This post may contain affiliate links which won’t change your price but will share some commission.

Internet Security – 17 Steps to Avoid Computer Viruses and Identity Theft

Sharing is caring!

Potentially vulnerable devices

Cybercrime and hacking are risks every one of us are exposed to. One in 3 people will experience identity or financial theft this year. This is a real risk we cannot ignore.

I know this isn't typical homesteading content, but computers are an everyday part of most people's lives. You lock your doors to secure your car or home. It only makes sense that you “lock the doors” to your online accounts, too. You are officially the Cyber Security Officer of your home whether you like it or not.

My husband, August, has worked in computer security for over a decade, and regularly gives internet security presentations to the public. He worked with me to adapt his presentation into a post. The hackers and thieves are getting more aggressive in their attacks, so it's up to us to protect our own interests. This post will walk you through the basic steps you should take to avoid computer viruses and identify theft.

Contents

Preparing Now instead of Reacting Later

Even if you think you are all set, what if you lost your computer or smartphone? Do you have all that information somewhere else? Could you still pay bills, get a phone service changed, sell your home, get a new passport?

Focusing on cyber security is not is fun, but it’s a LOT less painful than having to rebuild your life after your bank accounts are empty, loans are taken out in your name, and tax returns are filed with your identity. A small amount of work now will save you a LOT of time later.

Is it Really that Bad?

Yes, unfortunately, it is that bad. To get a feel for how bad it really is, review these links:

If you are unsure, ask friends and family and you are sure to come across someone who has lost a lot of money and time because of cyber hacking.

Respond to problems right away

It really isn’t a question of if you get hacked – it is a question of when, and how badly. Whether it’s a hacked account, identity theft, or an infected smartphone, you need to take action. The bad guys can lock down your device and force you to pay to access it (ransomware), or add software that runs in the background on your computer, quietly stealing information. Other hackers infect your computer or email, and use it to attack other computers or users.

For better or worse, most modern hackers don't simply trash your computer – they use it as a tool to steal or harm you and others. If you don’t have anyone in the family who can be your “Cyber Security Cop”, find someone you trust to help you.

There are many different types of hacks, so what needs to be done to recover will vary. Take care of the problem as soon as possible.

17 Ways to Reduce Cyber Risk

  1. Protect passwords. Use long passwords. Store your passwords securely. Never share them. Consider answering challenge questions incorrectly on purpose.
  2. Use two-step authentication for e-mail and other accounts where possible.
  3. Secure your smartphone. Physically protect your phone. Add PIN and/or fingerprint based security to your phone. Add anti-malware if you have an Android phone.
  4. Secure your IRS and SSA Accounts.
  5. Securely back up your critical information.
  6. Protect your identity. Get $1 million in identity insurance at $25 to $100 a month for your entire family, if you can afford it. At least have a plan in case you get hacked.
  7. Be suspicious. Avoid clicking on email attachments and links – if you can, buy a simple computer like a iPad, Chromebook, Kindle or other tablet to read email and surf the internet.
  8. Install anti-virus and anti-malware where possible.
  9. Patch & update anything that connects to the Internet.
    1. Update Operating Systems on laptops and computers
    2. Update Anti-Malware software – software that stops known malicious software
    3. Update baby cameras, firewalls, routers, cameras, tablets, Smartphones and any other device that connects to the internet.
  10. Don’t trust public WiFi. Be careful on insecure WiFi (do banking & purchases only on trusted internet connections). Use your cellular link before Starbucks or McDonalds for secure transactions.
  11. Be careful sharing information.
  12. Watch out for phone and fax scams. Caller ID is regularly faked. If someone is calling saying they are the IRS, police, bank, credit card company etc., be suspicious and contact the agency directly.
  13. Buy an advanced firewall that
    1. gets hourly or minute by minute security updates: Cisco, Fortinet, Palo Alto, Baracuda and others
    2. supports roaming VPN for your smartphone
  14. Encrypt your important information.
  15. Add OPENDNS or Quad9 (GCS) – free DNS security filtering.
  16. Be secure when traveling.
    1. Don’t post everything publicly. Burglars can target your house when you are gone if you let everyone know.
    2. Don’t use hotel computers for anything – its likely bad guys have hacked them.
    3. Don’t use WiFi to do any banking, online purchases and you may not even want to check your mail as insecure wifi can be used to steal your userid/password.
    4. If you are traveling overseas consider getting a “burner” cheap phone and/or laptop that you can throw away when you get home. Also consider creating a temporary email address that you will stop using after the trip.
  17. Restrict remote access

