Hacking Detected

After all the stories about the latest malware attacks, I wanted to post a collection of tips that should help you and others on your network (home or work) with six steps to staying safe online and securing your devices against malicious threats.

It’s quite simple really and if you follow these rules then you won’t become a victim.

1. Patching

Keep your operating system and software patched to the highest level and do so as soon as you can after the patch has been released. If your operating system supports automatic updates then use it. If not, set yourself a reminder to check periodically. The same applies to software.

Patches are quite often released to plug a security hole in software or the operating system and when a patch is released, details of the security hole are published. Unscrupulous people will use this information to create malware targeted at those people who have not yet applied the patch. It’s a race against time, as far as they are concerned, to see how many victims they can exploit.

Then there are operating systems and software that does not have a patch available but still has the same vulnerability as the current version. If the software/OS is considered end of life then it is not being patched and will be a target that can be exploited.

Only use operating systems and software that are still current and being patched by the supplier. End of life means you must replace it to stay safe.

I think it is ridiculous that companies and organisations are still using unsupported operating systems like Windows XP or Windows 2003 Server and unsupported software like Office 2003. It shows that they do not consider technology security a worthwhile investment.

2. Anti-Malware

Make sure you have current and up-to-date Anti-Virus software and preferably a whole anti-malware security suite installed that has other protective applications such anti-spam and a firewall. This also needs to be the latest version under a subscription. AV software without a subscription is useless and if it’s not the latest version, it could very well get exploited as in 1 above.

However, NEVER be mistaken for thinking that because you have McAfee or Norton or one of the others that you are protected for everything you do as that is not the case. Hundreds of new viruses are created every day and the companies that make the security software can only really protect you against the stuff that they (or others) have detected in the past and have been able to circumvent. The security software is there to act as a backup but you are the real protection for your devices as you will see by reading on.

3. Wireless Protection

All of your devices that are connected to your wireless internet router (the box your internet service provider gives you to connect your devices wirelessly to the internet) are vulnerable if you do not secure wireless connection. If you are at home you should not let the public use your wireless connection by leaving it open (i.e. no password) and as some of the weaker strength ciphers have been broken so you should go for a good strength connection with a strong password that cannot be guessed. If possible, you should also hide your wireless device identity (SSID), although you might not have that option.

If you are a company operating an open or public internet service at your premises then do not use it for any of your own equipment.

If you are a user out and about claiming free wi-fi then your device might become infected and depending on the infection, you might take that device home and infect all of your devices. Personally, I carry around my own secure mobile hotspot when I’m travelling so I never use public wi-fi.

4. Email Protection

Even if you recognise the sender’s email address, you cannot be sure the email is from them. My rule is, NEVER open attachments and NEVER click on a link in an email UNLESS you were expecting to receive it. Even then I am wary and would usually check with the sender first unless of course I’ve just asked someone to send me a document and they did.

If you are able to adjust the level at which your computer or server allows SPAM through then you should set it to the highest level that you can. For example, my mail server allows me to set the SPAM level and I have chosen Medium which sends most SPAM to junk before it even gets to my Anti-Spam software on my local machine. It also means the occasional subscription email that I get moves to Junk too but then I just while list those. I know most people won’t have that option but if you do it is worth investigating to get a bit of extra protection.

You can also find more details about email protection in another article advice to help avoid becoming an email scam victim.

5. Website Protection

I have about a dozen websites that I trust and will only use those for 90% of what I do online. Of course, there are websites that I want to visit but I am unsure of. Before I do that I use a “Who Is” service to find out about the owner of a site. I check the length of time it has been operating and whether the owner is something/someone that I can also check. Fake or hidden names/addresses raise a red flag to me and I won’t visit.

Next up, I always check that if I’m asked to login that I get the padlock showing and it is still the site that I’m expecting. I know some sites redirect you to other sites for payment so I check those out too. Quite often I check to see who the provider of the secure certificate is and who it is registered to. I won’t go into details but these things are all pretty easy to do in your browser. If the certificate has expired or is a self-signed certificate I do not visit. After login, any pages that ask me to edit personal details or enter credit card details must also be secured for me to use them.

When I am using a search engine, I make sure that URL in search engine results does belong to the company using a “Who Is” domain owner service but I also have a browser add-on called McAfee WebAdvisor (previously known as SiteAdvisor) that tells me if any malware or dodgy links were found on the website previously so unless that search result has a green tick, I don’t go in. I don’t trust it completely and still take precautions but a red cross or an unchecked (new) site will definitely put me off.

6. User Education

Finally, you and your network are only as protected as the weakest link. Make sure everyone at home or in the workplace is well aware of the security dos and don’ts for staying safe. Tell them or share this article with them.

Most companies have security policies but I don’t know if all train their users in staying safe online. User education should be an annual event at a minimum and preferably more often so security stays in their minds whenever they are doing anything on their devices. Think, security first!

Finally

Whilst there is no guarantee that even if you follow all of these steps your computer won’t become infected by another means, if you follow these 6 steps then it will go a long way to helping you to stay safe online and keep your devices free from malicious content.

You can check out my other security articles too.

Please feel free to share this page and if you want to comment with your own experiences or tips to stay safe then use the form below (no links though).

Six steps to staying safe online and securing your devices

Leave a Reply