Cybercrime and hacking are risks every one of us are exposed to. One in 3 people will experience identity or financial theft this year. This is a real risk we cannot ignore.
I know this isn’t typical homesteading content, but computers are an everyday part of most people’s lives. You lock your doors to secure your car or home. It only makes sense that you “lock the doors” to your online accounts, too. You are officially the Cyber Security Officer of your home whether you like it or not.
My husband, August, has worked in computer security for over a decade, and regularly gives internet security presentations to the public. He worked with me to adapt his presentation into a post. The hackers and thieves are getting more aggressive in their attacks, so it’s up to us to protect our own interests. This post will walk you through the basic steps you should take to avoid computer viruses and identify theft.
Preparing Now instead of Reacting Later
Even if you think you are all set, what if you lost your computer or smartphone? Do you have all that information somewhere else? Could you still pay bills, get a phone service changed, sell your home, get a new passport?
Focusing on cyber security is not is fun, but it’s a LOT less painful than having to rebuild your life after your bank accounts are empty, loans are taken out in your name, and tax returns are filed with your identity. A small amount of work now will save you a LOT of time later.
Is it Really that Bad?
Yes, unfortunately, it is that bad. To get a feel for how bad it really is, review these links:
- The Feds estimate cybercriminals stole $445 BILLION in 2016
- Summary of 2016 security issues: https://securityintelligence.com/20-eye-opening-cybercrime-statistics/
- 2015 summary: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015-insider_en_xg.pdf
If you are unsure, ask friends and family and you are sure to come across someone who has lost a lot of money and time because of cyber hacking.
Respond to problems right away
It really isn’t a question of if you get hacked – it is a question of when, and how badly. Whether it’s a hacked account, identity theft, or an infected smartphone, you need to take action. The bad guys can lock down your device and force you to pay to access it (ransomware), or add software that runs in the background on your computer, quietly stealing information. Other hackers infect your computer or email, and use it to attack other computers or users.
For better or worse, most modern hackers don’t simply trash your computer – they use it as a tool to steal or harm you and others. If you don’t have anyone in the family who can be your “Cyber Security Cop”, find someone you trust to help you.
There are many different types of hacks, so what needs to be done to recover will vary. Take care of the problem as soon as possible.
17 Ways to Reduce Cyber Risk
- Protect passwords. Use long passwords. Store your passwords securely. Never share them. Consider answering challenge questions incorrectly on purpose.
- Use two-step authentication for e-mail and other accounts where possible.
- Secure your smartphone. Physically protect your phone. Add PIN and/or fingerprint based security to your phone. Add anti-malware if you have an Android phone.
- Secure your IRS and SSA Accounts.
- Securely back up your critical information.
- Protect your identity. Get $1 million in identity insurance at $25 to $100 a month for your entire family, if you can afford it. At least have a plan in case you get hacked.
- Be suspicious. Avoid clicking on email attachments and links – if you can, buy a simple computer like a iPad, Chromebook, Kindle or other tablet to read email and surf the internet.
- Install anti-virus and anti-malware where possible.
- Patch & update anything that connects to the Internet.
- Update Operating Systems on laptops and computers
- Update Anti-Malware software – software that stops known malicious software
- Update baby cameras, firewalls, routers, cameras, tablets, Smartphones and any other device that connects to the internet.
- Don’t trust public WiFi.
- Be careful on insecure WiFi (do banking & purchases only on trusted internet connections). Use your cellular link before Starbucks or McDonalds for secure transactions.
- Be careful sharing information.
- Watch out for phone and fax scams. Caller ID is regularly faked. If someone is calling saying they are the IRS, police, bank, credit card company etc., be suspicious and contact the agency directly.
- Buy an advanced firewall that
- gets hourly or minute by minute security updates: Cisco, Fortinet, Palo Alto, Baracuda and others.
- supports roaming VPN for your smartphone
- Encrypt your important information.
- Add OPENDNS or Quad9 (GCS) – free DNS security filtering.
- Be secure when traveling.
- Don’t post everything publicly. Burglars can target your house when you are gone if you let everyone know.
- Don’t use hotel computers for anything – its likely bad guys have hacked them.
- Don’t use WiFi to do any banking, online purchases and you may not even want to check your mail as insecure wifi can be used to steal your userid/password.
