1. Protect yourself when using a public network.
If you’re going to be going online using public wireless networks (for example, at airports, coffee shops, and libraries), you’re not safe unless you protect yourself by using a VPN (Virtual Private Network). You can find a cheap VPN service for approximately $15 a month by searching Google. Then, after you connect to a public wireless network, simply connect to the VPN service. All your communications will then be protected from the prying eyes of hackers.
2. Switch to a more secure browser.
No Internet browser is completely secure! But some, like Google Chrome, are more secure than others. Using Internet Explorer is especially risky: because it’s the default browser that comes with Windows and is so widely used, it attracts the most hackers who are looking for security holes.
3. Use a secure email service.
I highly recommend Google’s Gmail service because it has a two-step authentication feature. You simply download an application to your iPhone, Android, or BlackBerry that displays a new six-digit code every 60 seconds. You must use this six-digit code displayed by the application and your password to get into your email. This additional level of security, called “two-form factor authentication,” has long been used by major companies and government agencies; thanks to Google, you can now use it to give yourself better protection.
4. Keep your software up to date.
Hackers are now targeting vulnerable applications that sit on your desktop, such as Adobe Acrobat, Adobe Flash, and Internet Explorer, among many others. To protect yourself against these threats, it’s critical to install the latest updates not just of your operating system but other key applications. A free software program can help you make sure your applications are current; it’s called Secunia Personal Software Inspector.
5. Choose passwords that cannot be easily guessed, and store them securely.
Do you use the same password for almost everything? Do you keep a list of passwords on your desk or in a computer file with an obvious name? Most people make terrible choices when selecting and storing their passwords. Using one password over and over makes a hacker’s life easy: break it once and he has access to everything. When your bank and credit card companies require complex passwords, it’s natural to want to write them down in a convenient place. The solution: a few open-source projects provide free password-manager applications, such as Password Safe, KeePass, and Password Gorilla. These tools allow you to create a complex password for each site or application you access, and store it securely, thereby reducing the risk that you’ll be the next hacking victim.
6. Protect yourself against opening emailed files that might be dangerous.
Be cautious when clicking on hyperlinks or visiting sites that are sent by others through email, social networks, or instant messenger. I recommend using http://docs.google.com for opening Microsoft Office documents; the site also helps protect you against opening a seemingly safe file that has actually been sent by a hacker and contains malware.
7. Don’t give information over the phone to someone you don’t personally know.
Everyone should know about the dangers of revealing sensitive information over the phone to people whose voice they do not personally recognize.
8. Be wary of P2P (Peer-to-Peer) downloads.
P2P networking is very popular for downloading free software, music, and movies. Some older versions of P2P client software such as LimeWire have a default configuration that shares your entire hard drive with the world, allowing anyone to download any file on your computer. If your kids use your computer, make sure they aren’t installing P2P client software without your knowledge.
9. Consider encrypting your hard drive. Consider encrypting your hard driveConsider encrypting your hard driveConsider encrypting your hard driveConsider encrypting your hard drive
Especially for people who work with sensitive information, encrypting your entire hard drive provides a valuable extra layer of security. Though I have lost critical work product on several occasions with the popular Whole Disk Encryption software that’s part of the PGP product suite, I would recommend evaluating other similar products such as WinMagic.
10. Always be on the alert for social engineering attacks.
Social Engineering is one of the hardest attacks to prevent. A hacker only needs to find a single gullible employee to gain full access to the employee’s workstation or laptop, and through it to the company’s entire computer network. Every computer user needs to be constantly alert to this risk. For businesses, security awareness training is a critical part of the solution to help employees recognize and repel these threats. Commonly, security awareness training is provided to new hires at employee orientation, but to other employees only on an annual basis, if at all. Many stories in this book clearly demonstrate how easy this makes life for social engineers.
To learn about methods for inoculating employees against social-engineering attacks by automating the security awareness training process, I invite you to visit http://mitnicksecurity.com