Information Security Do's and Don'ts
Aug. 18, 2016 Article

Information Security Do's and Don'ts

Share

Online Safety

If you didn’t go looking for it, don’t install it.

Many times we have a tendency to visit websites that publicize a tool to get rid of viruses and speed up your pc, to that there area unit several nice code packages aimed toward doing simply that. However, links encompassing our favourite on-line website or web log might contain spyware or malware. If you specifically look for code to hurry up your pc, you're far more possible to seek out a respectable supply.

If you installed it, update it.

Those dreaded updates. iTunes, Windows, Adobe, how many programs could possibly need updates? The answer – ALL OF THEM. Many times websites and viruses exploit your computer due to an outdated browser, operating system, or software. To ease the burden, most software can be set to automatically update when there is a new up. New vulnerabilities come out every day and it only takes one to severely damage your family photos, files, and even your identity.

If you are done using it, remove it.

Chances are programs you stop using aren’t getting updated because they are never opened. This is one of the leading causes of virus infection and system compromise.

Does your computer stay on all the time?

When plugged into power, many laptops and desktops will stay on 24/7. While they use much less power than they used to, one of the largest risk is leaving a computer connected to the internet 24/7. Putting it to sleep when you leave reduces the amount of time your system has exposure to the internet, which in turn reduces its risk of unattended compromise. Most anti-virus/anti-spyware applications run at all times and help protect against anything that may attack your computer. It’s still a good rule of thumb to have the device turned off if it is not needed at the time.

Installing applications on mobile devices

A lot of our digital lives are spent on smart phones and tablets when we are on the move and not around our computers. Many of the same tips we have discussed for computers also applies to applications (apps) on mobile devices. In the app stores, there are a lot of apps that could do what you are needing it to do but there are a lot of choices. Some of these apps may be from non-reputable or third party developers that should not be trusted. Make sure to look for the reputable first party version of the app and grant access to only those items in your mobile device that are not sensitive.

Passwords and Security Questions

There are a couple of things you can do when creating and using a password. Ideally you would use a new password for every website. Password vault applications (LastPass, 1Password, KeePass) are very handy for this. Create passwords that use a combination of words, numbers, symbols, and both upper and lower-case letters. A strong example that is easy to remember as well as extremely secure are phrases from your favorite movie or an inside joke you have with your significant other. While the use of phrases may seem easy to guess, the spacing and punctuation make it extremely hard to guess, as well as thwart a dictionary attack that typically use common word and number combinations (Show me the $$$$!!).

There are also some things that you should avoid when creating a and using passwords. Do not use your network id as your password with a number after it and don’t use easily guessed passwords like “admin,” “password” or “user.” Also do not use any personally identifiable information in your password (SSN, Names, Birthday, Anniversary, Kids, Pets, etc). Avoid using words that are in the dictionary with a number after them and using keyboard combinations that are easily guessed (qwerty, 123456, q1w2e3r4t5).

Again, don’t use the same password at multiple sites. If you must reuse a password, never reuse your primary email password. If that email is compromised, other sites you use that password for may soon be compromised. You shouldn’t store your passwords in a text file on your computer. It is substantially safer to actually write them down on paper and store them in a fireproof safe.

Many sites like Google’s Gmail allow you to use multi-factor authentication requiring a specific time based PIN as well as your password. That way if your password is compromised, access is still denied.

When creating an account, you will most likely be asked to set up security question in the event you forget your password and need to retrieve and or reset it. Make sure to use questions and answers that are not obvious. That way it makes it harder for someone if they are trying to get into your account by resetting your password.

Cyberfraud

Probably the most successful way of allowing a system compromise or network penetration is by clicking on fraudulent links or files sent to you by someone you trust. It is very easy to spoof an email address and act as someone else (despite it being against the law). It happens every day, and most likely you have received something like this in the past. If it seems too good to be true, it probably is. Contact the sender of the email by phone to validate the request. By operating under that principle, you will delete those emails instead of open them. Also report these emails to your administrator as soon as you receive them. They will be able to investigate its origin and protect against future attacks. For personal email, mark the email as spam and reach out to your email provider.

Set the privacy mode of all your social media to the highest settings. This is a way attackers can gain the information they use to guess security questions and passwords. As social media matures, it is possible they can guess your mother’s maiden name, as well as the street you grew up on — which are two of the most common security questions.

Use a secure Wi-Fi network at home. While not having a password is convenient, it is one of the worst things you can do for your security.

Free Wi-Fi

While convenient, attaching to any public network, say Starbucks, puts you at substantial risk for someone being able to impersonate you on the internet or completely compromise your computer. This can happen in minutes or even seconds, so your best bet is using your phone as a hotspot.

If you absolutely need to use free Wi-Fi, consider the following tips:

  • Don’t access any of your sensitive sites such as online banking.
  • Make sure the Wi-Fi network you are connecting to is the legitimate network presented by the establishment. You can check with the front-desk at a hotel or someone behind the counter at a restaurant to verify this.
  • Use a Virtual Private Network (VPN) if that is available through your work.