5 Tips to Improve Security of Your Home Computers
One of the things that I enjoy doing is talking to children in local schools about how to keep themselves safe and secure online. I often use an analogy of crossing the road. Nobody says that children should never go out, or even that they should never cross the road, but we do teach them how to cross the road safely, and warn them against running in front of trucks. The internet is full of dangers, just as scary as those trucks, and you need to learn how to protect yourself, while still enjoying the wonderful things it has to offer.
Here are some very basic rules that I recommend, they won’t take up much time and they really will make a huge difference to your personal IT security.
1. Use unique passwords
Every week we read about yet another major security breach, with personal data of millions of people being leaked. The hackers typically get a list of usernames and passwords that were in use on the breached systems, as well as personal and financial information. One of the things they then do is to try those passwords on every other site they can think of – this isn’t just a matter of someone typing in the passwords at a keyboard to see where they work, they use scripts that try millions of known passwords against many thousands of different web sites. If you have used the same password on multiple different sites, then as soon as one of them is breached the hackers will be able to access every single account where you have reused that password.
The only way to defend yourself against this is to use a different password on every site. This is, of course, a big pain because it’s hard to remember even one or two passwords and most of us have dozens of different accounts to protect. There is a straightforward solution to this. You can use a password manager. There are a number of different products to choose from, but they all work pretty much the same way. You create one single strong password which you must remember. You don’t need to remember any of your other passwords, because you use the one you do remember to manage all the others.
A typical password manager will
- Create a long, strong, random password for you to use every time you need a new password. You never need to remember any of these so they can be very complex, and much harder for the hackers to crack than anything you are likely to come up with yourself.
- Automatically log you in to websites you use at the click of a button.
- Synchronize your passwords via a cloud service so that you can access them from many different devices.
- Store other confidential information for you, as well as passwords. This lets you keep things like your bank account details available without the risk of them being compromised.
- Automatically fill in forms with standard information such as your name, address and phone number.
One of the many benefits of using a password manager is that your passwords are likely to be safe even if the password manager site is breached. This is because password managers use your personal password –the very long, strong password that only you remember – to encrypt all the other passwords you use. And your personal password is NEVER uploaded to the cloud. In the unlikely event that the password manager cloud is hacked you will have time to change all your passwords before the hackers can crack the encryption.
Some password managers are free, others make a charge. Some are easier to use than others, some offer only a basic service and some offer additional features that you might find handy. I personally use Roboform, but many of my friends use LastPass and there are plenty of alternatives on the market.
2. Use 2-factor authentication
Passwords have been used to authenticate people for thousands of years, for example sentries would challenge returning troops as a way to keep out infiltrators. The basic principle hasn’t changed in all that time. Someone who knows the password is allowed access, someone who doesn’t know the password is not. The biggest problem with this is that if somebody who should be kept out discovers your password then they can access everything that you can, because knowing the password is the only test you have to pass to prove you are allowed in.
2-factor authentication uses a combination of something you know, such as a password or PIN, with either something you have (such as a mobile phone, or a security token) or something you are (such as a fingerprint or face shape) to test whether or not you are who you say you are. This means that someone can’t successfully pretend to be you just by discovering your password.
The most common form of 2-factor authentication is sending an authentication code to your mobile phone using SMS. To login you must enter both your password and the code that has been sent to your phone, so somebody trying to impersonate you would need to steal your phone AND discover your password. Most sites that have 2-factor authentication will allow you to log in with just your password if you are connecting from a phone or PC that you have connected from before. This reduces the inconvenience while maintaining the security advantages.
While you probably don’t need 2-factor authentication on most sites, I do recommend enabling it on social media sites (where you could be impersonated) and on sites where your money or personal data could be at risk. Sites where you should use 2-factor authentication include Facebook, Twitter, LinkedIn, PayPal, Dropbox etc.
3. Keep all patches up to date
Hackers are not only after your passwords. There are also people out there trying to break in to your PC so they can take it over. They may want to add your computer to a botnet, where it will be remotely controlled and used to launch attacks on other computers. This can be a real pain, but other things that hackers who gain access to your computer can do are far worse.
- They may install a keylogger which allows them to see everything you type. They can then capture information you use to log in to your bank account as well as other sensitive personal data, which they can then use to carry out identify theft and steal your money!
- They may install ransomware. This lets them encrypt your data files using a key only they know. They can then demand money to release your data. If you refuse to pay you will have lost all the data on that computer.
Hackers typically get in to your computer by exploiting known vulnerabilities in applications and operating systems. Security patches fix vulnerabilities, but they also alert hackers to the fact that these specific vulnerabilities exist. As soon as a security patch is released (if not before) hackers will be working to create a way to exploit the vulnerability it fixes, and one of the reasons that this works for them is that there is a time gap between a patch being available and that patch being downloaded by all the users who need it. This means that anyone who waits a few weeks (or months) to install security patches is at serious risk of a breach. It is essential that you install security patches as soon as possible to protect yourself.
You must install patches for applications, as well as for your operating system. For example there are frequent security updates to Adobe Flash, which has been a very common source of vulnerabilities.
I use a free product called Secunia PSI to regularly scan my home computers for missing patches. Again, there are other products available.
4. Keep anti-virus software up-to-date and enabled
Anti-virus software can help to protect you from many different threats, but only if you allow it to scan files when they are opened and keep it regularly updated.
If you have anti-virus software installed then review the settings. Make sure the software’s configured to update its virus information regularly. Make sure that it scans files whenever you open them. And make sure that it carries out a more thorough scan at least once a week.
If you don’t have anti-virus software installed, then install some! Have a look at online reviews to help you choose the one you prefer. As with most PC software there are perfectly good free versions, and others with additional features that you can buy. Whichever you choose, it really will help to keep you safe.
5. Don’t click links in email or social media
However good your software is, you will still be at risk if you don’t take sensible precautions. Probably the most important thing you can do is to avoid clicking links that you find in email or social media.
Hackers are getting very good at phishing attacks, where they send convincing looking messages that tempt you to click on links. I nearly fell for one of these recently when someone I know appeared to send me a connect request on Facebook; when I accepted it they sent me a Facebook message with a link. In fact, the request wasn’t really from my friend. Somehow the hacker had discovered the name of someone I know and then used that name to try to dupe me. Another recent attack was in an email. Again, this claimed to be from someone I know, but was in reality from a total stranger exploiting the fact that I would recognise a friend’s name and might be lured into responding to the message.
If you receive a message or an email with a link there are two things you can do to protect yourself.
- If it’s a link to a site you know then manually type the correct address into your browser software.
- Use a different channel, e.g. a phone, to contact the person who sent the message to ask if they really did send you the link.
It may be inconvenient, but being hacked is much more inconvenient!
Image credit: Automobile Italia
This work is licensed under CC BY-SA 4.0