Tuesday, December 25, 2012

Personal Cyber Security - TEEX's Holiday Guide, Part 2

Earlier this week we blogged about the importance of personal cyber security, and how poor practices can endanger personal and company data. In this blog, we’ll address several important items that everyday users encounter and how to secure them.

Anti-Virus Software - Without proper virus protection, your PC may have a Trojan Horse virus quietly waiting to carry out a malicious attack, using your computer and Internet connection.

If you have a personal computer running any version of Windows, you must have up-to-date antivirus software. Fortunately, there are many options available, at costs ranging from free to $200 per year. A new PC will generally come with a trial version of Norton or McAfee antivirus, lasting from 90-days to one year. During the program set-up, pay attention to the automatic updates and scheduled scan settings. Both must work for full protection. Make sure the scheduled scan is during a time when the computer is on and idle. Watch for the automatic updates to occur, usually once per week.

Free antivirus software, such as AVG, protects millions of users daily. Educate yourself by checking reviews on the Internet and use the software you are most comfortable with. Bigger and more expensive isn’t always better, as more layers of protection sometimes slow computers down noticeably. The important note is to use antivirus software of some kind and keep it up to date!

For everyone running iOs (on all Apple products) and Android (on other smart devices), it’s time to accept that your devices are susceptible to the same security problems as Windows pc’s. Install antivirus now so you won’t be the first in your office with problems.

Another thing to be cautious of is using mobile wireless networks in public places with your smartphone. More and more people use their smartphones to access Facebook, twitter, personal emails, and bank accounts. Most smartphones are set up to automatically switch to open access wi-fi accounts when they are available. This leaves the information on your smartphone available to any hacker who sets up a wi-fi hotspot in a public location. To save yourself the possible exposure, turn off the wi-fi on your phone and stick to using the phone's own data plans to gain internet access.

Passwords - Without proper password security, your entire online presence: facebook, movies, and bank accounts can be hacked, hijacked, and erased.

The use of personal passwords seem to have the greatest difference between expectation and reality. In an IT security analyst’s perfect world, each of your passwords would consist of at least ten random letters, numbers and special characters. Each account or device would have a different password and they would change at least every ninety days. Unfortunately, the most popular password in use today is 12345 or password.

Although impractical, we should never use the same password on more than one account. TEEX System Security Analyst Tyler Burwitz has some realistic suggestions for that problem.

Consider three or four primary passwords, each with a different level of security.
  • A long, complex password, limited to high-security financial accounts.
  • A different, secure password for other important accounts.
  • A password for less important accounts.
  • A “throw away” password, for when you just have to sign up for something.

By using these methods, your bank account can’t get hacked along with your twitter account.

Burwitz offers these suggestions to help you choose more secure passwords.
  • If the word or phrase is on your facebook page or any other online presence, don’t use it, even with variations. Good examples are pets, places and names.
  • If it is in the dictionary, don’t use it, even with variations.
  • Think PassPhrase instead. It doesn’t have to be a word.
  • Longer is better. A 20-character lower-case password is better than a 10-character complex password.
  • Use spaces in the password, if allowed.

Once a hacker has a possible password for you, he has programs available that run all the possible variations of the word. If he knows your first pet was named Fido, the program will try Fido1, 1Fido, etc.

One level more secure than a long, complex password is two-step authentication. When a user attempts to log into an account using two-step authentication, the server sends a one-time text code to the users cell phone, which is then entered on the login screen. Even Wired reporter Matt Honan wrote recently how he was hacked and his life erased, even though he was using two-step authentication. According to Burwitz, “If someone has the time and patience, they will figure out how to get your data from you. It's not as hard as you think, usually taking an hour or less.”

Biometrics, such as a fingerprint or iris scan, are beginning to play a greater role in security, but as a second layer of authentication instead of replacing passwords.

Some password security procedures are being reconsidered. For example, is it better to have a poor password changed every 90 days, or a long, complex password that is only changed annually?

Complaints usually accompany mandatory password changes. Burwitz explains those requirements several ways. “First, we have to follow the law. Information Technology Security must maintain a high level. We also must prevent loss of data that can result in financial loss for the agency, as well as damage to our reputation, and in an extreme case, possible personal harm.”

Game Consoles - Many of the latest game consoles have access to the Internet through a home’s wireless router, allowing users to play games with other users worldwide. It’s important that parents understand how this works and take security measures that range from disabling the “live” account to ensuring the users screen name doesn’t divulge personal information. Even though the security settings have been modified to prevent live play with strangers, other players may have different settings allowing unknown persons into the game. Parents should visit the manufacturer’s website to fully understand the capabilities of the game console before giving it access to the Internet.

Wireless Routers - Operating an unsecure wireless router at your home or business leaves you open to compete data loss and responsibility for everything that occurs on your Internet connection. These routers allow our favorite devices to connect to the Internet, as well as share information among themselves. Unfortunately, most routers are shipped with even basic encryption disabled, allowing an outsider to do several nasty things, from slowing Internet speeds by using bandwidth to stealing your files and data.

In the past, setting the highest level of security possible for your wireless router was difficult and frustrating. The latest routers use a push-button method to connect devices, while older routers still require passwords. If you are having difficulty, consult the setup instructions that came with the router or the manufacturer’s website. You can also search YouTube for “connecting to the (insert router model here) router” or a similar phrase. Finally, Burwitz suggests, “Call a family member who knows what they're doing, probably your 15-year-old son or grandson. Also, some companies allow IT personnel to help you in this type of situation.” The important message is to get help to secure the router.

In 2013 and beyond, we must approach personal online security with the same emphasis as locking our home or car and caring for our purses and wallets. We must also be mindful that our poor security habits can compromise other computers or networks. Please take the time to have a safe, secure Internet experience this holiday.

Matt Honan’s Wired article - Kill the Password: Why a String of Characters Can’t Protect Us Anymore

Sam White owns a technology consulting company and is
an adjunct communications specialist for TEEX.

No comments: