Cyber Attack Prevention for the Home
We covered the top ways to protect your business from cyber attacks in another recent blog post. Which makes sense, since GeekTek focuses on providing cyber security and other IT services to businesses, not consumers.
You wouldn’t expect us to give advice on slow-cooker chicken recipes, either, though we’d personally recommend this one for both easy cooking and cleanup and superb flavor.
But that’s not to say that we don’t care about our clients’ personal devices and information, too. For one, we like to help our clients out any way we can – it’s an extension of our values of empathy, excellence, and integrity.
Second, it’s possible for hackers to use clients’ personal devices and info to break into company networks, including by:
> Physically stealing devices that are logged in to company resources or that have company credentials/passwords stored in an easily accessible way
> Using info stolen from past security breaches or posted to your social media accounts (or otherwise publicly available) to access company resources
So here’s some quick tips on how to protect your personal devices and info when you’re not at work.
Be Careful When Visiting Dangerous Websites
Dangerous/sketchy websites include adult content sites, gambling sites, and sites hosting pirated content. These sites often operate outside the law as it is, so they’re not likely to worry too much about removing malware or preventing themselves from being hacked, that is if they’re not in cahoots with cyber criminals themselves.
They can force you to auto-download malware or trick you into downloading malware disguised as something else, like a ZIP or RAR file that supposedly contains part of a recent game or movie.
Another type of website to worry about: the websites of small businesses. These sites may have been developed a long time ago and then forgotten. Their out-of-date backends make them easy targets for hackers, and the small businesses’ employees and clients may not know when a site has been hacked and is hosting malware.
If you have to visit one of these sites, make sure your Windows OS and all your applications are up-to-date and you have antivirus installed and activated. Alternatively, since 99% of viruses target the Windows OS, you can visit these sites on a Mac or mobile device.
Obviously don’t download anything or submit any payment info if you can help it when on these kinds of sites.
Keep Your Software Updated
Many types of malware work by targeting known vulnerabilities in software that have already been addressed in updates or patches released by the software developer. That’s why it’s important to run updates as soon as they’re available on your personal machines, even if it’s kind of annoying and a chore or if you’re a fan of the older version of the software (like Windows 7).
Install Antivirus Software
Install antivirus software, whether free or paid, on your computer or make sure Windows Defender is activated. There are a lot of different options here.
The best antivirus software for you depends on personal preferences including cost, whether you care about pop-up ads, whether the effect of the software on the performance of your PC will be noticeable to you or matters to you, the features you want (advanced firewall features, parental controls, online backup, etc.), whether you care about false-positives, and your browsing habits. Do some research to find out what antivirus software works best for you.
Yours truly uses Norton for his personal PC and is fine with it. It performs well enough in independent AV tests. If you use Norton make sure to turn off auto-renew and buy a new license separately every year, otherwise they usually try to hit you with a big increase in the subscription price for your 2nd year.
Follow Password Best Practices
Choose strong passwords
At least 12 characters; use letters, numbers, and symbols; don’t use real words; don’t reuse passwords; change passwords every 90 days or so
If you need to store passwords, do so securely
If you use a password manager like the one integrated in Chrome or LastPass, make sure to use a strong master password for the manager itself. If you write down passwords, store the piece of paper in a secure place like a safe. Don’t store your passwords in an Excel or text file.
Don’t use security answers that someone could guess
Lots of hackers use automated methods with minimal personalization, but some may take the extra step of doing some research on you. By looking you up online or checking out your social media profiles, they can relatively easily find or guess answers to common security questions, including your mother’s maiden name, the city you were born in, the names of your pets, and the name or mascot of your schools.
If there aren’t any security questions you’re sure someone can’t find out online or guess, just use a strong password as your answer and store or remember it as you normally would.
Back Up Your Data
Just like with your business data, make sure to back up all your important personal files as well, both to protect yourself from ransomware and in case of drive failure, accidental deletion, or some other reason. Use the 3-2-1 rule for important files – back it up to both an external hard drive and a cloud-based service like Google Drive.
Be Careful When Using Email
We covered this pretty extensively in our article about protecting your business from cyber attack. Check out some of the tips we gave there.
To sum it up, don’t click on links, open attachments, or respond to emails if the emails seem suspicious. Hover on links before clicking on them. Double check the “from” address of the sender if the email seems out of character.
When in doubt, call or ask the sender in person to double-check, or navigate to the website or service in question independent of the email (i.e., don’t click the link in the email from Bank of America, just go to bankofamerica.com and log in there directly).
At least in our experience, malicious/phishing emails tend to be more common on personal email accounts, perhaps because personal accounts have less aggressive/effective spam filters, and we’re more likely to give our personal accounts to less reputable services and people.
Unlike malicious/phishing emails sent to businesses, which tend to be disguised as invoices and resumes, malicious/phishing emails tend to be fake password requests, fake service cancellations, etc.
How GeekTek Can Help
To be honest, we can’t. As we mentioned up top, we actually only support businesses. If you need help with your personal devices, there’s another company that has “geek” in its name that can probably help you.
But we’re here to help you with your IT business needs whenever you need us – including managed services, helpdesk support, IT projects, system integration, and cloud migration, management, and hosting.