- If you are traveling overseas consider getting a “burner” cheap phone and/or laptop that you can throw away when you get home. Also consider creating a temporary email address that you will stop using after the trip.
- Restrict remote access
Details for each Recommendation
1. Protect Passwords
You don’t share the key to your house or code to your safe. Your passwords are similar to the keys to your entire house. Keep your passwords SAFE. Use Long Passwords, Secure your passwords and consider answering challenge questions incorrectly on purpose.
Use Long Passwords
Long passwords win over short complex passwords. A password like “XP_123!@” is easier to hack than “I like 2 fish on Sunday for B@ss!”.
An easy way to see why short passwords are bad is to test sample passwords vs short sentences at https://howsecureismypassword.net/. Note – don’t test your ACTUAL passwords, just one of a similar size and complexity. Some services won’t allow really long passwords. (See The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time for more info on why short passwords with strange characters don’t work.)
Use Different Passwords for Each System/Service
If one of your utility accounts is hacked, you don’t want the bad guys to have your banking or credit card password. Store all your different passwords in a password management tool.
Answer Challenge Questions Wrong
If you can, answer challenge questions with INCORRECT information that is unique to the site – for example, your favorite food is “bicycle” on your bank account and “pottery” on your e-mail account (though you may want something a bit more complex). Store this information in a password management tool.
Manage Your Passwords
Now that you have many different long passwords and goofy challenge questions and responses, how will you remember them all?
Paper. You might write them down – but remember to secure that paper list because it would be very easy to steal everything you have if someone gets that list. Shred or burn old copies of the list.
Word Document. You might be tempted to use a program such as Microsoft Word, but that’s not a good place to put secure information. Instead, put your passwords in a secure tool. DON’T save them on your desktop. If you do use Word or Excel, at least get an encryption tool to secure the file. NEVER store passwords in Hotmail, Gmail or Yahoo email.
Password Manager. The best option for most people is to use a password manager. Consider using tools like: KeePass, Dashlane, Sticky Password Premium, Keeper Password Manager & Digital Vault, LastPass or any other well rated password management tool.
- Keepass (free) http://keepass.info/ is installed on your computer and stores your passwords on the computer itself in a secure database. It doesn’t come with any Internet syncing built-in, so if you have many devices you want to access your passwords from, this may not be the best choice.
- Keeper Password Manager, 1Password, and Lastpass are online options, which store your passwords in an off-site secure database. You can access these from anywhere if your device has been authenticated, and they include support for multiple users so you can set up shared access to specific passwords (i.e. a joint bank account).
- Backup your passwords – You can copy your passwords from tools like Keeper or Lastpass and print a paper list and put it in a safe deposit box, or store a copy of the database on an encrypted USB drive and keep it in a safe or at a friend’s house.
Reset Your Passwords
Watch the news for businesses that got hacked. If you suspect your password is compromised, reset your password immediately. Even if you don’t suspect a breach, it is a good idea to reset passwords at least annually.
Change EVERY Default Password
A default password is the default user ID and password for a device. Default passwords are easy targets for hackers, they have huge lists of default user IDs and passwords for nearly every Internet connected device.
Change default passwords on your: PC, gaming console, laptop, home security system, tablet, smartphone, TV, printer, car/truck/SUV, refrigerator, baby camera, modem, wireless router or firewall, and all your smart devices.
If it is impossible to change a default device username and password, you will want to block external access to that device if at all possible.
Never Share Your Passwords
Never share passwords or other confidential content in regular email. Never share passwords when you RECEIVE a phone call. If you MUST share a password (which I don’t recommend) use encrypted software tools or place a call yourself. And then reset your password immediately when done.
Don’t store passwords in Word or Excel. Even a password protected Word or Excel file can be hacked easily. If you MUST store passwords in Word or Excel store the files inside an encrypted password protected folder (see encryption below such as Veracrypt)
2. Turn on Two Step Login
Two step login makes it REALLY hard for a hacker to access an account. You may be using “two step” also called “two factor” or “two factor authentication” with your bank already. Add two step authentication to your email and all other accounts that support it. Record the rules for access, two factor steps and/or challenge questions in your password management tool (see above).
What is Two Step?
As the name implies, it requires two steps to log in: first, you log in normally with a user ID like firstname.lastname@example.org, then (depending on the variant) you receive a code on your smartphone or e-mail account and enter it to complete the log-in. If a business is hacked, you may lose your user ID and password, but the two step code makes it so they need access to your smartphone too, so anything protected with two step or two factor is more secure.
