Recently, we discussed ways to get yourself started with being a responsible adult in the digital world. We thought it was time to do this after rediscovering a recent Google study, which highlighted how differently everyday computer users and security professionals think of security. It’s not shocking in itself, but the implications are scary!
If you think it’s time to rethink personal IT security, we encourage you to go back and check out the first part of this series. We got started discussing things like why software updates are essential and why a password manager is the new thing every reasonable grownup should have.
When you’ve worked yourself through our first article, you’re ready to move ahead and embrace security consciousness a bit further! Read along for six more tips that will increase your chances of avoiding chaos. By getting started today, you might very well avoid the misery of identity theft and data leaks.
1. Become a ‘limited user’
One of the most basic things bigger organizations do to protect their computers and networks is to lock down operating systems and give users limited access to settings and software installation. Annoying as that may be for the user, it’s also hugely effective. Because if you log on to your Windows or Mac computer with a limited user account, you won’t be able to mess up stuff outside your home folder. And neither will a malware program, unless it relies on grave operating system vulnerabilities that can bypass access control.
There’s good news for individual users though. Current versions of Windows and OS X are pretty great at asking for an admin password when you double click an installer. There’s usually no need to bother with another login entirely for software installation.
In essence, a small business proprietor or home user can eat the cake and have it too. You’re just limiting your own, everyday account! That finger wagging IT person you haven’t hired won’t magically appear like a corporate genie in a bottle to stare disapprovingly as you type an admin password to install Spotify or Steam on your own computer.
The limited account is one of the easiest tips we have. All you need to do is to create a separate admin user today!
2. Use an ad and tracking blocker
Last time, we already singled out adult and pirate sites as potential sources of malware and privacy breaches. It’s true that these categories of services are high-risk destination, but it’s also far from the whole truth.
Many, many companies don’t want us to tell you this: It’s a really good idea to use an ad blocker on the web. For some users, namely those who don’t really leave their web browsers and don’t have to open e-mail attachments, ad-blockers may even be more efficient than anti-virus.
The whole web relies on revenue from targeted advertisements. Corporations including Google, Facebook and countless shady firms you’ve never heard of offer publishers tools that track you and display ads. These companies trade data with the consequence that an unknown body of data on everything you do online is up for grabs.
Even more shockingly, tracking and ad companies don’t always take care of their server security, as happened to a system serving ads on Forbes.com last month. Sometimes malicious ads are put into rotation on major, reputable news sites, sometimes your data may leak by either breaches, or, for all we know, government subpoenas. Either way, you’re better off blocking ads and tracking everywhere you can until the parties involved deserve your trust.
Your browser is a good place to start blocking unwanted stuff, but apps on your phone leak data to third parties as well. To start mitigating, check out great resources like Ghostery, Adblock plus, Ublock origin and Disconnect.
While ad networks certainly deserve a proverbial tarring and feathering, ad blocking impacts many good publications, particularly those geared towards the techy crowd. It’s worth considering fair deals, like Wired.com’s new approach, that offers ad-free access for a dollar a week. Getting good information is another part of being safe and we absolutely do need journalists for that!
3. Use disk encryption
What happens to your data if you lose a laptop or a phone? Well, you won’t know for sure. The fact of the matter is that the person who gets hold of your laptop or phone can access all the information on it. This includes any apps or websites you’re logged in to. A simple operating system password or screen lock doesn’t change this, even a bit.
Don’t let this happen. Computers and devices, at least portable ones, need to have their disk space encrypted and unreadable for outsiders.
Luckily, disk encryption is easier than ever. Many new devices come with encryption options that definitely are good enough to protect against theft.
Apple’s iOS devices are, now famoulsy, always encrypted, if you activate a passcode (the screen lock). New high end Androids are getting into this too. New and reinstalled Mac computers now suggest turning on FileVault on OS X by default.
Microsoft Windows offers built in BitLocker encryption in Pro and Enterprise OS versions. Home users get a limited feature called device encryption, which backups the encryption key to Microsoft’s servers. To us, this is good enough and helpful for people who’d otherwise never use encryption to protect against theft.
Users who demanded protection from state level actors used to rely on the solid, free TrueCrypt suite, which was abandoned in 2014. Luckily there are current and maintained TrueCrypt spinoffs, of which VeraCrypt seems to be the most well regarded option.
Just remember: disk encryption is a serious tool that will leave you without your data if you loose keys or passwords!
4. Your gadgets are insecure, unmaintained computers!
In our previous article with basic security tips, we pointed out the importance of installing software updates. But what about all your gadgets? Your remote controllable garage door? Wi-fi router? Your smartphone? They’re all computers, right? Security cameras? DVR? When have you updated gadgets like these? Do their manufacturers even prepare updates you can install, easily or at all?
What if you’re unsure but get an uneasy feeling once you start thinking about this? This just means that you’re sane and that almost the entire electronics industry has gone mad.