Details for each Recommendation

1. Protect Passwords

You don’t share the key to your house or code to your safe. Your passwords are similar to the keys to your entire house. Keep your passwords SAFE. Use Long Passwords, Secure your passwords and consider answering challenge questions incorrectly on purpose.

Use Long Passwords 

Long passwords win over short complex passwords. A password like “XP_123!@” is easier to hack than “I like 2 fish on Sunday for B@ss!”.

An easy way to see why short passwords are bad is to test sample passwords vs short sentences at security.org/how-secure-is-my-password/. Note – don't test your ACTUAL passwords, just one of a similar size and complexity. Some services won’t allow really long passwords.  (See The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time for more info on why short passwords with strange characters don't work.)

Use Different Passwords for Each System/Service

If one of your utility accounts is hacked, you don't want the bad guys to have your banking or credit card password. Store all your different passwords in a password management tool.

Answer Challenge Questions Wrong

If you can, answer challenge questions with INCORRECT information that is unique to the site – for example, your favorite food is “bicycle” on your bank account and “pottery” on your e-mail account (though you may want something a bit more complex). Store this information in a password management tool.

Manage Your Passwords

Now that you have many different long passwords and goofy challenge questions and responses, how will you remember them all?

Paper. You might write them down – but remember to secure that paper list because it would be very easy to steal everything you have if someone gets that list. Shred or burn old copies of the list.

Word Document. You might be tempted to use a program such as Microsoft Word, but that's not a good place to put secure information. Instead, put your passwords in a secure tool. DON’T save them on your desktop. If you do use Word or Excel, at least get an encryption tool to secure the file. NEVER store passwords in Hotmail, Gmail or Yahoo email.

Password Manager. The best option for most people is to use a password manager. Consider using tools like: KeePass, Dashlane, Sticky Password Premium, Keeper Password Manager & Digital Vault, LastPass or any other well rated password management tool.

  • Keepass (free) http://keepass.info/ is installed on your computer and stores your passwords on the computer itself in a secure database. It doesn’t come with any Internet syncing built-in, so if you have many devices you want to access your passwords from, this may not be the best choice.
  • Keeper Password Manager, 1Password, and Lastpass are online options, which store your passwords in an off-site secure database. You can access these from anywhere if your device has been authenticated, and they include support for multiple users so you can set up shared access to specific passwords (i.e. a joint bank account).
  • Backup your passwords – You can copy your passwords from tools like Keeper or Lastpass and print a paper list and put it in a safe deposit box, or store a copy of the database on an encrypted USB drive and keep it in a safe or at a friend’s house.

Reset Your Passwords 

Watch the news for businesses that got hacked. If you suspect your password is compromised, reset your password immediately. Even if you don’t suspect a breach, it is a good idea to reset passwords at least annually.

Change EVERY Default Password

A default password is the default user ID and password for a device. Default passwords are easy targets for hackers, they have huge lists of default user IDs and passwords for nearly every Internet connected device.

Change default passwords on your: PC, gaming console, laptop, home security system, tablet, smartphone, TV, printer, car/truck/SUV, refrigerator, baby camera, modem, wireless router or firewall, and all your smart devices.

If it is impossible to change a default device username and password, you will want to block external access to that device if at all possible.