How do I get Two Step?
Many two-step services are free. See these pages for instructions on how to add two-step authentication:
- Google https://www.google.com/landing/2step/
- Yahoo https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm
- Hotmail https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification
Can I add Two Step Authentication to my Computer?
Yes. There are built in two step features in Microsoft Windows 10. You can also purchase other two factor tools.
- Windows Hello is a two-factor biometric system built into all versions of Windows 10 that enables user authentication through the use of fingerprint, facial recognition, or iris scanning.
3. Secure Your Smartphone or Tablet
Your smartphone is a target. As smartphones become more powerful, they often contain lots of personal information, such as banking or credit cards, location, and personal contacts. Hackers can use this information directly, or use it to manipulate you and/or your contacts. The FBI notes your smartphone is the 2nd most common way personal funds and information is stolen.
Nearly every smartphone has your email on it. If your phone is stolen your email may be used to access your bank, cellular phone company, online services and/or credit card information. The hackers can use this to steal your money or hack your friends.
Put a PIN or Passcode on EVERY smartphone or tablet
Putting an access code on your smartphone is one of the simplest ways to help keep people from accessing your personal information. Here are links to enable a pin and/or pass iPhone Pin/Passcode or Android Pin/Passcode.
Enable Fingerprint or Facial Recognition on your smartphone or tablet
You can also turn on fingerprint and facial recognition on some phones if you don’t want to deal with the PIN/Password regularly. Note: There are some privacy issues with the police that you may want to research before you enable fingerprint technology.
Protect Your Android Smartphone or Tablet
Android based phones have over 1 million malware variants in the wild – if you have an Android device, add an antivirus / anti-malware app. (Pick any of the top ones.)
Back up the Smartphone or Tablet
Securely back up your critical information, Apple and Google have backup options and you can also copy phone data to your PC or laptop depending on the make and model of the device. A backup of the device is useful in case you lose it or it is stolen.
4. Secure Your IRS and SSA Accounts
Secure your information and accounts with the IRS and Social Security Administration.
IRS (Internal Revenue Service)
Protect your tax returns. Go to the IRS website and create transcript account (different than your SSA account) this gives you access to your prior tax returns. https://www.irs.gov/individuals/get-transcript Even if you don’t want to use the account create one and put a long password or sentence on it, so bad guys can’t log in as you and file taxes as you.
SSA (Social Security Administration)
Protect your social security number. Go to the Social Security website and create a standard account https://www.ssa.gov/myaccount/
5. Securely Back Up Your Data
Backup your devices, and do it frequently or better yet automatically. You can use a local hard drive and/or use a service like BackBlaze, iDrive, Carbonite, Mozy, SpiderOak or any other reliable service. If you are really worried about online hacking, buy an external hard drive and back up data to that hard drive. Remember, you will want a copy in some other building just in case of a fire, so buy two.
External Hard Drive Options
6. Identity Protection
What is Identity Theft?
Identity theft could be as simple as a credit card being used by a bad guy all the way to full use of your identity for taxes, credit and healthcare. More info here:
Credit Card Theft
Thieves will often do a few small transactions on a credit card or bank account as a test. If those are successful, things can get much worse, very quickly. Some hackers deal in total identity theft. They want to steal all of “you”, so someone else can become you. Identity protection services can help.
Have a Plan
At least have a plan in case you get hacked. Have a secure paper or secure electronic list of all your key information including birth certificates, deeds, licenses, mortgage and loan info, banking and credit info, phone and utility info. That same list can be grabbed in an emergency if you have to evacuate your home for a fire, tornado, hurricane or other disaster.
Even if you can’t afford the $20 or more per month per person – you can request that your credit card and financial identity be locked down and then check it manually. Contact your bank and credit card companies for more information.
Identity Protection vs Identity Insurance
There is a difference. Identity protection will alert you to inappropriate uses of your credit, personal information or accounts. It helps reduce your risk. Identity insurance will give you money (depending on details) to help recover from identity and financial theft. The main companies that provide insurance also provide identity protection. They also provide legal assistance and overall guidance should your identity or financial information be stolen or used fraudulently.