The uncomfortable truth is that responsible security support for connected devices varies greatly. One massive example: Android is an awesome ecosystem which includes the world’s most popular computers ever sold. But Android phone and tablet manufacturers are notoriously lousy about maintaining their phones, causing users to run without security updates for years on end.
Yes, Android phones typically have all your data, they know where you are. And they have microphones. Luckily, it’s possible to mitigate the risk of using unpatched Android with products like Miradore’s own, free MDM, Mobile Device Management suite. But it’s still weird that there aren’t more people boiling with outrage and going to court over Android security.
Apple isn’t perfect, but they do release updates for previous iPads and iPhones. So, if you’re an Apple customer, please don’t skip new versions of iOS, even if your three-year-old phone may get a bit slower.
But how about that networked printer? Well, even when updates are available, they can be super hard or annoying to install. Yes, this is nothing but insane. But let’s not succumb to fatalism. Instead, read on about how to manage risks!
5. Wi-Fi and network hygiene
So, let’s assume that every gadget on your network is a computer that runs faulty software that never gets updated. Should we panic and run around screaming? Well, you might want to, but it won’t help. Instead, act by mitigating risks by making informed choices. That’s what professional IT security is largely about.
For starters, let’s limit who can access your network, and let’s be a bit strict about it. Access to your network probably happens through Wi-Fi. So make sure you have a Wi-Fi password, and that it uses the still good WPA2 standard. If you have an open network or a ’90s style WEP password, someone out in the parking lot could be snooping on all your network traffic with the click of a button.
If you have one of those reasonably recent Wi-Fi routers that uses its serial number as the default network password, that’s actually a really good start. But it’s a good idea to change the password over time as employees leave and so on.
On the other hand, Wi-Fi Protected Setup (WPS) is a bad idea.
But most importantly: don’t give your home or office Wi-Fi password to everyone. We know, it’s human nature to want to share. Just make sure you have a nice router that offers separate, password-protected guest Wi-Fi.
If you have a really old router, it’s probably packed with insecure software. Throwing out your old router and getting a new one might be a really good idea. For homes and small offices, we really like the ease of use offered by Apple’s AirPort series and Google’s new OnHub routers.
Wi-Fi products players like Google, Apple or the new guys, Eero, are much easier to install, update and manage than the average junk. Bad home/small office routers are certainly no joke! Make sure that none of your friends have any of the Asus models that shared all connected USB drives publicly on the internet.
Finally, what other passwords do you have on your network? Any file servers, cable modems or security cameras? The router’s settings menu where you changed the actual Wi-Fi-password? Default admin passwords are available in manuals online. These passwords should be changed to protect your network from automatically being taken over by malware on another device. It’s not a bad idea to write down your new passwords, preferably on paper you can access, even if you have network problems.
6. While travelling, use a VPN to protect your communications
If you travel a lot, you get used to the yucky feeling of losing control of your surroundings. While in transit or staying somewhere, you have to put up with annoyances like expensive food and bottled water. For travelers who leave their country, lack of control often extends to internet use as well, since mobile broadband fees can be extortive. Which leaves one to Wi-Fi hotspots.
Whenever you use public Wi-Fi hotspots, all non-encrypted traffic, such as regular, non-https websites, or some e-mail accounts, may be visible to whoever controls the “pipes” your network traffic flows through. On the kind of Wi-Fi networks that only asks the user to tick a box or type a password in a web browser, all traffic is easy to snoop for anyone in the vicinity.
That’s why the small business road warrior should have “a secure tunnel” for their Internet traffic. This type of service is called a VPN, virtual private network. A VPN temporarily wraps all communications in a layer of encryption as it leaves the local network.
Bigger organizations may have VPNs that reach to the main office from anywhere in the world. Small business users on the other hand probably do best in paying for a commercial service to get a ready-to-use VPN. We’d advise against using VPNs built into routers and firewalls. As discussed above, those boxes may be old and insecure.
Apple-centric users will probably enjoy the drop dead simple approach of a service like Cloak. Others may be interested in similarly easy-to-use offerings like F-Secure’s Freedome. This list of VPN providers that keep no logs of user activity is a good place to start.
We’d like to leave you with this: Security is a complex tradeoff. It’s not a monolithic thing you achieve, but rather a mindset and process you implement everywhere in life. You’re never done, and things never get perfect.
Just like building thicker walls around a medieval castle to keep out the barbarians or robber king in the next shire, adding security precautions to your computing costs money, time and attention. You have to make some hard choices. We ask only that you try out things beyond the default state of chaos, and that you document what you do, so you don’t get confused later or lose access to assets.
Good luck out there!
Latest posts by Thomas Nybergh (see all)
- GDPR: Action Check List, Part 1 - 19.06.2017
- Non-Microsoft Patch Management with Miradore - 02.06.2017
- MSP World Spring 2017: 4 important things we learned while there - 20.04.2017