Tuesday, August 16, 2016

Best practices for safe user behavior to keep your account/computer from being compromised

I wish the internet was a safe place, but it's not.  There are people who want to compromise your accounts, computers, bank accounts, and credit cards.  In this post, I'll talk about ways to help keep you and your computer safe.

I separate risks into two categories:
1) User risks - these are things that you do over the course of regular use of your computer
2) Server side risks - these are parts of the your IT system that you have no control over

This blog will focus on user risks, the things you can control and should be conscious of when using your computer.  While TV and movies often focus on hackers compromising your company's server, the vast majority of IT security compromises come from everyday internet and email use.

I will list the items that you should think about in order of importance.  All items are important, but the items listed first will be more important.

  1. Backup - every computer should have a backup system and preferably one that includes off-site storage.  This protects you from A) hardware and software failure and B) bad actors who would destroy your data or hold your data for ransom (this happens).  My strong preference is a cloud based backup system like Backblaze or Carbonite.  Of the two, my preference is Backblaze at $5 per computer per month.
  2. Antivirus - all computers should have an up to date modern antivirus program (Macs included).  Windows 8 and Windows 10 come with antivirus built-in.
  3. Malware protection - I believe best practice is to have a separate program for malware detection.  Antivirus, while good, does not protect against several types of Malware.  My favorite malware program is MalwareBytes at www.malwarebytes.org at a cost of $25 per year for residential users and $50 per computer per year for business users.
  4. Complex passwords - all passwords should be at least eight characters with at least one letter, one number, and one special character.
  5. Turn on multi factor authentication - As of 2016, many email providers offer a two factor or multi-factor authentication.  To minimize the chance of your email being compromised, you can turn on two factor or multi-factor authentication.  When turned on, your email system will send you a text message to your cell phone to verify you any time you access your email from a new computer.  Some people find this annoying, but it is a secure way to make sure your account does not get compromised.
  6. Safe email behavior - Users should never open an attachment or link in an email unless they are 100% sure they are confident that the attachment or link is safe.  Your IT person can often help you figure out if a link or attachment is safe if you are not sure.
  7. Avoid sending private information over standard email - Standard email traffic is not encrypted, and it is safe to assume that all the emails you send and receive can be viewed by other parties.  There are ways to send encrypted email, but encrypted email is not standard and needs to be set up by your email administrators.
  8. Safe web behavior - Even innocuous Google searches can return virus laden links.  Before clicking on any link in a web browser, be sure to verify that you are visiting the site you intend.  You might think you're going to a restaurant of movie review, but you might end up in another location.  Make sure when you look at search results that the address of the page you're visiting matches the name of what you are looking for.
  9. Avoid illegal software - Downloading software from questionable sites can create trouble.  Often this software is loaded with what we call "bloatware."
  10. Ignore virus warnings from web browsers - For many years, unethical people have created "fake alert viruses."  In your web browser (Firefox, Chrome, Internet Explorer, Edge, Safari, etc), a window opens up telling you that you have a virus and to click on the page to remove the virus or to call a phone number.  If the warning comes a page web page, this is a false message trying to get you to take action that will infect you.
  11. Ignore unsolicited phone calls - As of 2016, users sometimes get unsolicited phone calls from "Microsoft" or "Comcast" saying that your computer is infected and they want to help you.  This is a scam.  There is no such concept as a central authority somewhere keeping track of your phone number and computer status.  

If you have any questions, please contact your IT people.  They are the best resource for help staying safe.

No comments: