The JW Secure Informer logo
 

archive blog contact

Online Security Checklist for Everyone

JWSecure informer imagery

Introduction

Online security is a numbers game. On one hand, each user account at each website can be viewed as a needle in a proverbial internet-wide haystack. Thus, you might think, "With a billion users on the internet, what are the odds the bad guys in Eastern Europe and China will target me?" Unfortunately, the numbers game cuts both ways. With tens of millions of accounts compromised at each of a variety of server providers (Anthem, LinkedIn), all of those stolen passwords can be tried automatically against other likely services.

Passwords

To protect yourself, you need to take steps to defend against an electronic attack. Don't worry — it's not that difficult. And it's okay to make some tradeoffs in doing so. For example, by far the two most important things you need to do right now are:

  1. Use a different password for each of your electronic accounts (including on your broadband and wireless routers at work and at home).
     
  2. Make each one a strong password consisting of:
    • At least eight characters total
    • At least one uppercase alpha
    • At least one lowercase alpha
    • At least one number
    • At least one symbol other than "!"
    • Don't use common words, your birthday, your name, etc.
       
    I know. That's a royal pain. But it's perfectly acceptable to keep a handwritten list in your wallet. (Just don't stick a Post-It with your ATM PIN on your debit card, okay?) Never write those passwords anywhere electronically, since that's vulnerable to the kind of attack you're trying to mitigate.
     
  3. For online services that support using your cell phone as an authentication factor, I recommend taking advantage of that option, as long as you:
    • Set a screen lock PIN/password on your phone (if you have an iPhone, use Touch ID — it's super convenient).
    • Use Internet Explorer InPrivate or Chrome Incognito mode for any sensitive or valuable online transactions. That way, when you close the browser window, you know you've left no cookies behind.

     

Patches

According to the Microsoft Security Intelligence Report Volume 20, one of the most exploited vulnerabilities in 2015 was a Windows shell bug that was patched 10 years ago. This tells us that people just aren't setting up automated patching. Yes, sometimes a patch causes application compatibility problems. But those are rare, especially for common apps. Bypassing automated patching opens the door to many worse issues.

Most computer operating systems, and many widely used applications, support automatic patching. The guidance is simple: enable automatic patching of your operating system and applications. (For Windows, go to Windows Update in the Control Panel and click Change Settings. In the Important Updates section, select Automatic Updates.) If you're prompted to restart the app or reboot in order to complete the update, do it immediately. Until you do, you're on the losing side of an arms race with the bad guys, who need only seconds to exploit a vulnerable system.

Home wireless routers are also vulnerable (remember the Heartbleed bug?). Broadband routers usually disallow inbound connections except from the carrier, but if the device has a defect, who's to say that firewall can't be circumvented? That exposes all of your data. It also allows your computer to be used to attack others around the world. Check the manufacturer website for firmware updates and follow the provided instructions for installing them.

Banking

The Verizon 2016 Data Breach Investigations Report reminds us of the threats to consumer banking. In fact, it's important to keep in mind that ATM transactions have, over the years, become more like online checking in terms of the systems used and of the threat of internet exposure.

Physical security is an issue, too. Always protect your ATM PIN. Cover your hand when you type it in. And trust your gut. If you're at an ATM and the hair on the back of your neck stands up, or something doesn't look right, go to a different ATM.

Phishing and other social engineering attacks are also still incredibly effective. The bad guys send emails that are indistinguishable from the templates, layout, and terms used by your bank. Clicking on any link in a phishing email results in malware installation or navigation to a bogus website requesting your online banking credentials or other valuable data. So here's a useful heuristic for turning the problem on its head: if your bank ever sends you a legitimate email that asks you to click on an embedded link, switch banks.

It may seem like common sense when you're reading an article like this one, but, in addition to everything else we've covered here, it doesn't hurt to be reminded that you should never open email attachments from strangers — or even from friends or colleagues. There are better ways to share documents.

Finally, It's smart to lock your laptop just like you do your smartphone (see above), particularly if you travel with it. And don't trust strangers with any of your login information, even if they offer you chocolate.
 


Keep in touch

RSS
Facebook
Twitter
Contact
 


Just for laughs

JW Secure Informer cartoon


Quote of the month

If you had to identify, in one word, the reason why the human race has not achieved, and never will achieve, its full potential, that word would be 'meetings.'
 
- Dave Barry -

Thank you for reading the JW Secure Informer

This information has been organized and published by:
JW Secure, Inc.
1752 NW Market St. • Suite 227 • Seattle, WA 98107
© 2016 JW Secure, Inc. All Rights Reserved.