We strongly recommend you consider identity insurance. The $1 million in identity insurance may sound like a lot, but add up all your vehicles, your home, and all your retirement and bank accounts and it may not sound as crazy. $1 million in identity insurance should cost about $25 to $100 a month for your entire family. Note: your homeowner’s or renter’s insurance may have an option to add identity insurance.
Which Identity Insurance?
The top identity protection vendors include: LifeLock, IdentityGuard, IdentityForce and Legalshield and other services will help you identify problems and deal with them. When you pick one make sure it has the $1 million in insurance. The lower priced plans have much lower coverage.
Some homeowner insurers have identity protection riders. Right now, IdentityGuard Family Plan at $24.99/mo for your entire family is the best bang for the buck for the $1 million in insurance plus identity protection. For individuals we recommend IdentityForce. Lifelock has the most features but is the most expensive also (in our case $442 more expensive for 6 adults).
If you have a small business and/or large online presence (for instance, my work blogging and my husband’s computer work), an identity protection service is almost required.
Other Ways to Protect your Identity
- Check your identity & history. You can check identity and financial status at https://personalreports.lexisnexis.com/ It requires that you fill out a form and mail it.
- Check your consumer medical, hobby and driving record at com/html/request_your_record.html Insurance companies check this to make decisions about you.
- You can get an annual statement of medical benefits from your health-insurance provider that will include claims and medical treatment. Contact your health insurer to get this information.
- Chex Systems and TeleCheck reports have information about mishandled and overdrawn checking accounts. For Chex Systems, go to com and click on “Order Consumer Report.” For TeleCheck, go to www.firstdata.com/telecheck/telecheck-request-file-report.htm .
- Rental history reports have information on your rent payments, references, and evictions. For information on getting your report from First Advantage SafeRent, call 800-815-8664 or go to www.fadvsaferent.com/consumer_relations/index.php. For your RentBureau report, go to www.rentbureau.com/multifamily and click on “Consumers.”
- Prescription drug history has information about the medications you’ve taken over the last five years, including dosages, your refill record, and the doctors who prescribed them. Call Intelliscript at 877-211-4816 and Medpoint at 888-206-0335.
7. Be Suspicious
Bad guys use links and documents to attack you. They put the links and documents in email and in websites. They have also started adding them into advertising.
Email is the #1 way we are attacked.
Email attacks include: phishing, spam, social scams and delivering malware. Bad guys use email to steal credit card and bank funds, put software on your computer to carry out more attacks, and steal personal information.
Use separate email addresses for different types of activity.
If you only have one email account, a hacker who gets access to that email gets access to EVERYTHING about you. If you split it up into multiple accounts, you are harder to hack. Set one up for banking that might be a random code so it doesn’t easily associate with you – such as E322RING99@gmail.com.
Be suspicious of links in email and websites. Links can be faked. If you hover your mouse over a link (put your mouse over a link but don’t click) to ensure the link is real. The displayed link can be different from the actual link. Here is an example – hover over this sample link winbigmoney.com and note that the actual link is stealallmymoney.com (not a real website). Also, watch out for creative spelling. In these two examples you really need to focus to see the problems:
(Hover over the links to see the underlying false link.)
All three look the same at first glance, but none link to what is displayed. They have creative text additions to make them look similar, or spelling errors that the bad guys hope you don’t notice.
Email Attachments & Files
Email attachments and files on servers such as documents with names ending in .DOC and .DOCX, .PDF, .EXE .COM .ZIP and .XLS can include malware, viruses, rootkits, and other malicious software. Bad files as email attachments or download files are a fast way for bad guys to get FULL access to your computer and steal your identity and money.
How do I Protect Myself?
Avoid deals that are too good to be true. Avoid questionable websites. Never click on a virus popup from a website. If something pops up on a website that says “You have a virus” and you click it, it will likely give you a virus. If you can’t close the screen, don’t click – if the computer won’t respond, turn it off entirely. If you have just opened a website and a message shows up that seems to be from your operating system or a security program, it’s almost certainly malicious.
Don’t open unknown emails, especially ones with attachments from unknown people. If you get an email with a name you recognize, but it doesn’t use the name your contact normally uses, or the email address is different, be suspicious. Don’t open the email. Instead, email the contact using their correct information, and ask if they sent the problem email.
Read the rest of this page and take action wherever you can.
Avoid porn web sites and other questionable sites like movie sharing or music sharing. They are regularly infected.
