Some thoughts on simple things people using windows (in particular), can do to increase their security. General thoughts work for all operating systems.
First: Don’t Panic. Cybersecurity looks insanely complicated, and it can be, but for most people changing a few basic behaviors can dramatically improve security.
Four Inner Paths
These are things you can do on your computer to help keep it safe.
Patch, Forrest, Patch
One of the most important things to do is to keep software, all of it, up to date. In addition to enabling auto updates for the windows operating system, you need to keep applications up to date. Two useful tools for this are ninite and qualys browsercheck.
- Ninite’s web site lets you configure and download an installer/updater for the most common applications used. Once configured, you can run the software to update all of the applications chosen, either in the background as a scheduled process or from the GUI by double clicking on it. The pro version is even easier to use.
- Qualys browsercheck is a free plugin that works with most browsers, and you can use it to check that the browsers, the OS and the most commonly breached applications and plugins are up to date–and if something’s not up to date, it provides a link to get the update.
- Remember, some security patches require a reboot to finish, so reboot your system after patching.
Use Anti-malware software and services
For personal use, my current favorite combination is Avast for antivirus software and Malwarebytes to help find malware and adware. Both come in a free version for home use and both offer additional paid services. Enable the auto-protection features in your anti-virus software, and do periodic scans for malware.
But you can do more than just this to protect yourself. Harden your browser with security plugins, HTTPS Everywhere and Privacy Badger from the EFF can help secure your browser connections and protect your privacy, and Bitdefender’s Trafficlight can help you fend off malware attacks against your browser.
Not actual software, but another tip is to manually configure the Dynamic Name Service (DNS) to use Google or OpenDNS. Google provides DNS at 188.8.131.52 and 184.108.40.206; OpenDNS provides DNS at 220.127.116.11 and 18.104.22.168. The reason this helps is that typically you get DNS server information via DHCP from whatever wireless router you are connected to. So a malicious person could provide you with bad DNS server data and use that to direct you to malicious sites. Information on how to configure DNS manually is found here: https://www.opennicproject.org/configure-your-dns/how-to-change-dns-servers-in-windows-7/
Enable Two Factor Authentication
The idea of two factor authentication is that you use a combination of something you know (typically your password), something you have (typically a smartphone or some other key or device) and something you are (biometric data like your fingerprint). That way if someone does get your password, it won’t be enough to get into your account. Google, for example, will let you set one or more phone numbers for text or voice, or you can use their Authenticator app, and you can also set up a list of one time keys to keep in case you lose your phone. Make sure to set up more than one second factor in case you lose access to one of them. Google calls this two-step verification, more information is here:
Paypal has a similar system, you can have a code sent as a text message, have a voice call to provide a code via a voice call, or answer security questions.
As an aside, if you use security questions, I strongly suggest you make up a list of fake answers, since real answers may be available online or may be obtained by social engineering. What’s your mother’s maiden name? Bling. Where were you born? Mars.
Get A Password Vault
If you are like most people, you use the same password in multiple places. That means if your password is compromised at one site, all other sites with that password become vulnerable. A password vault lets you set a unique password on each site and can help you generate, store and enter passwords via a browser plugin. Then you can make sure you have a few easy to remember but strong passwords for your computer login and the vault, but don’t have to remember passwords for the hundreds of site you visit. See this site for a comparison of popular vaults:
One thing to note, many people store password in their browser. If you want to do this, you need to protect them by setting a master password–otherwise, the passwords are stored in plain text in your profile. For example, here’s how to lock down Firefox:
Four Outer Paths
These are things that are involve using or keeping space to your advantage.
Make Regular Backups
Good backups protect you from data loss and from malware such as ransomware. My rule for good backups is pretty straight forward: you need four copies of your data, only three can be online at the same time, stored in two different locations. The first one is your working copy–that’s your laptop’s drive. Here’s why:
- You want to have a pair of disks for disaster recovery. Two external USB drives works just fine. Keep these off line at home, say, and bring one into the office and make a fresh backup every two weeks or so. Set a calendar event if you need to. This will help prevent someone from deleting all of your stuff. Don’t relay on cloud services like iCloud or Google alone–don’t let this happen to you.
- You need four copies of your data because one must be off line, you’re using the working copy, and you don’t know for sure that either of the other two copies aren’t bad. I know, it’s complicated, but if you let the number sink down to two copies, and the backup copy is bad and you don’t know that, when your working copy failed, you’re in it deep. I know, that happened to me–I had a tape backup system, but the tape I was using was bad and I didn’t know it until the drive failed and I tried and failed to restore the data.
So, one example setup is you pay for backblaze, carbonite, crashplan or something similar. The cost is pretty low and you get cloud backup that runs all the time in the background. Then get your two disks, and you’re set. And most operating systems come with backup software. Here’s how to enable backups in Windows 10.
Also it helps if you use two different methods for making backups, so if one method fails, you’re still making backups.
Scan your machine
We talked about ninite and qualys browsercheck, but it’s also a good idea to scan your machine from the outside. A simple tool for this is Shield’s Up, at grc.com. What this will do is show you what ports on your computer are open to the internet. Generally speaking, none should be.
Cybersecurity is daunting. But you can learn a lot really quickly. Here are some blogs that are useful in keeping up:
- Krebs on Security. Probably the best general topic security blog
- Schneier on Security. Bruce Schneier is a cyptographer and does a good job at explaining the balance of risk versus cost on the large scale, here’s one example.
- The New School of Information Security. Nice general site.
Do not worry if much of this is hard to understand, what you are looking for initially are just an idea of what’s happening and how it affects you.
Use a Virtual Private Network
If your workplace offers a VPN, use it. If you travel or just rely on random coffee shops for connectivity, consider buying a VPN service. A VPN will encrypt data from your laptop to a secure server beyond the control of the folks running the wireless access point you’re using. They can also protect your privacy, and that may be important depending on where you are and what you are doing. Privacytools.io has lots of good tips on VPNs and other privacy related software.
So, these are some things you may find useful. My suggestion is to take steps incrementally–work on one thing at a time and only make one change a week. Focus on making the change work for you, and you’ll make steady progress.