8 Essential Tools For Online Safety & Security – Part 3

Jason JubinvilleEducational

Blog_Password_3of3-02

Crash course in online security round THREE

If you haven’t had the opportunity to read part one & two, you can find them right here & here.

They discuss the first four of our top eight security need-to-knows.

This third segment rounds out our list by discussing a few other best practices.

And in case it all goes to hell, we’ve got you covered in the “What if?” section.

 5) Firewalls or Antivirus

What do firewalls and antivirus do? Do you need them?

Essentially, firewalls keep unwanted people (computers) from talking to you. Antivirus software keeps unwanted files and programs off of your computer.

Firewalls are complex pieces of networking infrastructure and can come in many different forms. They are beyond the scope of this short course (and are typically handled by the IT professionals where necessary).

Anti-virus software, on the other hand, is something that can (and should) be easily implemented on all of your computers. An anti-virus is really good at preventing, detecting and removing viruses that have been used before.

This is both good and bad, for obvious reasons.

It means that you are protected from the most frequent viruses that dull minded hackers might lazily try and put on your computer. These happen to be the most plentiful!

But brand new viruses are nearly impossible to detect using off-the-shelf software. Luckily, creating a new virus is uncommon and expensive, which means they are highly unlikely to target you personally.

Which AV should you use? Up to you. There are a ton of great ones online.

Bare minimum? Windows users should feel comfortable with Microsoft Security Essentials, which is installed by default on Windows operating systems.

“I’m on a Mac, I don’t need one, right?” Well, that’s not quite correct anymore. With the growing popularity of Apple’s products, it’s nearly a guarantee that there are viruses successfully targeting these systems.

Here are a couple examples: Example 1 Example 2

A favourite AV for Macs around here (we are a Mac shop) is Sophos.

But, none of this matters if you don’t update your computer. Many updates contain security patches as different vulnerabilities are found. This also applies to whichever antivirus software you choose: Keep your software up-to-date!

Antivirus software keeps unwanted files and programs off of your computer, but only works when up-to-date! [Tweet this]

6) Locking your D!@# Computer Screen

This one is pretty basic. Lock your screen if you are not around. By far the easiest way to get access to someone else’s information is to wait for them to login and leave it unattended. From there all you need is a portable USB drive and a quick copy over.

To lock your computer quickly: For Windows users, WIN + L, will lock the computer screen stat (which, incidentally, is short for statim).

Those with older Macs Control+Shift+Eject, while newer Macs can use Control+Shift+Power to lock the screen.

7) Working in Public? HTTPS is Paramount

If you are working in the coffee shop on your latest report, spreadsheet, or otherwise, watch your blind spot.

Here is where we need to ensure there is an S in the HTTPS that precedes the URL in your address bar. Basically, when communicating with an online resource over an HTTPS connection, the information is encrypted the minute it ‘leaves’ your laptop.

Strong suggestion: use HTTPS Everywhere, a handy plugin that uses HTTPS wherever possible.

This one is easy to confirm: is there an HTTPS in the URL bar of your browser. If yes, keep going. Most well-respected sites automatically connect over HTTPS.

If the service is not implementing HTTPS (just HTTP) refrain from sending any of your personal or confidential information.

An interesting example of this is the notorious ‘Firesheep’ plugin, which automatically hijackes Facebook/Twitter sessions that aren’t sent over HTTPS.

So, if you are connected to that sweet, sweet free wi-fi connection in Starbucks: connect over a HTTPS connection. Then you don’t have to worry about a man-in-the-middle or wiretapping exploit.

Yet if it’s truly sensitive material, why are you working on it in a public place? It wouldn’t be the first-time confidential information gets leaked by prying eyes or overattentive ears. This brings us back to our first point: watch your blind spot!

8) Hard Drive Encryption

This one is pretty simple. If someone gets physical access to your machine, your information is gone. Poof. Adiós. Encrypt your data.

A talented adversary can easily bypass passwords or other simple security mechanisms once they have access to your computer. They can do this by either taking apart the essentials and using a third party system, or delving into the BIOS.

However, an encrypted hard drive is a pretty simple method to make this process much more difficult.

I won’t guarantee that it will stop a truly sophisticated attacker from getting your data, but it will stop Joe Thief and his computer savvy accomplice from accessing the information.

Encrypting your hard drive can be problematic, so back things up first (backing up your information frequently is good practice anyways though…).

!! What if?

Yup, you did all of this and you still got hacked. It happens. Everyday.

Don’t panic.

Did you back up and encrypt your data? Good.

Do you have fraud protection on your financials? Wow, you are way ahead of the curve.

Download Fastcustomer (lets you ‘skip’ the telephone queue). Grab a drink and make the appropriate calls to get things back on track.

Summary

If you want to stay safe on the internet, its pretty easy. Think critically about what you are doing online. Be a skeptic. Back up your data. Use the appropriate measures and tools where necessary.

Need more information? Contact us: info@echosec.net