the slides on my slideshare page. (actually, the talk focuses on just 2 of the themes but that's OK!). Since everything comes in threes (omne trium perfectum), I will give 3 easy tips for each theme (and some bonus tips as well).

   The first theme is protecting your computer or device.
   This series of posts is both for computer or device users who want to take some (relatively) easy steps to protect themselves.
   But I'm also reaching out to information security professionals.  Most security pros understand these topics and concepts well, but find it difficult to teach to others.  Hopefully you can use the info here for your own awareness program.

   Malware finds its way onto your computer or connected device in a number of ways, which I'll cover in the final segment in this series.  Of course, the best way to combat malware is to not get it on your system in the first place!  But malware writers are tricksy.  So what can we do?

   Here are 3 simple things to do now:

1. Turn on automatic updates.  Most systems, operating systems, browsers, programs and apps have an update function.  Problems are found in the code, the support group creates a fix and sends out an update.  Computers, tablets and phones all have this.  You can turn on Automatic Updates for Windows or MacOS, and most of the applications on those platforms. Your tablets and smart phones regularly offer updates, both to the base operating system and the apps.
   Wherever possible, choose "automatic updates", unless you have a specific reason to not do this. Be sure to keep your browser updated.

2. Use anti-malware software. Yes... Macs can get malware. And so can every other platform. While malware on smartphones and tablets is still developing, it is out there. There are many good free or inexpensive choices of anti-malware products available for any platform. For Windows, I'm a fan of Microsoft Security Essentials (free) or AVG (free). Sophos and ClamAV are two Mac choices. Lookout Mobile is a product I like for android. But I'm not advocating one product over another. There are many good choices and many good lists of choices such as this, this and this.

3. If you don't need it, don't get it or get rid of it.  The more things you have installed, the more things you have update. If you have old programs that you don't use, uninstall them. Maybe you were testing out a few different photo processing programs or games, downloaded and installed them, and chosen just one to use. The others should be uninstalled. This is especially true for apps on smartphones and tablets. It's too easy to download way too many apps. Keep the ones you want, but get rid of those you don't need.

   As a bonus, here are a few more tips.  These are somewhat more advanced, or perhaps for the more adventuresome among you.

4. Use a "personal firewall". Both Mac and Windows come with personal firewalls. The functionality differs but both are turned on by default. Leave it on unless you have a specific reason to have it off.

5. Change the default password on your broadband router. If you have home broadband then your service provider issued you a router. Most people don't need to configure or change this router. You should, however, change the default administrative password on this router. There is too much variation to list the instructions here, but your service provider can give you instructions or you can look up your router model online.

   Hopefully you can implement these suggestions soon, or have already done so.

   What other suggestions do you have?  How do you take care of the malware problem?

(next time: Online Self Defense - Part 2 - Passwords)

No comments:

Post a Comment