- Never Open Suspicious Files. Assume that any file you receive may be potentially infected, even if you know the sender well. Viruses, spyware and other malicious code typically originate from an infected PC and its address book, thus it will most likely come from family, friends, or business associates. When working with your email, browsing websites, or chatting via an Instant Messenger, do not accept any unsolicited files from anyone since they could contain malicious code.
- Clicking Unknown Links. Avoid going to any URLs in email messages that may be questionable. Hackers often infect web pages with malicious code, so do not visit any website that you are not familiar with.
- Anti Virus. Always keep your anti-virus, anti-spyware, and firewall protection up to date. New threats emerge regularly so it is critical that you keep your protective software and firewall technology current. In addition, scan your system monthly with the settings recommended by your Internet security provider.
- Restrict Administrative Privileges. It is important to make sure that all employees have a level of administrative access equal to their job responsibilities. This includes not allowing employees to install software, music files, games, etc., as well as restricting access to external services such as web mail and remote control services. These types of restrictions will help protect your organization from spyware such as keystroke logging.
- Operating Systems. Keep your operating system and your application software patches up to date. In order to prevent being infected by malicious code, keep the software patches up to date for your operating system, i.e.: Windows, Linux, Apple, as well as for your applications, i.e.: Internet Explorer, Firefox and Safari.
- Stay Informed and Educated. It is important that not only your IT department stays up to date on the latest threats but that your employees and your business customers are also advised of them and that you educate them about the techniques of "safe computing." Internet security providers release formal alerts on the latest threats and vulnerabilities and how to protect against them.
- Spam. Spammers scan the internet to find computers that aren't protected by security software, and then install bad software - known as "malware" - through those "open doors." That's one reason why up-to-date security software is critical. Malware may be hidden in free software applications. It can be appealing to download free software like games, file-sharing programs, customized toolbars, and the like. But sometimes just visiting a website or downloading files may cause a "drive-by download," which could turn your computer into a "bot." Spammers take over your computer is by sending you an email with attachments, links or images which, if you click on or open them, install hidden software. Be cautious about opening any attachments or downloading files from emails you receive. Don't open an email attachment - even if it looks like it's from a friend or coworker ' unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
- Don't Let Your Computer Become Part of a "BotNet" Some spammers search the internet for unprotected computers they can control and use anonymously to send spam, turning them into a robot network, known as a "botnet." Also known as a "zombie army," a botnet is made up of many thousands of home computers sending emails by the millions. Most spam is sent remotely this way; millions of home computers are part of botnets
- Use Security Software That Updates Automatically. The bad guys constantly develop new ways to attack your computer, so your
security software must be up-to-date to protect against the latest threats. Most
security software can update automatically; set yours to do so. Also, set your
operating system and web browser to update automatically. If you let your
operating system, web browser, or security software get out-of-date, criminals
could sneak their bad programs – malware – onto your computer and use it to
secretly break into other computers, send spam, or spy on your online
activities. Don’t buy security software in response to unexpected pop-up
messages or emails, especially messages that claim to have scanned your computer
and found malware. Scammers send messages like these to try to get you to
buy worthless software, or worse, to “break and enter” your computer.
- Treat Your Personal Information Like Cash. Don’t hand it out to just anyone. Your Social Security number, credit card
numbers, and bank and utility account numbers can be used to steal your money or
open new accounts in your name. So every time you are asked for your personal
information – whether in a web form, an email, a text, or a phone message –
think about whether you can really trust the request. In an effort to steal your
information, scammers will do everything they can to appear trustworthy. Learn
more about scammers who phish for your personal information.
- Check Out Companies to Find out Who You’re Really Dealing With. When you’re online, a little research can save you a lot of money. If you see
an ad or an offer that looks good to you, take a moment to check out the company
behind it. Type the company or product name into your favorite search engine
with terms like “review,” “complaint,” or “scam.” If you find bad reviews,
you’ll have to decide if the offer is worth the risk. If you can’t find contact
information for the company, take your business elsewhere. Don’t assume
that an ad you see on a reputable site is trustworthy. The fact that a site
features an ad for another site doesn’t mean that it endorses the advertised
site, or is even familiar with it.
