Seven Easy Steps to Protect Your Computer
by Dr. Rog Billings and Dr. Thomas Eyre
Many consumers believe that they are simply unimportant — certainly low-key enough that no hacker would even care about them. Unfortunately, that simply isn’t true unless by “not important enough” you mean that you have no money, no credit cards, no bank accounts, and no identity.
The good news is that most attacks against consumers are opportunistic — they are somewhat akin to a mousetrap or a baited hook. You have to do something in order for them to be successful, which gives you a distinct advantage.
Here are several things you can do avoid common traps on the Internet:
1. Use Strong, Unique Passwords.
A lot has been said about this already, but using strong passwords that are unique for each online service is still one of the best things you can do to prevent problems. If Adobe were hacked, for example, and the password I used to sign up for Adobe product downloads was compromised in the breach, that wouldn’t hit me too hard — unless, of course, I use the same password for my online bank account and my PayPal credentials that I use for Adobe. Ouch.
That may sound a little fantastical, but that is how it happens. One site gets compromised and loses data, and the username-and-password combinations found at that site are then tried against a large number of other online resources.
So, having strong passwords that are unique to each site or service you are using is incredibly important. A good password should include upper and lowercase characters, numbers, and special characters available on your keyboard, such as the “tilde” or “@” signs. A good password is also no less than 8 characters long, and preferably in the 12-16 character range.
How are you supposed to remember all those passwords? Get a good password manager, or set up an encrypted file that contains your username and password list (which is the basic function of a password manager). However, if your credentials list is not encrypted (either by you or your password-management app), it’s worse than having a single, awful password.
2. Configure a Firewall.
Setting up a firewall is a simple process that greatly increases your computer’s security posture. It may sound absurd, but even if your computer just sits in your living room at home, it still needs a firewall enabled. Firewalls are the police force monitoring the network connections into and out of your computer.
Odds are that your computer doesn’t need to accept incoming connections from other machines — that’s the realm of servers. Preventing other machines from connecting to services on your computer can help protect you against several types of attacks.
Fortunately, Windows and Mac OS X both come with readily-available solutions that are easy to enable. In Windows, open Control Panel and head over to System and Security -> Windows Firewall. Then choose Turn Windows Firewall on or off from the options on on the left. Ideally, your settings would look something like this:
In Mac OS X, open System Preferences, select Security & Privacy, and click on the Firewall tab. Make sure that the firewall is turned on, and then select Firewall Options. The options screen should look something like this:
Click image for larger view
3. Disable Adobe Flash and Java Browser Plugins. Adobe Flash and Java plugins provide incredibly powerful interaction features that can extend your browsing experience far beyond what can be accomplished without them. These plugins are cross-platform, so once content is developed, it can be utilized by almost any browser on either Windows or Mac OS X. For companies trying to enrich their user experience, this can greatly reduce development cost, which often translates to a more affordable service provided to the end user.
Unfortunately, the blessing of these plugins is also their curse, as malicious software developers derive the same benefit. Malware using either of these technologies is promised a large target audience, and in many cases all the user has to do to become infected is to visit a website that embeds the malicious Java or Flash code.
Many users are not quite ready to give up these plugins because something they need (or really, really want) is relying on it. For those of you who aren’t ready to pull the plug, please at least enable Click-to-Play, which will require you to click on content before it will be allowed to run. This feature is available in most major browsers.
Alternatively, disable these plugins completely in your primary browser and use a different browser solely for applications requiring Java or Flash. I use this approach as a safeguard to make it harder for myself to run potentially unsafe content by mistake.
Instructions for disabling these plugins or enabling click-to-play in the major browsers can be found here: https://www.goldkey.com/support/2016/12/disabling-adobe-flash-and-java-in-iesafari- chrome-and-firefox/
4. Verify Emails You Don’t Expect. Emails are a great way to communicate, either personally or professionally. Like almost all technology though, ill-intending people have found a way to abuse them. Spammers have many clever ways to manipulate unsuspecting or gullible users.
It may be a ZIP file containing a list of unpaid invoices that need urgent attention. There’s probably a problem with your bank account and you need to sign in right now in order to resolve it. If you don’t hurry, there will certainly be irreparable damage to your credit, or your account will be closed. It could be that Amazon will give you a $100 discount on your next purchase, or HP is going to give you that laptop for free, if you’ll just click here…
In my case, I have a close family member, of whom I have never heard, die over in Africa about once a week. Each time, several million dollars are left behind by the deceased, and the widow wants my help. All she needs is my bank account information and I’ll get a large percentage of the sum just for providing assistance in getting the money to America. What a deal!
But it’s all a ruse.
If you get an email from your bank that you’re not expecting, don’t just click on the link, and don’t you dare open that attachment. If you think the email is legitimate, call them about it using a number you already had or go to their website using your regular bookmark. If you need to reset your password or clarify something in your account, they’ll let you know there. Get verbal confirmation from the sender before opening any attachments you weren’t expecting to receive, and never — ever — respond to emails requesting your account credentials for required maintenance or any other purpose.
5. Double-check Link Destinations Before Clicking. One of the simplest ways to avoid visiting places you didn’t intend is to take a moment before clicking on a link, place your mouse over it, and proof-read the link’s address (which is displayed in the bottom-left hand side of your browser). Since every major desktop browser will display the destination address like this, and it takes all of 1.7 seconds, this should be a habit of yours.
This may be considered a little thing — like looking both ways before you cross the street. Doing it never hurts, and there will be times you’ll be glad you did.
6. Download Software from Reputable Sources Only. Downloading a program from a random location on the Internet and running it is a little bit like playing Russian Roulette with your computer. I recommend that software be downloaded from verified sources — like the Apple or Windows stores.This is also a rule that should be strictly followed when installing software on your phones and other mobile devices. There is an app verification process involved when developers upload software to a store like the Apple Store, the Windows Store, or Google Play. This verification process isn’t perfect, but it has done a lot to protect users from inadvertently installing malicious software.
No such verification process exists for the Internet at large. Virtually anyone can get a website and offer software for download. Free games, especially, are notorious for containing viruses.
Once you download software and run it, you have trusted the authors of that software with the operation of your computer and entrusted them with your data. Be careful about whom you give this level of trust to.
7. Enable Automatic OS Updates. Windows and Mac OS X both include automatic update mechanisms for the operating system and the built-in software. This can include software installed from the store if configured correctly. You need these updates. Many, if not most, of the updates coming through these channels are specifically to keep your computer from being compromised. Not installing these updates is asking for trouble.
Periodically, newer versions of operating systems are released and support is dropped for older versions. Goodbye Windows XP. If you’re still using XP or older, you need to upgrade — like last year. Using an operating system that is no longer receiving vendor security patches is like keeping your money in a vault that no longer has a door. Just don’t do it.
Instructions for enabling automatic updates for supported versions of Windows can be found in the Microsoft Support Center:
To enable automatic updates for Mac OS X, open System Preferences and select App Store. From there, check the boxes labeled Automatically check for updates, Install app updates, Install macOS updates, and Install system data files and security updates.
There are certain places in society where you just wouldn’t send your children alone — places where even if you go with them you want them to be alert and aware, with a warning to call for help if anything unexpected happens. For your computer, that place is the Internet.
Dr. Rog Billings is the CEO of GoldKey Corporation and a regular editorial contributor to Computer Technology Review. Dr. Thomas Eyre is the Director of Networking at the International Academy of Science.