PRO TIP: Avoid using bank debit cards and Electronic checks online. In general, credit card companies will better protect you from the risk of fraud. Many banks have $5,000 to $50,000 fraud limits that YOU are responsible to pay. Check with your bank for details.
Buy a Google Chromebook or iPad to Read Email and Surf
The majority of malicious links and attachments in email are targeted toward computers using Windows – Chromebooks and iPads don’t run on Windows, so Windows-based viruses and malware won’t be able to do anything.
Look for the Green Lock Symbol at the Top Left of the Browser
Browsers such as Microsoft Edge, Microsoft Internet Explorer, Firefox and Chrome all have security symbols. Firefox, Microsoft Edge and Chrome have the secure lock symbol in the top left, next to the web address. Internet Explorer has its security symbol centered at the top of the window.
If you are interacting with any major organization, the lock symbol should appear – if it doesn’t, that may be a sign you’re on a fake site or your connection to the site is insecure. If you are suspicious, make a phone call to the business, utility, bank or service provider.
8. Anti-Virus and Anti-Malware
Any computer you connect to the internet needs protective software. You need software to protect your computer, tablet or other smart device from viruses, malware and hacking. Your PC or Mac and Smartphone all need anti-virus / anti-malware software. Microsoft Windows 10 has a basic anti-malware tool built in, but you may want to consider a better one. Pick ANY reputable tool and install it NOW. Use a free one if you can’t afford a paid one. Don’t wait.
What is the difference between a Virus and Malware?
Malware is short for “malicious software”. A virus and malware are basically the same thing. A virus or malware can be a full program that runs independently, or bad code slipped into an otherwise good program.
For a Windows 10 or Windows 7 computer or laptop
Microsoft provides a decent anti-virus for free with Windows 10, and you can get Microsoft Windows Defender for free for Windows 7.
If you are looking for better PC or Mac, security consider purchasing one of these:
- Webroot SecureAnywhere (protect up to 5 devices) ANNUAL This is an excellent product
- Symantec AntiVirus Basic (5 devices)
- Trend Micro Maximum Security 2018 (5 user)
- Avast and AVG are both free alternatives.
- There are others such as: BitDefender and new competitors such as Carbon Black and Heimdal. We suggest you stick with a name brand unless you are a tech or have a tech friend.
Android Smartphone Anti-Malware
We suggest Symantec, Bitdefender, Norton, Trend Micro or Avast free versions or step up for a few $ for the paid version. Every Android device should have anti-virus. Get any of the well rated ones from the Google Play store.
Have a 2nd line of Cyber Defense
Even though you have (or will get) anti-malware and/or antivirus, it’s a good idea to have a second layer of defense. We specifically recommend MalwareBytes as supplementary protection. Because the attacks are constantly changing, having multiple layers of protection increases your odds of blocking the attacks. Note: Malwarebytes has an Android version – MalwareBytes for Android
9. Patch & update anything that connects to the internet.
We need to update, patch, and secure every device that connects to the internet. As an example, if you have Microsoft Windows, the updates can be annoying but you should ALWAYS apply them. Update your smartphone as soon as possible. Update the bios or firmware and patch the software. Don’t just think about Windows patches, you need to update your: smartphones, PCs, laptops, tablets, smart TV, router, firewall, refrigerator, baby cam, home security and any other internet connected system. If you have old computers, or internet connected devices that you CAN’T update, eliminate or replace them. Remember you need to make sure your antivirus or antimalware software too.
Only Get Updates from Trusted Sources
Bad guys know updates are critical, so they may try to lure you to click on a link or attachment that isn’t an update, it’s a virus or other malicious software. Be suspicious. Go to the vendor to get the update.
Avoid “Free” Download Sites
Bad guys attach bad content, viruses or malware to legitimate software and load them on websites. Unless you have a very secure computer or one you can wipe and reinstall easily avoid download sites.
Protecting Other Internet Connected Devices
Although they don’t support antivirus, TVs, gaming consoles, tablets, home control systems, refrigerators, clothes washers, baby cameras – anything with Bluetooth or internet access are hackable, so keep all software and firmware up to date. You can use your firewall to block internet access to those devices.
