Since October is Cyber Security Awareness Month we have decided to put together a Computer Security 101 Checklist. Information Technology administrators know the value of computer security. Communicating that value to your end-users, however, can often prove to be a challenge.
Remember, every security best practice is a trade-off between convenience and safety. Users who don’t understand the stakes involved in computer security won’t often give up their convenience. Below are seven key aspects of computer security that all IT admins should teach their users:
Password Security
Here’s an easy way to tell if someone is trying to steal information from you, or do damage to your technology: They ask for your password.
- Never share your password with anyone, ever
- Use a passphrase (a short sentence that’s easy to remember) instead of a password Combine your passphrase with two-factor authentication
Email Security
It’s perfectly okay to open an email from someone you don’t know, and it’s perfectly safe to read it. But unless you’re really sure that the email is legitimate, don’t act on it. Don’t reply, don’t click, and don’t download. To do otherwise is to make yourself a target.
- Never respond to an email from strangers
- Don’t open any attachments that you haven’t scanned first
- Don’t open any links you haven’t checked (hint, hover over the link to ensure it’s really going where it’s supposed to go)
- Always backup your email
Web Browser Security
When you see a message in your web browser that tells you to install anything, stop. That app that offers to save you time, money, or let you view a video might be malware, as in software designed to do damage or help out hackers. Check with your IT advisor to obtain their approval before you install anything from your web browser.
- Only install from safe sources (hint, the vendor’s download site or your browser’s add-in store)
- Look for the lock and ensure you see the icon before entering your personal information into a website
- Save and sync selectively when asked “Would you like to store this password?” The best answer is NO. If you log in then you should also log out – always
- Clear and back up everything
Smartphone Security
Your smartphone or tablet is designed for quick, easy access to all your data. No one wants to have to log into their Gmail inbox or Facebook account on the go—much of the value of a smartphone is that it can stay logged into these services and notify as soon as your receive a message or an update—so smartphone versions of these apps let you stay logged in for weeks at a time. In many cases, the same thing is true for your personal banking app or the app you (almost never) use from your insurance company.
This means that anyone who gets ahold of your phone can probably read your email, raid your bank account and maybe even scroll through medical history without ever needing to know a single username or password.
- Always use a lock screen – every smartphone and tablet have one. Use it.
- Nobody should ever borrow your smartphone
- Don’t respond to a text from a stranger
- Don’t answer calls from strange phone numbers – it’s better to screen these calls. Let voicemail handle it. Back up everything
Workstation Security
A “security suite” is what computer nerds call an antivirus program, mostly because a security suite does a whole lot more than antivirus software ever used to do. Security suites protect your system from viruses—and malware, spyware, and network attacks. Not all malicious programs are viruses. Some programs present themselves as useful, but are spyware. For example, a program that offers to alert you to discounts or deals, but also secretly monitors everything you do online. Your security suite should detect that and disable these kinds of software.
- Use an active security suite, aka an antivirus program to protect your system from viruses such as malware, spyware, and network attacks
- Update your software – keep your operating system, security suite, and programs up-to-date Leave it? Lock it. Don’t leave your system logged in and unattended
- Don’t share your system with anyone unless specifically told by your IT team
- Back up your data
Network Security
A Wi-Fi access point named “Free Hotel Wi-Fi” or “Conference Center Guest” or “Coffee Shop Network” might not be provided by the hotel, convention center or cafe. Anyone can create a Wi-Fi access point with that name. It may be very difficult to identify the difference—hence the name for this type of attack: The evil twin.
The evil twin access point looks legitimate, but isn’t. When you connect your device to an evil twin, the attacker may access all the data that travels through the access point.
- Never connect to Wi-Fi that you don’t own Don’t connect to Wi-Fi without a password Always use a firewall
- Always use SSL in your web browser
Social Engineering
No matter how good the locks are on your front door, they don’t matter if you invite a thief into your house. We’ve discussed the dangers of letting others borrow your smartphone or workstation, but those are just two examples of a so-called “social engineering attack” – which is a fancy term for hackers using con artist tricks to get around your computer security, rather than attacking your hardware or software directly. An informed and alert person remains the best defense against such attacks.
- Don’t talk to strangers online
- Only give out data on the phone calls that you started
- Watch your back – literally. Be aware of your surroundings when in public and logged on to your computer
- Everybody you just met is a stranger, no matter what they claim to “know” – the best advice for online and in person as well.
Computer security can be complicated and intimidating for the average user. It’s tempting to simply give your users a list of things to not do and demand they follow it, no matter how annoying or confusing those instructions might be.
If you take the time to explain why your company uses certain types of security software, or requires specific security procedures, your users are much more likely to take these lessons to heart. User error is one of the leading causes of data loss but, with a little education, you can reduce the risks of your users damaging or disclosing your business data.
Most of this information can be found in the guide provided by Public Safety Canada, called the Get Cyber Safe Guide for Small and Medium Businesses. It is aimed at helping managers understand the cyber security risks their organizations face, and provide them with practical advice on how to better protect their business and employees from cyber crime.
Feel free to Contact Us for more information.