Tuesday, December 17, 2019

3 Things You Can Do to Improve Your Security on the Internet

I know it can feel like the only way to have any kind of security with Internet hacks and exploits these days is by going offline and heading to a cave. But there are a few relatively easy steps you can take that will make a big difference.

  1. Use a password manager. One of the worst things you can do is to use the same password over and over again. Another no no is to use passwords that are easy to guess, e.g., Password or 12345 or even something you think is clever like P@ssw0rd. I know a number of people who create good passwords and write them in a book. Okay, if that works for you. I exhausted my good passwords years ago and now suffer from password overload. One of the benefits of a password manager is that they create randomly generated secure passwords for you on demand. And they can be accessed wherever you are so you don't need to generate a new password when you're traveling and the app you need for your hotel reservations has mysteriously forgotten your password. Your trusty password book is a thousand miles away and seemingly your only option is to do a password reset and hope that all works out in a timely fashion.Of course, you will need a good strong password for your password manager - preferably a phrase you can remember.
  2. Use two factor authentication whenever possible. I know this one is a hassle. I frequently mutter unkind things under my breath when I need to log in again to LastPass (my password manager of choice), Google, Facebook, etc. Basically, if it's something that you REALLY don't want hacked, e.g., your password manager, two factor authentication is really important. Google is also very important as Gmail is a primary email for me and someone getting into that could do serious damage. Facebook is more to eliminate the worry that many have that they're getting hacked when it's an impostor. Consequently, I don't need to panic when I get those bizarre messages from friends telling me I've been hacked and to forward to everyone I know. I don't think so...
    Two factor authentication can take a number of different forms. The least secure is a text, phone or email message giving you a code you need to enter into a form as verification. The reason it's the least secure and effective is that if you're being targeted, there's a good chance the culprit trying to gain access to your accounts may have already accessed phone data and/or email. There are authenticator apps. I use one from Google. It continuously generates random number combinations. Of course, if you lose the device where the app is, or you don't have Internet access, you're out of luck. In addition there are physical devices or fobs. We have one for the state that works like my Google authenticator constantly generating random numbers. There are also fobs that act as keys. You plug them in and they unlock access to devices, apps, websites. The downside here is that you always have to have the fob with you.
  3. Keep software and firmware up to date. I know there have been some problems in the past with updates, particularly operating system updates for Windows or Mac which have made many people wary about updating software. "If it ain't broke, don't fix it." Some of those concerns are valid, particularly when we're talking about major features updates, e.g., from Windows 7 or 8 to 10 or one of the annual Apple Mac OS or iOS updates. It can happen that peripherals like printers need new drivers to operate and/or frequently used software or apps are not updated right away or at all and stop working. Yes, there are good reasons to wait at least a few weeks for some of the bugs to get worked out before jumping to the next shiny version.
    But one should make the leap eventually. Major releases often include major fixes for bugs and security flaws. And the more incremental periodic updates throughout the year should just be downloaded and installed automatically. These include patches to serious security vulnerabilities. You don't want to wait on these.
    Microsoft saves up most of their updates for a monthly "Patch Tuesday". This is generally on the second Tuesday of the month. This is when Microsoft rolls out updates for Windows, Office, Internet Explorer, etc. It is not a features update that one needs to be concerned about but rather important security updates and tested bug fixes. But you should also note that if the security update is important enough, Microsoft won't wait until the second Tuesday but will release it as soon as it becomes available.
    Automatic updates are the easiest way to make sure that your devices have the latest security and bug fixes for your computer, phone, tablet.
    But you may very well have other Internet connected devices that also need security and bug fixes. Your router is an important and vulnerable piece of hardware that is frequently overlooked. Be sure to change the default password and keep router firmware up to date. In fact, just about every IoT (Internet of Things) device is also subject to the threat of hacking and misuse: smart plugs, smart bulbs, smart TVs, smart thermostats, streaming devices (Roku, Amazon Fire TV, Apple TV), video doorbells (Ring, Nest), baby monitors, home security systems, voice assistant/speakers (Amazon Echo, Google Nest/Home, Apple Homepod), smart appliances (refrigerators, microwaves, crockpots controlled by apps via the Internet). Often times, brand names will update automatically. Or you can go into the app or visit the product website to download and install updates. Unfortunately, many of the bargain brands won't ever offer updates. Beware of those. As in many other situations, you get what you pay for.

No comments: