I have been in the IT Security industry for over dozen years, before Facebook was popular, before Amazon was popular and even before Google was popular. Over the years the definition of what is secure has changed. It use to be install an Anti-Virus product and you are good to go. But now days as the internet become a must have we need to understand what security is essential for a safe browsing environment and what we can live without.
IT Security is different for the individual than it is for an enterprise, however a hacking script scanning the Internet for a weak link where basic security controls have not been applied will unlikely be discriminatory, it won’t care if you are a home machine or a work machine.
So what can we do to ensure we stay secure on the web? Below is a list of the Security Essentials that you should ensure you have ticked of your list, more specifically for the home user. Enterprise users should check out a great site about IT Risk Management.
5. Anti-Virus – A basic one I know, but you will be surprised how many people don’t have anti-virus installed. Typically they will have it installed by default when they purchase a new machine, but 12-24 months later when the subscription runs out, people resent paying for a new subscription. There are some free versions out there, so if you are cheap check them out. I am a big fan of Trend Home Call for a free scan or Microsoft Security Essentials as a basic tool when you are too cheap to by a full commercial version.
4. Change Your Passwords. Some of the biggest hacks in history were caused because the network had a device on it with the default username and passwords. The bad guys just had to scan for machine or devices with the standard usernames and passwords, and they were in.
You should change your passwords every 30 days. You should never have the same password for site that contain financial information, think eBay, Amazon, online banking and your standard websites like Facebook, Youtube or Twitter.
Obviously if you had an account on any website that was hacked that password should be changed on that site an any other site where you used it, as now that the bad guy have the password they will just add it to their scripts when attacking other sites.
If you need to write your passwords down at home, even that would be safer than using the same password for all sites, because the hackers would need to get physical access to your house to get those passwords, which isn’t going to happen.
3. Rename the Administrator Account. When the bad guy knows your username they are halfway in to your network, they now just have to guess your password, and guess what they have a list of every word in the dictionary, so if it is one of those you are in trouble. Take your default Admin account, whatever it is and rename it.
The best defense is to rename your default accounts, such as Administrator, Admin, Root, to something obscure, and no not Admin1, or Root1 or your website name, something really obscure. Hackers are also attempting logins with common first names, like Bob, Joe or Sarah, so these are no good either. A combination of your first name and last name is normally difficult to guess.
2. Change Your Behavior. The bad guys need to get the Virus or Trojan on your machine, there are only two ways for them to achieve that, get you to put it on there or put it on there via an exploit. To get you to download it they can send you an email with a Trojan already attached, or they can get you to download it from a website. All you need to do, is NEVER open attachments unless they are from trusted sources, even if they are image files, pdf documents or Word documents, because these will typically be taking advantage of exploits in the respective programs to download a Trojan in the background.
Secondly, NEVER download an application from the Internet unless it is from the original website, this includes “free” video plays or “hacked games” or even free security software. If you download an un-trusted application you are just asking for trouble.
1. Enable Windows Update. The second way the bad guys will get a Trojan or dodgy application on your system is to exploit a known vulnerability in the operation system or applications installed on your machine. The best way to protect against this is to have the vendors latest patches installed automatically. Windows update is a great way to achieve this. Anti-Virus products can help protect you until the patches have been applied, but the sooner you update the programs with the latest security patches the safer you are.
A lot of these great ideas came from the Security Essentials website, check it out.