10. Don’t Trust Public WiFi.
WiFi also known as wireless can be a problem. Unsecured wireless can be hacked easily by anyone in range of the signal. An older WiFi controller that isn’t updated or is using default compromised username or password can be hacked. This means that anything you do on the link that isn’t encrypted can be eavesdropped on.
You can watch Netflix or Hulu on the free Starbucks or McDonalds connection but never do banking there. Instead use your cellular link for secure transactions.
WiFi encryption – WEP and WPA2 Enterprise?
When you connect to a WiFi service, your mobile device will show a lock for a secure WiFi (wireless) connection. The lock is not a guarantee though. You need to check it because only WPA2 is secure, WEP is not. Be careful ONLY do banking & purchases on trusted internet connections (home is best).
What looks like a secure WEP connection, can be hacked. You need to look for WPA2 Enterprise. See “The Difference Between WEP, WPA, and WPA2 Wi-Fi Passwords” for an explanation of the different wireless network types. If your router/firewall doesn’t support WPA2, upgrade it right away.
Secure WiFi on Your Smartphone, Laptop or Tablet
Set your smartphone and/or laptop so it doesn’t connect automatically. If possible, ONLY connect to KNOWN secure wireless services (WPA2 Enterprise). Avoid insecure public WiFi networks. If you really need to connect, consider a personal secure VPN (which may be bundled with your firewall/router).
Secure Your Home WiFi
Turn on WPA2 Enterprise encryption on your wireless router or firewall. If your wireless router doesn’t have WPA2, get one that does (see #13 – firewall). Many of the good firewalls include wireless router security features. Make sure you update the firewall/router as firmware updates may be required to secure your wireless network.
11. Be Careful Sharing Information Online
Bad guys use Google and search through everything online. They use the online information against you. So you need to be careful what you post on social media. Never share personal information on Facebook, LinkedIn or other social media.
Stalking and Sex Trafficking
Stalking and sex trafficking are an unfortunate reality. Posting selfies (especially immodest ones) with the geotagging (GPS location info) intact to the general public could make someone a target. The geotagged selfies show where you go and when you go there, leaving you or your loved ones more open to theft or attacks.
Turn Off GeoTagging / GPS / Location Services
Your iPhone or Android smartphone geotags pictures. This means it inserts date and time and location (GPS – Global Positioning System) information into pictures you take. The smartphone may also share location and date/time information with various applications or websites. We recommend turning off GeoTagging (also called location services) on smartphones.
12. Phone and Fax Scams
Unfortunately even you stay totally offline you might be a target of Social Engineering. The bad guys take advantage of our trust in other people. The bad guys use deception to manipulate you into sharing passwords, credit cards, or other personal information. Social engineering could be a phone call from a number that lists itself as the “IRS” or an email that appears to be from “FedEx”. Some are faxed fake purchase orders that look like they are from a legit organization but actually have a different shipping address.
Caller ID can be Faked and is Faked All the Time
Watch out of phone and fax scams. CallerID is regularly FAKED. The CallerID might display information such as: IRS, Microsoft, FBI, Police, or a bank or credit card name. If you get a call be suspicious and contact the calling agency directly. CallerID is just text and the bad guys can enter ANY text they want.
Don’t respond to threats
If someone uses phone, fax or email to threaten or try to force you must take some action to avoid jail or fines, it is likely a scam. Scams include threats that your computer is compromised and you must give them your credit card info to fix it. Many times the phone call will note your computer is infected. Don’t respond, simply hang up or delete the email or throw away the fax.
Be Suspicious of Creative Phone Scams
In a recurring scam, bad guys get the name, contact information and cellphone number of a college student going on spring break. While the student is on vacation they call an elderly relative and display the cellphone number of the student and then claim that the student is injured or in jail and needs a credit card number to get to the hospital or out of jail.
If you’re unsure whether the call is real or not, tell them you will call the cellphone back once you find the credit card number. The scammers won’t want you to hang up and may get angry or wild or claim they you cannot call them back.
13. Buy an Advanced Firewall
Make sure you have a “current” (fairly new) firewall and make sure it has all its updates. You need a firewall to stop known attacks on your home network. A good firewall protects you from bad websites and may protect you from hacking and bad email. Newer firewalls have Intrusion Detection and Prevention which protects you even more. Also note, the good firewalls require an annual subscription which gives you hourly or even minute by minute security updates. Some also support roaming VPN for your smartphone (this is a way to encrypt ALL traffic to your smartphone to protect it when you are traveling).
