I started to get paranoid due to the rise of online security threats. Going offline is not a practical solution in the world of "Internet of things". The fact that the average individual is not often under attack must not be taken for granted. Not staying safe online should keep each one of us awake at night. When an attack happens the damage can be severe. So how can we protect ourselves online? I have researched the topic and gathered some of the most important tips recommended by security experts to stay safe online. The good news is that being secure online requires more vigilance than computer networks experience. The vast majority of attacks can be prevented by extra caution and following simple steps. In the sections below, I am going to follow a layered security approach. If one layer gets penetrated, the next layer provides protection and so on. Let us say how.
1. Data Backup
Before learning any trick to keep yourself safe online, make sure you copy important data into a safe place (ex. Cloud storage such as Google Drive or DropBox). Assuming there is no way to recover from a cyper attack, having backup data becomes the last resort. This applies to both desktops and mobile devices as well. Backup saves the day for any data loss, not only when getting hacked but also when a hard drive fails.
2. Router Settings
Does it make sense to leave your home and keep the doors open? the answer is definitely NO. Similarly, most of us use wireless routers to connect to the Internet. Home routers are the main gateway to the Internet. They must be secured just like we lock physical doors however, many of us keep home router on default settings which is absolutely wrong. Routers usually provide a web interface to configure settings. Open a browser, login to your router web interface and apply the following steps. Note that you can get the IP address of your router from the TCP/IP network settings (On Mac: System Preferences, Network, WiFi Advanced, TCP/IP, Router IP)
- Make sure router firmware is up-to-date
- Change router default credentials and use a strong password.
- Disable remote management (typically disabled by default)
- Enable a strong encryption scheme (ex. WPA2-PSK (AES))
- Enable firewall to disallow unsolicited inbound traffic from the internet to your home network
- Apply MAC filtering and only allow the devices that you use at home such as your laptops and phones.
- Disable SSID broadcast so that your wireless network is not automatically discovered by other computers
- Disable universal plug and play UPnP feature as it is notoriously insecure.
3. Software Updates
Alright, the main gate is now secured. What is next? Yes, it is simply updating the operating system (Mac or Windows) and applications to the latest versions. Why? hackers keep discovering security holes in the software we use and exploit it to their malicious advantage. Usually, software companies provide updates in the form of patches to fix security holes. If the software is not frequently updated, the chance to get attacked is higher. Long story short, enabling automatic updates (for both OS and applications) is an important security practice.
4. Software Firewall
We indicated earlier that we should enable the hardware firewall feature on the router. For extra security, we should also enable the builtin software firewall that ships with the operating system. Both Windows and Mac provide software firewalls. Hardware firewall sits between your computer and the Internet while a software firewall sits between your computer and the local network. If one of the local computers becomes infected, your software firewall can provide the needed protection in this case. To turn on the firewall on Mac go to System Preferences, Security and Privacy, Firewall.
5. Strong Passwords
The digital world we live in is no doubt password driven. Passwords are used to login to computers, access data, connect with friends or make online purchases. Passwords should be hard to guess and unique for different places. This makes it hard to manage and remember. For that reason, security experts suggest the use of password managers. A password manager uses a single strong master password that needs to be remembered. There are two main benefits for using a password manager.
- We do not need to memorize too many passwords. Only the master password and the local computer password need to be remembered.
- The password manager generates strong and unique passwords for each online service it is keeping track of. Recall that using a single password for all online services is risky. If one service is compromised puts the other services at risk.
For tighter security, it is advised to use two factor authentication (ex. code sent to your cellphone) in addition to passwords whenever possible and signup for login notifications (i.e get a notification whenever someone attempts to access your account). Finally, to come out with a strong and easy to remember password you can refer to the following post.
6. Data Encryption
When accessing confidential information (ex. e-banking or online shopping) make sure data communication is encrypted using SSL. If you are using a web browser, make sure the URL starts with https and the lock icon indicates a trusted website. For more information about SSL refer to the following article.
7. Downloads and Attachments
One of the most dangerous things to do online is downloading files, opening email attachments and installing applications. Downloads can infect your computer with viruses, spyware, malware, etc. which may cause damage or unexpected behavior. Whenever you are about to download a file from the Internet make sure you are connecting to a trusted site. Do not open any email attachment unless you know and trust whoever sent the file. Even if you know him or her, think twice before opening an attachment and scan the downloaded files for viruses. Finally, do not install any applications unless they are from a trusted site.
8. Links and Phishing
Think twice before you click any link and specially links within email messages. Always look at the link target URL before you click and make sure it points to a safe destination. Malicious links in many cases point to phishing sites to collect personal and financial information or infect your computer with viruses and malware. Once you land at the phishing site you may think it is a legitimate site (your bank or email service) because they design the UI in way it resembles the actual site. Look at the address bar it must be different even if it is very close to the original one.
9. Virtual Machines
If you are super paranoid and want to make sure no damage is going to happen to your computer during an online activity you may setup a virtual machine. Login to your virtual machine, perform the online activity then logout back to your host operating system. If you are not familiar with virtual machines you can refer to these articles (one and two).
Educate your family members about online safety. Do not share personal information and use privacy settings to your advantage. Watch what you post on social media. Spread security awareness and make it a habit.
Following the steps mentioned earlier does not guarantee online safety, however it should reduce the odds of getting hacked. Remember that protection is better achieved using a layered approach. In summary, backup data, secure wireless router, update software, enable firewalls, use strong passwords, use SSL, beware of bad downloads and links. Finally, teach your family and friends the basics of staying safe online. What are you waiting for ? Go ahead and apply these steps. It is a one time task that should not take long time. Also, pass the check list to your friends. Stay safe.
Thanks for reading.