By MJ Plaster
You know the line from King Henry the Sixth even if you’ve never read a word of Shakespeare: “First thing we do, let’s kill all the lawyers.” Here we’re talking about black hat hackers, the ones that wreak havoc with computer networks and Internet sites around the world. I’m probably next on their list after that headline, but how else can I tempt you to read vital information that could save your business?
Quantifying the Threat
It’s bad enough that we have to guard against phishing and 419 scams at home, but hacking is a 24/7/365 threat for businesses. Most of it comes from outside the United States, so there’s no recourse. Visit Norsecorp.com for a real-time glimpse into hacking activity across the globe.
There is no surefire defense against “malevolent actors” of any stripe. But you can deter garden-variety hackers by making your network less attractive to hackers.
If you don’t have an IT person on staff to lock down your network, waste no time in finding an outside source. Playing defense is dangerous, and remember, “Done is better than perfect,” because perfect doesn’t exist.
Put It on Paper
Start by ensuring that your written computer security policy is up-to-date. Just as important as preventive steps is the “or else” clause. You have to tie infractions to consequences and clearly state them in your policy. Without consequences, your policy is a toothless tiger.
Passwords—the Devil’s in the Details
We’re more than a quarter century into the computer generation, and people are still using “1234” or “password” for their passwords. That’s insane!
The best password is a passphrase (multiple words) that includes uppercase and lowercase characters, numbers and special characters (if allowed). Password generators create strong passwords, but if you need a sticky note on your monitor to help you remember passwords, it defeats the whole purpose.
Password managers solve the problem without breaking the bank. Two good password managers are LastPass and Dashlane. Dashlane adds an additional feature to change all passwords assigned to an individual with a single click.
Beyond OS Updates, Anti-Virus Software and Firewalls
You’ve installed a firewall and an anti-virus program. That’s nice, but it’s like saying you wash your face and brush your teeth in the morning. Do you update those programs and system software automatically? Do you update your hardware’s firmware?
While there’s a slight danger that an update may cause problems, when a bad update comes out, a corrective update is usually on its way before you can let loose a string of expletives.
Malware is shorthand for “malicious software.” AV Test, an independent IT institute, captures malware activity and reports 390,000+ new malware programs every day. If you click the link and look at the graph, you’ll see how rapidly malware programs have grown over the past decade.
- Worms—self-replicating code that can fill every speck of storage
- Keyloggers—code that capture your keystrokes to a log file, which the perpetrators download
- Ransomware—code that locks your computer or encrypts your data until you pay a ransom
- Spyware—trackers that track and report Internet activity for advertising and other purposes
- Hijackers—change your home page, search engine and other defaults
Anti-virus software doesn’t catch all malware, and no malware program catches everything. Run several anti-malware programs, with only one of them running resident (in the background)—and update religiously. Then run a scan once a week with the programs you don’t run in the background.
Have you ever wondered why there’s so much freeware available? Don’t just click through the installation screens without reading them. Often you’re offered the ‘opportunity’ to install one or more add-ons—with embedded spyware.
After each new program installation, check your installed programs in the Control Panel to see if anything slipped through during the installation process.
Intercept Special Deliveries
Spam is a prime carrier for malware, often through graphics. Some ISPs filter obvious spam before it hits your inbox. Microsoft Outlook, by default, downloads email without images and requires users to download them manually. Since spyware and pornography can enter your computer through email images, keep the Outlook default setting and download images only in emails that come from trusted sources.
Browsing the Internet can leak information from computers to goodness-only-knows whom. We’ll assume you’re using a standard browser rather than some of the ultra-secure, stripped-down browsers. Set your browser preferences to delete cookies and history each time you close the browser, and don’t trust the browser’s privacy setting. You’ll do better with browser add-ons.
The add-ons below may not work with every browser. If not, search for one that offers comparable features for your browser. Add-on links are available from the add-on search feature in your browser. The list below is a bare-minimum list, and I use them all.
- Add Block Plus and Add Block Pop-ups combo—blocks ads and popup adds
- Better Privacy—removes super-cookies, called Local Shared Objects or LSOs, which are not deleted when you close your browser
- Disconnect—speeds up browsers while stopping tracking by 2000+ sites
- Ghostery—shuts out “the invisible Web,” trackers, beacons, etc.
- Self-destructing cookies—removes cookies when you close a tab
- HTTPS Everywhere—encrypts information sent from your browser through a secure connection
- NoScript—prevents scripts from running, but you can whitelist trusted sites
Some of the add-ons are redundant, but aren’t you glad that airplanes have triple redundancy on most systems? You will have to disable some add-ons occasionally to view a page properly, but it’s worth the inconvenience.
Finally, connect to the Internet through a virtual private network (VPN) such as Private Internet Access. VPNs allow you to “tunnel” through their network to your destination. Your destination sees their IP, not yours. You don’t “exist.”
Is Your Head in the Cloud?
Digital Guardian confirms what I have suspected from the moment “the cloud” was announced—it’s the No. 1 security threat to business. Here’s why:
- Can you trust a company full of complete strangers with your data and your customers’ data?
- How secure is the provider’s environment?
- What “rights” to your information does the provider claim?
Free Upgrade to Windows 10
There’s some confusion over who gets a free Windows 10 upgrade. Check with Microsoft to see if you qualify.
Before you jump at the chance to upgrade, you need to understand that, by default, you agree to share a wealth of information with Microsoft when you agree to the 40+-page Terms of Service. As you click through the setup screens, you need to change numerous defaults to avoid sharing information with Microsoft and third parties.
Word on the street is that Windows 10 is a solid product that has gone through many, many hours of testing with a very large pool of testers. Newsweek tells the other side of the story in “Using Windows 10? Microsoft Is Watching.” Until we have reviews from a large group of actual users, take everything you hear with a salt lick.
If Edward Snowden can walk (fly) away with NSA’s treasure trove of highly guarded secrets, imagine what rogue employees can download to their mobile devices through your Wi-Fi connection. Be careful about permissions—who has access to what areas of the network. Review network activities of privileged accountholders and lower privileges if necessary.
Lock Out the Dearly Departed
Do the ghosts of employees past haunt you network? When departing employees hand over their keys to the building, company identification and credit cards, you need to remove their computer access.
In the end, you want to be able to prove that a breach of customer data was not due to neglect. Aside from that, you’ll sleep easier knowing you’ve done your best to thwart hackers from ruining your day.