Keeping our connected devices secure has become easier – and harder! Easier because we have more tools to defend our online assets, and harder because the opposition has grown much larger and become more sophisticated. And the enemy is not limited to criminals, there are terrorist groups, nation-state sponsored cyber operations teams, hacktivists, and other with malicious intent and nefarious schemes.
When I started writing this blog in October 2006, almost 2000 articles ago, criminal gangs had just started getting into the cyber-crime business. We were in the middle of a barrage of email worm attacks such as ILoveYou, Nimda, Lirva, and Code Red. The security tools we had back then were limited to mainly anti-virus software and firewalls.
October is Cybersecurity Awareness Month, and this week’s theme is “If you connect it, protect it.” Today we will list the ways that you can protect your computers and other devices. On Wednesday we will discuss ways to detect if you have been attacked and compromised.
Anti-malware software suites are still the backbone of defense. Today’s anti-malware is a collection of integrated tools that provide malware detection and eradication, a personal firewall, pop-up blocking, browser hardening, email filtering, and much more. The are usually integrated with free anti-malware apps available for your smartphone too.
A Personal firewall is a feature of both Apple and Windows operating systems. Make sure yours is enabled and configured to protect you.
Passwords and two-factor authentication are another critical piece of protection. Passwords alone are no guaranty of protection, but when coupled with 2FA it becomes almost impossible for an attacker to hijack your computer and online accounts. Passwords should be 12 characters or longer and unique to every site. You can make them easier to remember by using a password manager.
Update and patches for your computer operating system, software, device drivers, and even firmware are nicely automated in Windows and other operating systems. Make sure you keep your computer updated with the latest security patches and anti-malware signature updates. Again, do not neglect your smartphone, there are updates for that device too.
Email is still the number one attack vector. Enable all automated email filtering that is available to you. Popular public platforms such as Gmail and Outlook.com provide excellent email filtering protection as part of the service. Domain-name based email accounts can be protected by enabling the feature with the hosting company. Never click on a link in an email or open an attachment until you have confirmed the sender is legitimate. When in doubt, delete the email and move on, or check with your help desk or IT support. Check out my weekly phishing analysis on the Friday Phish Fry we post every Friday to learn more about the latest email-borne threats.
Software applications and phone apps should be installed only from trusted sources. Research the applications online to check its reputation before installing. A Trojan Horse is a malware application included inside another program such as a game, system cleaner apps, and performance utilities. Make sure any software you install is legitimate. Uninstall any applications and phone apps you no longer use.
Wi-Fi networks in your home or office should be secured by using a passphrase and enabling strong encryption. Unsecured public wireless networks should be avoided.
Internet of Things (IoT) devices need to be secured as best they can. When shopping for smart devices such as media streamers, thermostats, locks, cameras, include the manufacturer’s record for properly securing these devices. Many IoT devices are being hijacked and used in botnets, make sure yours will not be one of them. Power cycling (unplug and plug in) IoT devices often clears any installed malware. But be sure to secure them, or the infection will just return.
Start off this October by performing your own security audit of the devices on your home network, and if you own a small business, your work network too. If you work in an IT department, none of this should be new to you. Good luck on your cybersecurity journey and remember: “If you connect it, protect it.”