The top four we recommend are:
- Fortinet FortiGate/FortiWiFi
- Cisco FirePOWER 5506w-x
- Dell SonicWALL 01-SSC-0647
- WatchGuard T10-W (WGT10501)
Just like for home, your small Businesses needs an up to date firewall. It is even more important if you do any online banking, sales, purchases or have multiple computers that you depend on to do your job.
We recommend any of these: Cisco 5506-X; Palo Alto; Barracuda, Fortigate/Fortimail; Dell SonicWall or WatchGuard. You will need to find a trusted partner to set up and maintain the firewall. All good firewalls require an active annual subscription to keep it up to date.
Firewall Email Security
For a more secure home (or for any business) you can also get firewalls that include an email gateway. Some of the advanced firewalls have “email sandboxes”. The sandbox automatically clicks on links and attachments and watches for bad behavior.
Vendors to consider include: Symantec messaging gateway, Fortinet/Fortimail, McAfee, Barracuda and for larger organizations Cisco, WebSense and Palo Alto. Look for cloud (web) based services so the email processing is someone else’s problem.
Block Bad Guys. All firewalls can block internet access to and from a specific device or IP address. If you are being attacked by a specific IP or URL you can go into the firewall and block it. However, be careful not to block an external IP that’s being used for normal purposes (such as a file transfer to/from work, or an update server your devices are connected to) – you can find basic information about an IP address using IP lookup tools such as this one.
Block Internal Devices. Configure the firewall to block Internet traffic to or from devices on your network that are insecure or should not be on the Internet. Maybe blocking a babycam or refrigerator. Blocking those devices also reduces unnecessary traffic. For a business this could mean blocking security cameras, or a CnC control system.
Configure or Block IPv6. This is the most current internet protocol. IPv4 is what most of us still use. Many devices support IPv6 but don’t have it configured, or worse yet, it is configured incorrectly. This can be used to attack your devices and network. Configure it or disable it.
Firewall Alternatives. Consider alternate firewall solutions such as ZoneAlarm, Comodo Firewall or SafeSquid if you have an extra PC or Raspberry Pi and can deal with installation and updates yourself.
14. Encrypt your important information
Encryption is basically creating a file folder that requires a password to open. There are a number of good Encryption tools such as:
- VeraCrypt free
- Bitlocker (built into Microsoft Windows)
- GNU Privacy Guard
You can use this type of software to encrypt a folder and then place files inside the folder. This makes it hard for someone to access those files.
Why not encrypt everything?
The main challenge is that encryption works great IF the computer hasn’t been hacked. If the bad guys can see what you type, they can get the password for your encrypted file. So encryption is second to getting good antivirus and a good firewall.
When to use encryption?
You should encrypt files that contain personal and confidential information, like a backup of a password file, or information regarding banking, taxes and/or healthcare. Encryption is especially useful if you need to send a small amount of sensitive information via email. Encrypt it and send it, and call the other person and tell them the password. This way even if the email is hacked the bad guys don’t have access to the contents of the encrypted file.
Encryption is also used for backup files on the internet. Web site services like SpiderOak allow you to store information securely on the internet. You keep the key they just store the encrypted file. Lastpass is similar in that they don’t have your password so even if they get hacked the bad guys only get the encrypted file, which means they need your master password to access the data.
15. Add DNS Filtering
This a techy thing. DNS (Domain Name Service) is a tool that nearly every internet connected device uses. It converts a URL (website name) like “google.com” to an IP address such as “220.127.116.11”. This allows the computer to access content.
A couple of new services can protect your devices from bad websites by filtering DNS. Basically you make your network get its DNS lookup from a site that blocks bad sites. This means that a device such as a babycam that might be hacked, and then directed to a bad website would be blocked from reaching it via DNS. The firewall may even block the address entirely, thereby protecting your device – even though it has not anti-virus or anti-malware protection at all.
Three Free DNS Filtering Options
OPENDNS The addresses for the Primary DNS is 18.104.22.168 and the Secondary DNS field is 22.214.171.124
Quad9 (GCS) the Primary DNS is 126.96.36.199 and the Secondary DNS field is 188.8.131.52
Google the Primary DNS is 184.108.40.206 and the Secondary DNS field is 220.127.116.11
How do I add them?