- Give Personal Information Over Encrypted Websites Only. If you’re shopping or banking online, stick to sites that use encryption to
protect your information as it travels from your computer to their server. To
determine if a website is encrypted, look for https at the beginning of the web
address (the “s” is for secure). Some websites use encryption only on the
sign-in page, but if any part of your session isn’t encrypted, the entire
account could be vulnerable. Look for https on every page of the site you’re on,
not just where you sign in.
- Protect Your Passwords. Here are a few principles for creating strong passwords and keeping them safe:
- The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users.
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate, or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Keep your passwords in a secure place, out of plain sight.
Learn How To Create A Strong Password:
- Back Up Your Files. No system is completely secure. Copy important files onto a removable disc or an
external hard drive, and store it in a safe place. If your computer is
compromised, you’ll still have access to your files.
Web Browser Security:
One of the most critical points of entry to your computer or gadgets is your Web browser. Unfortunately, your Web browser can have hundreds of security holes that hackers can, and do, exploit. Maybe your browser isn't updating, or perhaps you have add-ons or plug-ins installed that have their own security holes.
1. KEEP BROWSER UP TO DATE
One of the easiest ways to keep hackers away is to make sure your Web browser up to date. A lot of times, browsers like Microsoft's Edge, Mozilla's Firefox and Google Chrome issue patches and fixes for bugs they know about. Typically, they get most of them before hackers can have a field day exploiting vulnerabilities.
Fortunately, most browsers these days are automatically updated. For instance, if you installed Microsoft's new Windows 10 operating system, its default setting is to automatically update your software and issue patches, including for its Edge browser.
Firefox and Chrome also have default settings for automatic updates. You just need to restart them occasionally for the latest updates to install. If you're not sure if you're set up for automatic updates, here's how to check:
Chrome: Google Chrome updates automatically, and turning that off isn't easy. That's good. But to make absolutely sure you've got the latest version, you can click on the Menu icon (little box with three horizontal lines in the upper right corner of your page). Choose "Help and About," then "About Google Chrome."
If you need to change the update settings, go to Menu>>Settings, and then click the "Show Advanced Settings" link. Click or un-click "Protect You and Your Device From Dangerous Sites" to turn automatic updates on or off.
Edge: If you're using Windows 10, go to Start>>Settings, then click "Update & Security." Windows Update should say your device is up to date. If it's not, choose "Advanced Options," then "Choose How Updates Are Installed" and select "Automatic (recommended)."
Internet Explorer: In Windows 8, using a mouse, right-click in the lower right corner of the screen and choose "Control Panel." If you're using a touch screen, swipe from the right of the screen and tap "Settings," then "Control Panel." In Windows 7 and Vista, go to Start>>Control Panel.
In Control Panel, click "System and Security." Under "Windows Update," choose "Turn Automatic Updating On Or Off." Choose "Install Updates Automatically" from the drop-down menu.
Firefox: Click the Menu icon (far upper right-hand corner; it's three horizontal lines) and choose "Options" and then "Advanced" in the left-hand column. Select the "Update" tab on the right, and under "Firefox Updates," make sure "Automatically Install Updates (Recommended: Improved Security)" is selected.
2. UNINSTALL UNNEEDED PLUG-INS
To do this in Windows 10, go to Start and select "All Apps." That's essentially Windows 10's version of the Control Panel. That will list all the programs installed on your device. Right click on the one you don't want; then select Uninstall. In older versions of Windows, go to Start>>Control Panel, then under "Programs," click "Uninstall a Program." Select the plug-in you want to remove, and click Uninstall.
3. SECURE YOUR WEB BROWSER
Today, web browsers such as Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari are installed on almost all computers. Because web browsers are used so frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
There is an increasing threat from software attacks that take advantage of vulnerable web browsers. We have observed new software vulnerabilities being exploited and directed at web browsers through use of compromised or malicious websites. This problem is made worse by a number of factors, including the following:
- Many users have a tendency to click on links without considering the risks of their actions.
- Web page addresses can be disguised or take you to an unexpected site.
- Many web browsers are configured to provide increased functionality at the cost of decreased security.
- New security vulnerabilities are often discovered after the software is configured and packaged by the manufacturer.
- Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
- Third-party software may not have a mechanism for receiving security updates.
