Five Cyber Security Tips for Computer and Online Safety
by Dave Herrald, on Mar 23, 2013 3:26:00 PM
It's October and that means National Cyber Security Awareness Month is upon us. What better time for some quick tips to make yourself more secure online? I decided to pull together the top five recommendations I often find myself giving to family and friends in hopes you will find them useful as well.
Important note: The recommendations in this post are appropriate for a home computer user. For computers managed by your information technology (IT) team, always consult them first before enacting any of these recommendations. You can also chat with our team anytime about corporate cyber security tips.
1. Use a Password Manager
The handwriting is on the wall: passwords are coming to the end of their useful lives. That said, even though we are starting to see more examples of secure authentication options emerge (see tip #2), we unfortunately still need to rely on passwords for the foreseeable future. You likely already know that your passwords need to be long, complex, and not based on dictionary words. What you may not know is that in today’s online world you really need to use a different password on every website. That's right, you need a different, long, complex, non-dictionary password for every single website you frequent. Clearly this is easier said than done and that's where password managers come in.
A password manager is a secure storage location for all your different passwords. It integrates with your web browser and automatically enters your username and password for you when you are logging in to a website. A good password manager will also generate secure passwords for you when you register with a new site or change a password. The password manager protects its contents by using a special “master” password. Needless to say, it is critical to choose a very strong master password. Some password managers allow you to add multi-factor authentication in addition to your master password to give you an extra layer of security. There are plenty of good password managers to choose from (far too many to mention here) and many of them are free. I often recommend LastPass, KeePass or Password Safe.
2. Use Multi-Factor Authentication
Over the last year or so, several of the most popular sites on the Web have started offering multi-factor authentication (MFA) options. This feature is usually implemented by requiring you to provide a second type (or factor) of authentication in addition to your username and password during the login process. This second factor of authentication proves that you are in possession of some physical item like a smartphone or a purpose-built hardware token. Security folks describe this as "multi-factor" because there are two human factors involved: “something you know” and “something you have.”
The trend toward MFA is important for a number of reasons. First, MFA makes the authentication process much more secure by mitigating some of the biggest weaknesses associated with passwords. Second, many of the websites that now offer MFA are also identity providers for other sites. That means, for example, that by enabling Google's two-step verification, you are also enabling MFA for any site that you log into using your Google credentials. Finally, the fact that such influential services are now offering MFA will hopefully prompt more sites to begin rolling out similar features soon.
Here's a short list of some of the more popular sites that now offer MFA. Having used MFA on every one of these sites myself, I can tell you they have generally done a good job at making it easy to set up and use. I recommend everyone start taking advantage of MFA right away.
Google/Gmail uses Two-Step Verification
Facebook uses Login Approval
Twitter uses Login Verification
LinkedIn uses Two-Step Verification
LastPass uses Multi-factor Authentication
Dropbox uses Two-Step Verification
3. Secure Your Web Browser
I find that most people don't fully understand how important it is to keep their web browsers and browser plugins up to date. In fact, browser-based exploits have become an attack of choice in recent years. There are countless examples of high profile security incidents that began with the attacker first gaining a foothold by exploiting the user and weaknesses in his/her browser. So how do you know if your browser is vulnerable? I recommend using a free service called BrowserCheck offered by leading security firm Qualys. Simply start by clicking "Launch a quick scan now" and after a moment you will be presented with a report that details your browser and its plugins. If vulnerabilities are detected, BrowserCheck will alert you and provide instructions on how to fix the issues.
4. Don't Forget the Basics
One thing that complicates computer security is that you not only need to protect yourself against new threats, but you have to protect against all the old ones too. Often a year-old virus, worm, or rootkit is just as capable of wreaking havoc on your system as a fancy new customized zero-day exploit. Can traditional anti-virus software always protect you from all malware? Certainly not. But that doesn't mean it's not important or that you shouldn't use it. With that in mind, check to confirm that you are taking these basic steps to keep your system secure. Several of these recommendations are already implemented by default, but it's a good idea to double check that they have not gotten turned off by mistake.
Enable Automatic Updates. Enabling automatic updates is a no-brainer and there's really no excuse for not doing it. Here are links that detail how to make sure your settings are correct on Windows and Mac OS X.
Use Your Firewall. Modern operating systems come with software-based firewalls built right in. You should always leave your firewall enabled. Here are instructions for both Windows and Mac OS X.
Use Traditional Anti-Virus Software. As mentioned above, you need to protect yourself against old threats and new. To that end, you should install a traditional anti-virus tool. There are many good choices, but the ones I tend to recommend most often are Microsoft Security Essentials for Windows and Sophos Antivirus for Mac OS X. Both of these tools are free and both are capable of protecting against traditional malware threats.
Encrypt Your Hard Drive. Maybe it's a stretch to call this one "basic," but I recommend it often nonetheless. Encrypting your drive can help protect your data if your laptop is stolen or if an attacker tries to physically attack your computer when you are not around. Like any security precaution, it's not a panacea but it can definitely slow down these types of physical attacks. Here are instructions for Windows 7, Windows 8, and Mac OS X.
Back Up Your System. You might not think of this one as a security tip at all, but it actually is! I've had so many friends over the years whose hard drives have crashed, destroying years of important documents and family photos in the process. If you've ever been unlucky enough to go through this, you know it can be a crushing loss. Use these instructions to set up automatic backups for Windows 7, Windows 8, or Mac OS X.
5. Get World-Class Security Advice, for Free!
Keeping yourself safe online is a constant battle. Staying up to date on changing threats can be time-consuming and it's a very easy thing to neglect. One great way to stay aware of security issues that affect you is by subscribing to the “OUCH! Security Awareness Newsletter” published by the SANS Institute. It’s a free monthly newsletter written by experts in the field and it goes in-depth on topics similar to those I've mentioned in this post. SANS even offers a Security Awareness Tip of the Day for those of you who prefer more frequent advice.