You add the Primary and Secondary DNS addresses to your home firewall. That will make all your devices use the more secure DNS.
More Secure DNS Information
You can get more info on from https://www.opendns.com/home-internet-security/. OpenDNS can be used on a smartphone also. For a small business and non-profits you can also consider the free GCA DNS Security. Basically you change your DNS from whatever it is to the secure DNS provided by OpenDNS or GCA.
16. Be Secure when Traveling
Don’t share lots of information about traveling on social media. The bad guys can use your information to break in when you are on vacation in Florida. Another trick bad guys use is to scare family members into sharing credit card information. They use the travel information to scam your loved ones by calling in the middle of the night while you are vacation and ask for a credit card and associated information to get you out of jail, or get you to the hospital.
Never use public devices for personal info or banking. A PC at a hotel (or library, or any other publicly accessible computer) very likely is fully compromised. It probably has malicious software such as a keyboard logger, so the bad guys use it to track everything you type and every website you visit.
Don’t use Hotel / Insecure WiFi when traveling. Don’t make do banking or make any online purchases and you may not even want to check your mail as insecure wifi can be used to steal your userid/password.
When you travel overseas consider getting a “throw away” or “burner” laptop and phone. Don’t put critical personal, financial or business information on devices when traveling. The devices are likely to get compromised.
17. Restrict Remote Access
Don’t let anyone (or anything) remote connect to your computer unless you are ABSOLUTELY sure who they are. Some online tech support service may offer to login and fix your computer remotely. Be absolutely sure you know who is connecting before you allow any connection.
Restrict PC Admin Access
Set up accounts on your PC that don’t have administrator privileges and use the less privileged account day to day. Make a new account that doesn’t use the name admin, administrator, or root as the real administrator account. And of course, use a long password on the real admin account, and enable two factor if you can.
Change Admin on Other Devices
Consider changing ADMIN account names on all your devices wherever you can. Store those new Admin UserIDs and passwords securely. Many devices have an “admin” account. Rename that to anything else such as “my88login” “theBIGdude” or anything else you come up with. That will reduce the likelihood of brute force attacks (mass userID and password spamming) against the devices admin account.
Physically secure your computer, smartphone, credit card and other devices.
There have been plenty of movies and TV shows where someone has hacked an “unhackable” system by getting physical access to it – unlike most movie hacking, this has some basis in reality. Don’t leave your devices in a public location unattended. They are an easy target for theft.
RFID Blocking Wallet and Purse
Consider getting an RFID blocking purse or wallet. It is getting easier for the bad guys to steal RFID credit card information from your wallet without ever touching you. RFID is radio frequency ID. The bad guys carry an RFID reader also known as a credit card skimmer (a device that can read your credit card without it leaving your pocket, purse or wallet). They carry the reader in large crowds or events and get close enough to you to get the info off the credit card. Even tinfoil around the card or ID you want to protect will block RFID skimmers.
Wipe or Destroy Your Old Electronics
When you no longer want your old computer, tablet, smartphone or USB drive, you need to securely dispose of it. Consider using DBAN, CBL Data Shredder, HDShredder or others to ensure that a drive has all its data securely destroyed. Alternately you can get out a hammer and pound until the device is entirely unrecoverable.
There is No Such Thing as Total Internet Security
Even if you do everything “right”, all it takes is one data breach at a store, government organization or financial institution (or even a friend or family member) to leave you open to attack. Even if you do almost nothing online, your personal information is now out there somewhere in cyberspace.
It’s up to each of us as individuals to protect ourselves. We need to use the right tools and make sure we use good habits to minimize risk. We need to keep a close eye on our accounts and personal information. There are plenty of bad guys out there, but we don’t need to make their job easier.
Make sure to share this post with those you care about to help keep them protected.
We know this is a long list, but if you take it section by section you can get it done.
This post was written by August Neverman IV. August is the Chief Information Officer and Information Security Officer of Brown County. He’s served on several emergency preparedness teams during his tenure at a local hospital, as well as undergoing emergency response training during his time with the Air National Guard. He and his wife, Laurie, live with their two sons in a Green Built, Energy Star certified home with a permaculture twist.
Other preparedness posts you may find useful:
- When the Power Grid Fails – 10 Things You Need to Prepare
- Odds of Everyday Emergencies
- Emergency Water Storage and Filtration – What You Need to Know Before Emergencies Hit