Never Share Your Passwords

Never share passwords or other confidential content in regular email. Never share passwords when you RECEIVE a phone call. If you MUST share a password (which I don’t recommend) use encrypted software tools or place a call yourself. And then reset your password immediately when done.

Don’t store passwords in Word or Excel. Even a password protected Word or Excel file can be hacked easily. If you MUST store passwords in Word or Excel store the files inside an encrypted password protected folder (see encryption below such as Veracrypt)

2. Turn on Two Step Login

Two step login makes it REALLY hard for a hacker to access an account. You may be using “two step” also called “two factor” or “two factor authentication” with your bank already. Add two step authentication to your email and all other accounts that support it. Record the rules for access, two factor steps and/or challenge questions in your password management tool (see above).

What is Two Step?

As the name implies, it requires two steps to log in: first, you log in normally with a user ID like jsmith@abc.com, then (depending on the variant) you receive a code on your smartphone or e-mail account and enter it to complete the log-in. If a business is hacked, you may lose your user ID and password, but the two step code makes it so they need access to your smartphone too, so anything protected with two step or two factor is more secure.

How do I get Two Step?

Many two-step services are free. See these pages for instructions on how to add two-step authentication:

Can I add Two Step Authentication to my Computer?

Yes. There are built in two step features in Microsoft Windows 10. You can also purchase other two factor tools.

3. Secure Your Smartphone or Tablet

Your smartphone is a target. As smartphones become more powerful, they often contain lots of personal information, such as banking or credit cards, location, and personal contacts. Hackers can use this information directly, or use it to manipulate you and/or your contacts. The FBI notes your smartphone is the 2nd most common way personal funds and information is stolen.

Nearly every smartphone has your email on it. If your phone is stolen your email may be used to access your bank, cellular phone company, online services and/or credit card information. The hackers can use this to steal your money or hack your friends.

Put a PIN or Passcode on EVERY smartphone or tablet

Putting an access code on your smartphone is one of the simplest ways to help keep people from accessing your personal information. Here are links to enable a pin and/or pass iPhone Pin/Passcode or Android Pin/Passcode.

Enable Fingerprint or Facial Recognition on your smartphone or tablet

You can also turn on fingerprint and facial recognition on some phones if you don’t want to deal with the PIN/Password regularly.  Note: There are some privacy issues with the police that you may want to research before you enable fingerprint technology.

Protect Your Android Smartphone or Tablet

Android based phones have over 1 million malware variants in the wild – if you have an Android device, add an antivirus / anti-malware app. (Pick any of the top ones.)

Back up the Smartphone or Tablet

Securely back up your critical information, Apple and Google have backup options and you can also copy phone data to your PC or laptop depending on the make and model of the device. A backup of the device is useful in case you lose it or it is stolen.

4. Secure Your IRS and SSA Accounts

Secure your information and accounts with the IRS and Social Security Administration.

IRS (Internal Revenue Service)

Protect your tax returns. Go to the IRS website and create transcript account (different than your SSA account) this gives you access to your prior tax returns. https://www.irs.gov/individuals/get-transcript  Even if you don't want to use the account create one and put a long password or sentence on it, so bad guys can't log in as you and file taxes as you.

SSA (Social Security Administration)

Protect your social security number. Go to the Social Security website and create a standard account https://www.ssa.gov/myaccount/

5. Securely Back Up Your Data

Backup your devices, and do it frequently or better yet automatically. You can use a local hard drive and/or use a service like BackBlaze, iDrive, Carbonite, Mozy, SpiderOak or any other reliable service. If you are really worried about online hacking, buy an external hard drive and back up data to that hard drive. Remember, you will want a copy in some other building just in case of a fire, so buy two.

External Hard Drive Options

6. Identity Protection

What is Identity Theft?

Identity theft could be as simple as a credit card being used by a bad guy all the way to full use of your identity for taxes, credit and healthcare. More info here:

https://www.consumer.gov/articles/1015-avoiding-identity-thefthttps://www.usa.gov/identity-theft#item-206114

Credit Card Theft

Thieves will often do a few small transactions on a credit card or bank account as a test. If those are successful, things can get much worse, very quickly. Some hackers deal in total identity theft. They want to steal all of “you”, so someone else can become you. Identity protection services can help.

