There was a time when cars were few and far between and when car theft was essentially unknown. You could leave your car sitting out in your yard or on the street and generally expect to find it there in the morning. Then the automobile came into its own. Many people owned them, and many more wanted them. So with our usual human penchant for finding a solution to an apparent problem, large scale car theft was born. In turn, people invented various ways of securing vehicles, from taking out the rotor cap, to fine lock systems, to car alarms. Those who wanted to keep their nifty new toys learned to use reasonable security. Those who didn’t learn, tended to lose their cars more frequently.
Ultimately, society found a balance between security and usefulness. It’s more convenient if my car is unlocked until I get there, but it’s also less secure. New technology can improve the convenience and the security, but the basic factors remain.
Computers and computer security have developed in similar ways. The technology is different, but the humans are rather similar. We tend to act as though technology has introduced new types of human behavior. In fact, they (and other technological innovations) have simply provided different means through which human nature can act. The same resistance that likely accompanied the invention of fire works against computer use. Doubtless, once late adopters got around to adopting fire, some of the old hands (and the youngsters who had known fire all their lives), tried to explain fire safety. They were doubtless ignored, and not a few forest fires were started. I do not have the archaeological or geological evidence for this, but I suspect it confidently.
In the early days, computers were only occasionally connected to others through local networks or through the telephone lines. One could avoid various infections by the simple means of using only commercial software and not connecting that telephone cord. Now, most of what you do involves the internet in some way. As the Internet of Things becomes more prominent, appliances like your refrigerator will become more and more likely to be security risks.
I cannot, in one article, tell you everything you need to know, but here are a few points:
- Passwords. Try to come up with something secure but memorable. Requirements for secure passwords are occasionally over the top, but in the vast majority of cases they are just good sense. Do you know enough about computer security to judge whether the security requirements of your bank or a web site you want to use are excessive? No, you don’t. Quit complaining and make a secure password. If you record a password because you can’t remember it (and the most secure passwords are hard to remember), record it in a secure place. On your phone may not be the best unless you know how to secure it there. Most people, however, understand how to keep a piece of paper secure. At least I hope so!
- Two factor authentication. Google offers this on their accounts, and most people have a Google account. Take the time to set it up. With remembered “trusted” devices, it’s minimally intrusive and massively better for your security. Use it everywhere you can. If other sites allow you to sign in using an account that has two factor authentication, do it.
- Recovery options. Set up security questions and alternate recovery options, such as text to your phone, an alternate e-mail address. I get lots of work hours out of helping people who have lost passwords, forgotten their security questions, or failed to set things up. I find that with fingerprint security on my phone, a text-to-phone option is helpful here.
- Use the secure option. When a program or device suggests (but doesn’t require) something and says you will be more secure. choose the security. One of the key players on this are your household routers and WiFi access points (usually the same device). Encrypt your WiFi with a code that is not easily guessed. Using your telephone number as an encryption key is bad. Use something else. Most households should simply turn off remote management; you have no reason to do it. If you have some reason to turn it on, make sure your password is secure. Newer routers (over the last several years) are requiring all this. If you have an older router, you may have an insecure WiFi connection. Fix it!
- Maintain physical security. Physically protect your device at any time when it is unlocked. People are generally learning to do this with phones, but laptop computers are often left without a password. If this is in your properly secured home, it’s not too bad, but if it’s in a public place, it’s a very bad idea. A knowledgeable person who can get by that opening prompt on your laptop can steal stacks of your data in no more than minutes.
- If you don’t know, don’t ignore. There’s a tendency, especially among smart people who are used to understanding things, to ignore suggestions or rules that they don’t understand. You may be terribly bright, but if you haven’t used that brightness to learn about information security, you need to trust that the experts are making good suggestions. Experts will make mistakes, yes, and we always remember every one. But the mistakes of experts are not good reason to depend on non-experts. Non-experts are wrong much more often, but since we expect it, we hardly notice.
- Always have anti-virus. Windows 10 has it built in. I generally like to have a second opinion scanner available (more on that in another post), but don’t ignore security warnings. The anti-virus on Windows 10 is actually quite good. It’s not quite a match for a good subscription based service, but generally adequate. Unless, of course, it’s not turned on. If you don’t have Windows 10, be sure to have appropriate anti-virus for whatever system you are using.
- Always read prompts on your computer before you respond to them. I know computer users who, if the prompt read “Steal all your data and format your hard drive? Y/N” in red letters would click “Yes” as the fastest way to move forward. Not a good idea! Normally, these prompts involve installing new software along with something else, i.e., they’re annoying but less than fatal. But even this can result in a barely usable machine. I’ve been called to “remove viruses” from a computer that actually had not one virus. They just had numerous toolbars, various commercial/coupon programs, multiple tools for speeding up the computer, and layers of trial malware detection/removal apps, among other things. None of these would register as a virus or as spyware, but they are what we call Potentially Unwanted Programs (PUPs), and enough of them can stop your computer in its tracks. One off-topic piece of advice: For best computer performance, install only programs/apps that you actually intend to use. If you find that you don’t use something, uninstall it.
Obviously this is simply a summary, but if people followed even these rules, they would be much more secure.