Recently I received an email from a readers board that I’m a member of; the site was hacked. That sucks, now I have to around and change all my passwords again! This coupled with all the news of the Russian hacking, I thought it might be a good time to go over a couple of things. I’m going to attempt to cover a lot of ground today without writing a book, so bear with me. There is a real good reference site called Laws.com (http://cyber.laws.com). First, let’s go over a couple of definitions:
1. Cyber Security: (Also called computer or IT security) The protection of computer systems from theft or damage to their hardware, software or the information on them, as well as from disruption or misdirection of the services they provide. I liked this definition from Wikipedia.
2. Hacking: The practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator’s original objective (Ref: Whatishacking.org). Those who do the hacking are called “Hackers” which makes sense. Lifewire published a good, easy to read explanation of hacking.
3. Computer Virus: A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to replicate itself. Similarly, in the same way that viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without programming such as a file or document. I liked this definition from Symantec’s website.
4. Malware: Short for “malicious software,” malware refers to software programs designed to damage or do other unwanted actions on a computer system. In Spanish, “mal” is a prefix that means “bad,” making the term “badware,” which is a good way to remember it (even if you’re not Spanish). Ref: TechTerms.
I’m not about to cover government and industrial cyber security. There are a lot of very well paid people who do that. I’m going to be chatting about how you and I, the average Joe’s, can protect ourselves from jerks and the occasional Russian anarchist.
First secure you’re online presence. Visit LeakedSource to find out if your email, name, or phone number has been compromised. If you’ve been compromised; visit those sites and change your passwords. This opens a whole new set of problems. Passwords suck; I can never remember mine and constantly lock myself out of my own computer (Hint, the solution is NOT an excel spreadsheet). To make a safe password, it should be long (>12 characters) and it should avoid names, places, dictionary words and personally identifiable information. Sounds easy? It’s not. LIfeHacker had a good article on passwords a couple of years ago, and you know what? It’s still relevant today. I highly encourage anyone looking to replace their passwords to review this article.
Next, secure your internet connection to your computer. Wired connections are easier to secure than wireless. The advantages of being wired physically is twofold. Control over the network and network speed. If you have the choice, I recommend you read this dated; but once again, still relevant article on Computer Weekly.
Let’s face the facts though. As a home user, chances are pretty darn high that you’ll have some wireless devices. What should you do? There is a good article by cNet about setting up a router. A couple of things to do “right out of the box:”
1. Name your network (without identifiable info) and encrypt your Wi-Fi network! When naming your network (the router’s SSID), do not use any information that would identify you. Also, do not use the default name as it may contain clues as to the equipment, which a hacker could use to break into your network. Make sure to set up your Wi-Fi security using a strong password (See above). I recommend using the strongest security available on most routers (Currently WPA2 and WPA).
2. Change the default settings. If you use the default settings, you may allow your router to be susceptible to unauthorized users. View the cNet article, step 2.
3. Turn off the remote access features and turn on the router’s firewall, if available. If you have a firewall in your router, read this on how to set it up.
4. Update the routers firmware, and finally…
5. Log out of your router properly!
Next, secure your personal computer. Make sure your computer’s Operating System (OS) is up to date and has the latest updates. Turn on your firewall if you haven’t already.
Finally, If you do not run security scans of your computer; shame on you. If you need a virus protection program, there are plenty of free ones out there, and check with your internet service provider, they may provide a top tier program for free, mine does. Set up your virus & malware to automatically scan emails and downloads (i.e. real time scanning). I also recommend performing a “quick scan” weekly. I usually run a “deep scan” about once every month, give or take a major holiday. Granted, running manual scans of your computer will not prevent an infection that has already occured. It’s like calling the Police; it is reactionary. Hopefully it will be able to pull out the infection and repair any damage.
There is a lot of information out there, I hope this little tidbit helps someone. Now, if I could just remember my password….(they should have an app for that). What say you? Do you have a list of best practices that you’d like to share with my loyal feline?