Have a Plan

At least have a plan in case you get hacked. Have a secure paper or secure electronic list of all your key information including birth certificates, deeds, licenses, mortgage and loan info, banking and credit info, phone and utility info. That same list can be grabbed in an emergency if you have to evacuate your home for a fire, tornado, hurricane or other disaster.

Even if you can’t afford the $20 or more per month per person – you can request that your credit card and financial identity be locked down and then check it manually. Contact your bank and credit card companies for more information.

Identity Protection vs Identity Insurance

There is a difference. Identity protection will alert you to inappropriate uses of your credit, personal information or accounts. It helps reduce your risk. Identity insurance will give you money (depending on details) to help recover from identity and financial theft. The main companies that provide insurance also provide identity protection. They also provide legal assistance and overall guidance should your identity or financial information be stolen or used fraudulently.

Identity Insurance

We strongly recommend you consider identity insurance. The $1 million in identity insurance may sound like a lot, but add up all your vehicles, your home, and all your retirement and bank accounts and it may not sound as crazy. $1 million in identity insurance should cost about $25 to $100 a month for your entire family. Note: your homeowner’s or renter’s insurance may have an option to add identity insurance.

Which Identity Insurance?

The top identity protection vendors include: LifeLock, IdentityGuard, IdentityForce and Legalshield and other services will help you identify problems and deal with them. When you pick one make sure it has the $1 million in insurance. The lower priced plans have much lower coverage.

Some homeowner insurers have identity protection riders. Right now, IdentityGuard Family Plan at $24.99/mo for your entire family is the best bang for the buck for the $1 million in insurance plus identity protection. For individuals we recommend IdentityForce. Lifelock has the most features but is the most expensive also (in our case $442 more expensive for 6 adults).

If you have a small business and/or large online presence (for instance, my work blogging and my husband's computer work), an identity protection service is almost required.

Other Ways to Protect your Identity

  • Check your identity & history. You can check identity and financial status at https://personalreports.lexisnexis.com/   It requires that you fill out a form and mail it.
  • Check your consumer medical, hobby and driving record at mib.com/html/request_your_record.html Insurance companies check this to make decisions about you.
  • You can get an annual statement of medical benefits from your health-insurance provider that will include claims and medical treatment. Contact your health insurer to get this information.
  • Chex Systems and TeleCheck reports have information about mishandled and overdrawn checking accounts. For Chex Systems, go to com and click on “Order Consumer Report.” For TeleCheck, go to www.firstdata.com/telecheck/telecheck-request-file-report.htm .
  • Rental history reports have information on your rent payments, references, and evictions. For information on getting your report from First Advantage SafeRent, call 800-815-8664 or go to www.fadvsaferent.com/consumer_relations/index.php. For your RentBureau report, go to www.rentbureau.com/multifamily and click on “Consumers.”
  • Prescription drug history has information about the medications you've taken over the last five years, including dosages, your refill record, and the doctors who prescribed them. Call Intelliscript at 877-211-4816 and Medpoint at 888-206-0335.

7. Be Suspicious

Bad guys use links and documents to attack you. They put the links and documents in email and in websites. They have also started adding them into advertising.

Email is the #1 way we are attacked.

Email attacks include: phishing, spam, social scams and delivering malware. Bad guys use email to steal credit card and bank funds, put software on your computer to carry out more attacks, and steal personal information.

Use separate email addresses for different types of activity.

If you only have one email account, a hacker who gets access to that email gets access to EVERYTHING about you. If you split it up into multiple accounts, you are harder to hack. Set one up for banking that might be a random code so it doesn’t easily associate with you – such as E322RING99@gmail.com.

