10 Cocktail Party Security
Tips From The Experts
It’s getting a
little bit more than scary for the average computer user. Companies and federal
agencies are regularly hacked. Ransomware stories abound. And now, the CIA, FBI
and NSA point to Russian hacking of our recent Presidential election. The plot thickens
on alleged Russian transgressions with each passing day.
How can average users protect themselves when corporate giants,
large federal agencies and our major political parties can’t?
We spoke to Michael Kaiser, executive director of the National Cyber
Security Alliance and Frank Dickson, a research director at IDC, for advice.
The idea was to develop a list of 10 simple security tips that could be easily
explained at a cocktail party.
While our readers are some of the industry’s foremost experts, many
are more used to explaining how to segment VLANs for security than explaining
simple steps average users can take.
IDC’s Dickson says people should take care of the basics, such as
resetting default passwords on connected devices or limiting the personal
information they put on online accounts or social media sites.
“The reality is that hackers tend to go for big targets and people
who keep a couple of thousand dollars in their bank accounts to pay their
monthly bills are not likely the focus of individually targeted attacks for
hackers,” Dickson says.
NCSA’s Kaiser adds that all this information should not overwhelm
readers.
“It’s not possible to take care of all the tips at once,” Kaiser
says. “People should carve out 15 to 20 minutes in their week and slowly work
on them throughout the month.”
The follow slides represents Dark Reading’s list of 10. We invite
readers to chime in and add their own ideas.
1. Take an inventory of your devices.
Start by writing down a list of all the devices in your house that
connect to the Internet. The obvious ones are your laptop, tablet, television,
Wi-Fi router, and printer. Other devices such as the thermostat, the
refrigerator and lighting may also have IP addresses today. Once you have
developed your list, change the default passwords on all those devices,
especially the Wi-Fi router that connects your house to the Internet. As you go
down the list, turn off Wi-Fi or other connectivity that’s not absolutely
necessary.
2. Regularly maintain and update devices.
Hackers like to take advantage of devices that have not been
updated. Unpatched vulnerabilities are easy to take advantage of, so update
your systems regularly. If possible, set your main devices to auto update. Also
find out if your ISP does router updates automatically in the background or if
you have to do them yourself. If your router is more than three years old, ask
your ISP if you can replace it. The newer routers have better built-in security
and given the threats and all the connected devices coming into the home should
be replaced every year or two anyway.
3. Deploy endpoint protection on all PCs and notebooks.
Sure, endpoint protection from brands such as Norton or
McAfee/Intel are signature-based and can only protect against known threats,
but most people still need it. And any endpoint protection package you buy
should also have web protection because let’s face it, the bad code typically
comes from the Internet. And while personal firewall software can help, it’s
not necessary for the average user. Personal firewalls tend to require a bit
more expertise for the average person to manage the settings. If you decide you
need one, ask a friend or relative for help.
4. Use a strong authentication solution.
Authentication may be a stretch for an average user, but they
should really look at something stronger than a mere password. Remember that
the 2016 Verizon Data Breach Investigations Report found that 63% of breaches
result from compromised credentials in the form of weak, default or stolen
passwords. There are a lot of simple, inexpensive and easy to use methods such
as USB keys that can improve authentication.
5. Monitor and educate your children.
Between social media and questionable Internet sites, kids can get
into a lot of trouble. Develop guidelines for usage and make them aware of the
downside of social media, especially teenagers looking for their first job or
kids having trouble making friends at school. Teach them basics like not
clicking on suspicious links or attachments. And, it’s also a good idea to
avoid using the same device for sensitive tasks that the kids use for Internet
activities and gaming. Taxes or online banking are best done on devices that
the kids don’t access. Gaming sites especially are magnets for malware.
6. Be aware of potential scams.
If you learn anything about online scams, understand that
nobody credible will call you from Microsoft or any other leading computer company
out of the blue to help you for free. Good security support can be pricey, but
it’s well worth the cost of the alternative: being scammed or worse, having the
computer taken over by ransomware.
7. Use credit cards with an EMV chip.
While EMV chips are not perfect, they do improve
security. For credit cards, be sure to change the default PIN. Most people use
four-digit PIN numbers, but many retail security experts say people should use
six-digit PINs. Also, if a POS terminal looks marked up or scratched, point it
out to the clerks or the store manager, there could be skimming going on.
8. Think about backup software.
People who are more than 50 years old remember the
days that computers regularly crashed, so they tend to use either online backup
or some form of backup software. Even if you simply use a USB drive or back up
your files on Google Drive or iCloud, that will come in handy if your system is
ever hit by ransomware. It’s a real problem if your system is frozen and the
bad guys want $500 or more and you have no backup to restore your files.
9. Lock down your social media sites.
Whether it’s Facebook, LinkedIn, Twitter, Snapchat or Instagram, they all offer settings that let you block certain users or limit the universe of people who can see your information. For business sites like LinkedIn you may want to include a phone number or email address, but if you are concerned about privacy make it a practice to limit the personal information you share on social media sites. Also, think twice before you post travel plans or scenes from a vacation, it can tip off criminals that you’re not home.
10. Practice digital cleansing.
This may take more
time than the average person has for security, but here are some of the points
the National Cyber Security Alliance recommends:
·
Clean up your email: Save only those
emails you really need and unsubscribe to email you no longer need or want to
receive. Look to delete longwinded email threads. Very often, it’s only the
last email you really need. This kind of cyber hygiene helps with phishing.
When email is streamlined users are less likely to get overwhelmed and anything
suspicious is less likely to get through.
·
File upkeep: When in doubt,
throw it out. Delete or archive older files such as numerous drafts of the same
document and outdated financial statements. You’ll also want to delete old
documents with tax or social security information on them.
·
Dispose of electronics
securely: Wiping data isn’t enough. When you dispose of old electronics,
look for facilities that shred hard drives, disks and memory cards. You can
call officials at the city or county dump and ask them what their recycling
practices are.
·
Empty your trash or recycle
bin on all devices: Make sure to permanently delete old files. Malware can always be
lurking, so try to clean up your recycling bin every couple of weeks.
No comments