- Many websites require that users enable certain features or install more software, putting the computer at additional risk.
- Many users do not know how to configure their web browsers securely.
- Many users are unwilling to enable or disable functionality as required to secure their web browser. As a result, exploiting vulnerabilities in web browsers has become a popular way for attackers to compromise computer systems.
4. ENABLE CLICK-TO-PLAY PLUG-INS
Adobe Flash. There have been many holes in Flash and we recommend that you disable or at least limit this Plug-In.
It's called click to play. Instead of a plug-in always running, you have to click on it to activate it. Here's how to do that.
Chrome: Menu (horizontal lines in the upper right corner)>>Settings. Click "Advanced Settings" at the bottom of screen. Under "Privacy," choose "Content Settings." Under "Plug-ins," choose "Let Me Choose When To Run Plug-in Content."
Edge: This browser doesn't really have click-play. You have to disable and re-enable plug-ins manually.
Windows 10: Right-click on the Start menu and choose "Control Panel." Click "Network and Internet" and then under "Internet Options" click "Manage browser add-ons." Click the "Manage add-ons" button and then highlight a specific plug-in in the "Toolbars and Extensions" area. If a plug-in is enabled, click the "Disable" button in the lower-right corner.
If you're just interested in Adobe Flash, in Edge, click the icon with the three dots in the upper-right corner, then select "Settings." Click the "View Advanced Settings" button and you'll see the "Use Adobe Flash Player" option. Turn this off when you don't need to use Flash.
Internet Explorer: In the far top right corner, click on the little gear icon and choose "Manage Add-Ons." Highlight a specific plug-in in the "Toolbars and Extensions" area. If a plug-in is enabled, click the "Disable" button in the lower-right corner.
Firefox: Menu (horizontal lines in the upper right corner)>>Add-Ons. Choose "Plugins" in the left-hand column. Next to each plug-in, you'll see a drop-down menu. Change each one to "Ask To Activate."
5. GET RID OF UNNEEDED BROWSER EXTENSIONS
Browser plug-ins and browser extensions are easy to confuse. Plug-ins handle video or other content that the browser can't handle on its own. Extensions are bits of code that add new features to the browser.
Extensions have a downside, though. Many of them need your passwords to do their job. That opens up extensions to hackers, who use extensions to install malware.
A couple of tips: Before you install an extension, make sure it's coming from a trustworthy source and has been around for a while. Second, be sure to review your extensions every once in a while, to weed out the ones you don't need any more. If you're not using an extension, or you suspect it's not from a reliable company, delete it. Here's how:
Chrome: Go to Menu>>More Tools>>Extensions, then click "Remove" on each extension you don't need.
Edge: Microsoft's new browser is going to start introducing extensions sometime this year.
Internet Explorer: This browser does not support extensions.
Firefox: Menu>>Add-Ons. Choose "Extensions" in the left-hand column, then select the ones you don't want and click "Remove."
6. RUN ANTI-EXPLOIT SOFTWARE
While most security software is great at detecting and stopping the millions of viruses out there before they can install, security holes in your browser and other programs give viruses a better chance to slip past unnoticed. Unfortunately, you don't even know there's a security hole in a program until the developer releases an update. Until now.
Software companies are starting to release anti-exploit programs. This watch your programs for signs that someone might be trying to use them to sneak on to your system. Then it blocks those attempts.
If you think of your main security program as the castle wall and the army guarding it, an anti-exploit program is the guy watching for traitorous citizens trying to open the backdoor.
One mistyped letter could lead to ID theft. Missing just a few letters in a web address can cost you the money in your bank account, or start an all-out identity theft attack, because of a type of fraud called "typosquatting."
The typosquatter's URL will usually be one of four kinds, all similar to the victim site address:
- A common misspelling, or foreign language spelling, of the intended site: exemple.com
- A misspelling based on typos: xample.com or examlpe.com (xample.com redirects to a scam site that tries to trick you into downloading malware, it is not suggested you visit it)
- A differently phrased domain name: examples.com
- A different top-level domain: example.org
An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm or .om. A person leaving out the letter o or c in .com in error could arrive at the fake URL's website.
Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. The fraudulent site is trying to get you to login with your user name and password or download malware with a fake “flash updater” pop-up, for example.
- When visiting any web site, double-check the URL before logging in.
- Be very careful entering things. If you're going to PayPal or you're going to your bank, just be very careful and pay attention to what you type.
- Make sure you're on the real website by looking at the address bar on your browser.
Misconception: Windows Updates Make Antivirus Software Unnecessary
Since Windows updates are crucial to your PC’s security, if you’re diligent about installing patches you can forget using an antivirus. This, however, is a deadly mistake.
Truth: Windows Updates Come After The Fact. Windows Updates patch known vulnerabilities, but aren’t meant to protect from everyday threats. While keeping Windows up-to-date is a necessary part of security, it can’t replace an antivirus, which works nonstop to protect you. Also remember that anti-virus software is a management tool to catch already known viruses. AV software does not stop brand new viruses or social engineering scams.
Misconception: Malware Infections Are Obvious
Truth: A Lot of Malware Is Silent. There are dozens of rogue applications that are spying on you without making a sound. Many of these create zombie computers, which are responsible for much of the spam and website attacks that happen constantly. Additionally, if you fall for a phishing scam and a password falls into a thief’s grasp, they could be accessing your accounts — quietly, of course, so that you don’t suspect anything.
Don’t assume that just because everything looks normal that it is. Change your passwords regularly to be sure that someone isn’t getting in behind your back.
Misconception: I Don’t Do Anything Important On My Computer, So I Don’t Need To Be Careful
This is probably the most common reason people give for not keeping their computer safe. Sadly, it’s a poor excuse and those who give it are wrong.
The Truth: At the bare minimum, a virus or other malware infecting your PC — even if your financial info isn’t at risk — is going to take time to deal with. Your time is valuable, and if you’re recruiting a tech-savvy friend to fix your PC after your neglect, their time is affected too. Wiping your computer and starting fresh thanks to malware means more time and effort to get your programs re-installed and running just the way you like. In addition, Malware isn’t looking to steal files on your system. Rather, it’s tracking your every keystroke, stealing passwords, or even hacking into your webcam to spy on you.
Misconception: I don’t run Windows, so I’m immune to Malware
The Truth: All platforms are vulnerable and this includes iPad, iPhone, Android and other mobile devices. While Windows viruses won’t affect Mac computers, Macs can still get infected with viruses. In addition, you can fall for phishing tricks, perhaps via email or social media, no matter what platform you use. Accidentally handing your password over to a fake site is going to yield the same result no matter if it’s done on Windows, Mac, or Android.
Misconception: My Apple or Android tablet is secure
The Truth: There is a plethora of mobile-based malware and viruses out there today. Never let your guard down and carelessly open a web site, email or attachment on a smart phone or tablet. These devices can be infected and can infect a corporate network if connected as a BYOD device.
Misconception: Windows Is Inherently Insecure
The Truth: Ever since Windows 7 hit the scene, the virus problem has been significantly curtailed. The problem is that most Windows users don’t care enough to update their systems with pertinent security patches. Microsoft is good about plugging security holes as they’re found, but if users don’t apply those updates, they leave themselves vulnerable. At that point, Windows itself is no longer at fault.
Moreover, Windows is the world’s most popular operating system. Combine that with the fact that Windows does not require its users to be tech-savvy and you’ve got a recipe for high number of security incidences.
Misconception: You don’t need security software
The Truth: The ones who create malware and viruses are always looking for new ways to facilitate the spread of malicious software, which means that their methods are always evolving.
But more importantly, we are human. Humans make mistakes. We can’t keep our guards up 24/7 and sometimes we’re lazy, forgetful, or reckless. All it takes is one lapse in judgment for your computer to be infected and that’s the real value of antivirus software: it protects you through your mistakes.
If you aren’t using antivirus software, install one now along with a virus scanner. Afterwards, if you find that you have an infection, clean it up as soon as possible.
Misconception: All You Need Is Security Software
The Truth: Malware and virus creators are always engineering new ways to spread their code. Antivirus companies are always one step behind (they have to study a virus to understand it’s signature before they can protect against it) which means that the notion of antivirus is fundamentally reactionary. AV software does not stop brand new viruses or social engineering scams.