Be Your Own Security Expert: Difference between revisions
Line 10: | Line 10: | ||
{| class="wikitable" | {| class="wikitable" | ||
|- style="vertical-align: top; | |- style="vertical-align: top; | ||
! | ! scope="row" ! | | ||
! Non-Security Expert | ! Non-Security Expert | ||
! Security Expert | ! Security Expert | ||
|- style="vertical-align: top; | |- style="vertical-align: top;" | ||
| 1 | | scope="row" | '''1''' | ||
| '''Use antivirus software''' | | '''Use antivirus software''' | ||
: ''Virus authors test their wares against a whole slew of antivirus products to ensure they're not easily detected. Antivirus gives a false sense of security, but since free products are available, by all means use one.'' | : ''Virus authors test their wares against a whole slew of antivirus products to ensure they're not easily detected. Antivirus gives a false sense of security, but since free products are available, by all means use one.'' | ||
Line 20: | Line 20: | ||
: ''Malware generally gets its foothold through unpatched vulnerabilities. People sometimes worry that updates might break something. You might want to wait a few days to give the vendor time to pull a bad patch but no more. Proactive defence by installing updates is much better than reactive defence using antivirus.'' | : ''Malware generally gets its foothold through unpatched vulnerabilities. People sometimes worry that updates might break something. You might want to wait a few days to give the vendor time to pull a bad patch but no more. Proactive defence by installing updates is much better than reactive defence using antivirus.'' | ||
|- style="vertical-align: top; | |- style="vertical-align: top; | ||
| 2 | | scope="row" | '''2''' | ||
| '''Use strong passwords''' | | '''Use strong passwords''' | ||
: ''Yes of course use strong passwords, but just as important, don't reuse them across multiple sites.'' | : ''Yes of course use strong passwords, but just as important, don't reuse them across multiple sites.'' | ||
Line 26: | Line 26: | ||
: ''If one site leaks your password the bad guys will try it on many other sites to see what else they can compromise.'' | : ''If one site leaks your password the bad guys will try it on many other sites to see what else they can compromise.'' | ||
|- style="vertical-align: top; | |- style="vertical-align: top; | ||
| 3 | | scope="row" | '''3''' | ||
| '''Change passwords often''' | | '''Change passwords often''' | ||
: ''This is an age-old myth that has been accepted as fact. If it's hard to think of a good password it's much harder still to think of a new good one every few months. Whilst of some value, if your password is leaked it will still leave you at risk for a number of weeks. Much better to choose a really good password and stick with it.'' | : ''This is an age-old myth that has been accepted as fact. If it's hard to think of a good password it's much harder still to think of a new good one every few months. Whilst of some value, if your password is leaked it will still leave you at risk for a number of weeks. Much better to choose a really good password and stick with it.'' | ||
Line 32: | Line 32: | ||
: ''A password is "something you know" - a secret that can easily escape. Requiring you to prove your ownership of "something you have" (such as a token or a mobile phone) or "something you are" (such as a fingerprint or iris scan) raises the bar very considerably.'' | : ''A password is "something you know" - a secret that can easily escape. Requiring you to prove your ownership of "something you have" (such as a token or a mobile phone) or "something you are" (such as a fingerprint or iris scan) raises the bar very considerably.'' | ||
|- style="vertical-align: top; | |- style="vertical-align: top; | ||
| 4 | | scope="row" | '''4''' | ||
| '''Only visit websites you know''' | | '''Only visit websites you know''' | ||
: ''Oh for the good old days when you could feel reasonably safe if you steered clear of porn, gambling and hacking sites etc. Today, even the most reputable sites have been known to host 3rd party ads containing malicious content, and the bad guys regularly perform automated scans for vulnerable sites which they can infect, which could include your local football club website or that of a national retailer. Now do you understand why patching is the top of the list? | : ''Oh for the good old days when you could feel reasonably safe if you steered clear of porn, gambling and hacking sites etc. Today, even the most reputable sites have been known to host 3rd party ads containing malicious content, and the bad guys regularly perform automated scans for vulnerable sites which they can infect, which could include your local football club website or that of a national retailer. Now do you understand why patching is the top of the list? | ||
Line 38: | Line 38: | ||
: ''Yes of course use strong passwords, and strong means long. Making your password just a few characters longer strengthens your password more than using upper and lower case, numbers and symbols.'' | : ''Yes of course use strong passwords, and strong means long. Making your password just a few characters longer strengthens your password more than using upper and lower case, numbers and symbols.'' | ||
|- style="vertical-align: top; | |- style="vertical-align: top; | ||
| 5 | | scope="row" | '''5''' | ||
| '''Don't share personal information''' | | '''Don't share personal information''' | ||
: ''Of course, be careful what you share online and who you share it with, but sensibly used, social networks can be fun and a good way of keeping up with friends and relations.'' | : ''Of course, be careful what you share online and who you share it with, but sensibly used, social networks can be fun and a good way of keeping up with friends and relations.'' | ||
Line 44: | Line 44: | ||
''People often worry that to use a password manager is to put all their eggs in one basket. Well, it is, and don't use an obscure one, but with a really good master password the benefit is overwhelming. Never again struggle to remember a website's password or be tempted to choose a weak one or one shared among different sites, and let the password manager choose totally random and completely unguessable passwords for you.'' | ''People often worry that to use a password manager is to put all their eggs in one basket. Well, it is, and don't use an obscure one, but with a really good master password the benefit is overwhelming. Never again struggle to remember a website's password or be tempted to choose a weak one or one shared among different sites, and let the password manager choose totally random and completely unguessable passwords for you.'' | ||
|} | |} | ||
==Additional tips== | |||
* Unsolicited attachments/phishing | |||
* Backups - 3 copies, 2 media types, 1 offsite | |||
* Data destruction | |||
* Public networks | |||
==External links== | ==External links== |
Revision as of 21:02, 5 September 2015
Security tips we should all be following. (This page is work in progress.)
Summary
Modern computers and mobile devices store vast amounts of information, some of it sensitive, and yet more of our data is in "the cloud", held by corporations such as Facebook and Google. Just as we've learned that keeping a front door key under the door mat might not be a good idea, there are important and not always obvious lessons we need to learn about keeping our digital lives safe. This page covers the basics.
Security Top Tips
Google carried out research comparing the top security tips given by security experts with the top security measures general users believed were important, and found worrying differences, as shown below.
Non-Security Expert | Security Expert | |
---|---|---|
1 | Use antivirus software
|
Install software updates
|
2 | Use strong passwords
|
Use unique passwords
|
3 | Change passwords often
|
Use 2-factor authentication
|
4 | Only visit websites you know
|
Use strong passwords
|
5 | Don't share personal information
|
Use a password manager
People often worry that to use a password manager is to put all their eggs in one basket. Well, it is, and don't use an obscure one, but with a really good master password the benefit is overwhelming. Never again struggle to remember a website's password or be tempted to choose a weak one or one shared among different sites, and let the password manager choose totally random and completely unguessable passwords for you. |
Additional tips
- Unsolicited attachments/phishing
- Backups - 3 copies, 2 media types, 1 offsite
- Data destruction
- Public networks
External links
- External links (if any) as bullet points.
- If non, delete this section.