Be Your Own Security Expert: Difference between revisions
Line 18: | Line 18: | ||
| scope="row" | '''1''' | | scope="row" | '''1''' | ||
| <span style="color:red">'''Use antivirus software'''</span> | | <span style="color:red">'''Use antivirus software'''</span> | ||
: ''Virus authors | : ''Free antivirus products are available so certainly use one. But they can give you a false sense of security since they are far from infallible. Virus authors continually evolve their wares, testing them against a whole slew of antivirus products to ensure they can slip under your radar.'' | ||
| <span style="color:green">'''Install software updates'''</span> | | <span style="color:green">'''Install software updates'''</span> | ||
: ''Malware generally gets its foothold through unpatched vulnerabilities. People sometimes worry that updates might break something. You might want to wait a few days to give the vendor time to pull a bad patch but no more. | : ''Malware generally gets its foothold through unpatched vulnerabilities. People sometimes worry that updates might break something. You might want to wait a few days to give the vendor time to pull a bad patch but no more. Professionals are unanimous that proactive defence by installing updates is much better than reactive defence using antivirus.'' | ||
|- style="vertical-align: top;" | |- style="vertical-align: top;" | ||
| scope="row" | '''2''' | | scope="row" | '''2''' | ||
Line 30: | Line 30: | ||
| scope="row" | '''3''' | | scope="row" | '''3''' | ||
| <span style="color:red">'''Change passwords often'''</span> | | <span style="color:red">'''Change passwords often'''</span> | ||
: ''This is an age-old myth that has been accepted as fact. If it's hard to think of a good password it's | : ''This is an age-old myth that has been accepted as fact in many circles. If you know or suspect that your password might have bee compromised, change it as soon as you can, but if it's hard to think of a good password you can remember, it's still harder to think of a new good one every few months. Whilst changing your password is of some value, if it's leaked you may still be at risk for a number of weeks. Much better to choose a really good one, take care of it and stick with it.'' | ||
| <span style="color:green">'''Use 2-factor authentication'''</span> | | <span style="color:green">'''Use 2-factor authentication'''</span> | ||
: ''A password is "something you know" - a secret that can easily escape. | : ''A password is "something you know" - a secret that can easily escape. The bar is raised very considerably by requiring you to demonstrate your possession of "something you have" (such as a token or a mobile phone) or "something you are" (such as a fingerprint or iris scan).'' | ||
|- style="vertical-align: top;" | |- style="vertical-align: top;" | ||
| scope="row" | '''4''' | | scope="row" | '''4''' | ||
| <span style="color:red">'''Only visit websites you know'''</span> | | <span style="color:red">'''Only visit websites you know'''</span> | ||
: ''Oh for the good old days when you could feel reasonably safe if you steered clear of porn, gambling and hacking | : ''Oh for the good old days when you could feel reasonably safe if you steered clear of dodgy sites such as porn, gambling and hacking. Today, even the most reputable websites have been known to host 3rd party ads containing malicious content, and the bad guys regularly perform automated scans for vulnerable sites which they can infect, which could include your local football club or that of a national newspaper. Now do you understand why patching is the top of the list?'' | ||
| <span style="color:green">'''Use strong passwords'''</span> | | <span style="color:green">'''Use strong passwords'''</span> | ||
: ''Yes of course use strong passwords, and strong means long. Making your password just a few characters longer strengthens | : ''Yes of course use strong passwords, and strong means long. Making your password just a few characters longer strengthens it more than using upper and lower case, numbers and symbols.'' | ||
|- style="vertical-align: top;" | |- style="vertical-align: top;" | ||
| scope="row" | '''5''' | | scope="row" | '''5''' | ||
| <span style="color:red">'''Don't share personal information'''</span> | | <span style="color:red">'''Don't share personal information'''</span> | ||
: ''Of course, be careful what you share online and who you share it with, | : ''Of course, be careful what you share online and who you share it with, especially personal information which could lead to identity theft or the discovery of the answers to the "secret questions" many sites use for lost password recovery. But sensibly used, social networks can be fun and a good way of keeping up with friends and relations.'' | ||
| <span style="color:green">'''Use a password manager'''</span> | | <span style="color:green">'''Use a password manager'''</span> | ||
: ''People often worry that to use a password manager is to put all their eggs in one basket. Well, it is, and make sure you use a widely recommended one, but with a really good master password the benefit is overwhelming. Never again struggle to remember a website's password or be tempted to choose a weak one or one shared among different sites, and let the password manager choose totally random and completely unguessable passwords for you.'' | : ''People often worry that to use a password manager is to put all their eggs in one basket. Well, it is, and make sure you use a widely recommended one, but with a really good master password the benefit is overwhelming. Never again struggle to remember a website's password or be tempted to choose a weak one or one shared among different sites, and let the password manager choose totally random and completely unguessable passwords for you.'' |
Revision as of 09:39, 14 December 2015
Security tips we should all be following. (This page is work in progress.)
Summary
Modern computers and mobile devices store vast amounts of information, some of it sensitive, and yet more of our data is in "the cloud", held by corporations such as Facebook and Google. Just as we've learned that keeping a front door key under the door mat might not be a good idea, there are important and not always obvious lessons we need to learn about keeping our digital lives safe. The basics are covered here.
The first section following this should be understandable by anyone, but later sections may assume you're comfortable with setting up and configuring your device.
Security Top Tips
Google carried out research comparing the top security tips given by security experts with the top security measures general users believed were important, and found worrying differences, as shown below.
Non-Security Expert | Security Expert | |
---|---|---|
1 | Use antivirus software
|
Install software updates
|
2 | Use strong passwords
|
Use unique passwords
|
3 | Change passwords often
|
Use 2-factor authentication
|
4 | Only visit websites you know
|
Use strong passwords
|
5 | Don't share personal information
|
Use a password manager
|
What have you got to worry about?
Additional tips
- Reduce your attack surface
- Unsolicited attachments/phishing
- Backups - 3 copies, 2 media types, 1 offsite
- Data destruction
- Encryption
- Public networks
- Physical security
Reduce your attack surface
Each piece of software on your system could contain security vulnerabilities so it makes sense to uninstall things you don't need. This is critically important when it comes to browser plug-ins as these can often be directly invoked by websites you might visit.
In particular, uninstall the Java plugin if you have it. This is required by a tiny number of websites and has a poor security record.
Likewise, Flash has been plagued by problems, often exploited by malicious Flash-based adverts. Google for instructions for setting it to click-to play in your favourite browser.
Unsolicited emails
If you receive an unsolicited email, clicking a link in it or opening an attachment can really spoil your day. This is probably the commonest way to get infected with something bad.
Such emails are normally part of a "phishing" campaigns in which malicious emails are sent to large numbers of email addresses. Sometimes they are very crude, simply containing a link you may be tempted to click, just out of curiosity. Other times they may be quite cunning, e.g. making out there is a package addressed to you awaiting delivery. The email may even appear to come from someone you know, if their contacts list has been compromised, since forging the sender's address in an email is trivially easy.
To avoid getting caught, you should treat all emails you weren't expecting with the greatest of suspicion unless you are quite certain the sender is genuine.
Also, make sure your system is fully patched and updated to eliminate, as far as possible, the vulnerabilities a malicious email might try to exploit.
External links
- External links (if any) as bullet points.
- If non, delete this section.