10 Security Basics Everyone Should Do
It seems like every day we’re putting out a warning about some new data breach or piece of ransomware that’s going around. We always talk about common sense steps to take to make sure you’re secure online. Well, here's an easy list is the ten things everyone should be doing to protect themselves.
1. Periodically check out your security settings and app permissions. This is a simple thing most people don’t think to do. Even if you’re the type of person who doesn’t play Facebook games there’s still probably an app that you used once and forgot about that still has access. Those are the types of apps that end up hacked and hijacking your account.
2. Don’t click on a link or give out information unless you’re sure who you’re dealing with. Social engineering is probably the easiest most efficient way for hackers to bypass your security. If you can’t exploit flaws in a system, exploit flaws in the humans who use that system. Typically this is accomplished by impersonating a person or a company, then either convincing a victim to give out personal information (phishing) or to click a link that redirects to malware. Be constantly aware and suspicious of links, emails, phone calls, etc.
3. Update your phone’s password. IOS devices lull people into a false sense of security, but that four digit pin isn’t that secure. 15% percent of all passcodes are one of these ten: 1234, 0000, 2580, 1111, 5555, 5683 (LOVE), 0852, 2222, 1212, 1998. Even if it’s not, it’s still not that secure. As a rule of thumb, when it comes to passwords the longer it is, the more secure it is, and four digits ain’t cutting it.
4. Use two-factor authentication. Just do. If we’re being totally honest, passwords by themselves, no matter how complicated aren’t enough anymore. Basically two-factor authentication consists of a password and a code that is send to your phone when you want to log in. Check out twofactorauth.org for a list of services that use it. If you have an account that transmits personal information (Gmail, Facebook, etc.) or banking (PayPal, Wells Fargo, etc.) information, this is the best way to protect it.
5. Use a password manager to track all your different passwords. If you’re using different and unique passwords for all your different accounts (and you should be), you’re going to need a password manager to keep track of them all. You can use the save password feature on your web browser, but that typically isn’t the most secure option, since for the most part if someone hacks your computer, they then have access to that information. Password Managers come with a lot of different option including a random password generator, form filling, secure password sharing and secure notes. Secure notes is good for things like Wi-Fi and router passwords.
6. Automatically back up your computer. If you’re not backing all your information up and something does happen like you get hit with a ransomware attack, all of it could be lost. You can use a service like CrashPlan to automatically back your files up either locally or off-site on their servers. In addition, both Windows and Macs have built in back up tools you can use.
7. Download and use the best antivirus and antimalware software you can get. This is a no brainer, but it’s a good idea to not only have something running to protect against viruses, but to also have a second program such as Malwarebytes for as needed scanning in case something gets through the first layer of defense.
8. Keep tabs on your Wi-Fi. In the same way you have a lock on the door to your house, you need to have a lock on your router because it’s the door to all the information stored on your network. So change the administrator login and use WPA2 (AES) encryption. Also check to make sure someone isn’t stealing your Wi-Fi.
9. Encrypt any personal information sent over email. It’s probably not a good idea to send stuff like your social security number, banks information, tax return, etc. over email, but if you do it needs to be encrypted. You can use a file encryption tool like VeraCrypt or ProtonMail. You can even encrypt your email using PGP.
10. Never use public Wi-Fi without using a virtual private network (VPN). Essentially a VPN makes sure all the data you send and receive is encrypted so that someone can’t intercept and get access to your sensitive information. Your firewall may protect you from the internet but it may not protect you from other people on the same public network.