Bad Links

Be suspicious of links in email and websites. Links can be faked. If you hover your mouse over a link (put your mouse over a link but don’t click) to ensure the link is real. The displayed link can be different from the actual link. Here is an example – hover over this sample link winbigmoney.com and note that the actual link is stealallmymoney.com (not a real website). Also, watch out for creative spelling. In these two examples you really need to focus to see the problems:

(Hover over the links to see the underlying false link.)

http://www.masonbank.com or http://www.masonbank.com or http://www.masonbank.com

All three look the same at first glance, but none link to what is displayed. They have creative text additions to make them look similar, or spelling errors that the bad guys hope you don’t notice.

Email Attachments & Files

Email attachments and files on servers such as documents with names ending in .DOC and .DOCX, .PDF, .EXE .COM .ZIP and .XLS can include malware, viruses, rootkits, and other malicious software. Bad files as email attachments or download files are a fast way for bad guys to get FULL access to your computer and steal your identity and money.

How do I Protect Myself?

Avoid deals that are too good to be true. Avoid questionable websites. Never click on a virus popup from a website. If something pops up on a website that says “You have a virus” and you click it, it will likely give you a virus. If you can’t close the screen, don’t click – if the computer won’t respond, turn it off entirely. If you have just opened a website and a message shows up that seems to be from your operating system or a security program, it's almost certainly malicious.

Don’t open unknown emails, especially ones with attachments from unknown people. If you get an email with a name you recognize, but it doesn't use the name your contact normally uses, or the email address is different, be suspicious. Don't open the email. Instead, email the contact using their correct information, and ask if they sent the problem email.

Read the rest of this page and take action wherever you can.

Avoid porn web sites and other questionable sites like movie sharing or music sharing. They are regularly infected.

PRO TIP: Avoid using bank debit cards and Electronic checks online. In general, credit card companies will better protect you from the risk of fraud. Many banks have $5,000 to $50,000 fraud limits that YOU are responsible to pay. Check with your bank for details.

Buy a Google Chromebook or iPad to Read Email and Surf

The majority of malicious links and attachments in email are targeted toward computers using Windows – Chromebooks and iPads don't run on Windows, so Windows-based viruses and malware won't be able to do anything.

Look for the Green Lock Symbol at the Top Left of the Browser

Browsers such as Microsoft Edge, Microsoft Internet Explorer, Firefox and Chrome all have security symbols. Firefox, Microsoft Edge and Chrome have the secure lock symbol in the top left, next to the web address. Internet Explorer has its security symbol centered at the top of the window.

If you are interacting with any major organization, the lock symbol should appear – if it doesn’t, that may be a sign you’re on a fake site or your connection to the site is insecure. If you are suspicious, make a phone call to the business, utility, bank or service provider.

8. Anti-Virus and Anti-Malware

Any computer you connect to the internet needs protective software. You need software to protect your computer, tablet or other smart device from viruses, malware and hacking. Your PC or Mac and Smartphone all need anti-virus / anti-malware software. Microsoft Windows 10 has a basic anti-malware tool built in, but you may want to consider a better one. Pick ANY reputable tool and install it NOW. Use a free one if you can't afford a paid one. Don’t wait.

What is the difference between a Virus and Malware?

Malware is short for “malicious software”. A virus and malware are basically the same thing. A virus or malware can be a full program that runs independently, or bad code slipped into an otherwise good program.

For a Windows 10 or Windows 7 computer or laptop

Microsoft provides a decent anti-virus for free with Windows 10, and you can get Microsoft Windows Defender for free for Windows 7.

If you are looking for better PC or Mac, security consider purchasing one of these:

  1. Webroot SecureAnywhere (protect up to 5 devices) ANNUAL This is an excellent product
  2. Symantec AntiVirus Basic (5 devices)
  3. Trend Micro Maximum Security 2018 (5 user)
  4. There are others such as: BitDefender and new competitors such as Carbon Black and Heimdal. We suggest you stick with a name brand unless you are a tech or have a tech friend.

Android Smartphone Anti-Malware

We suggest SymantecBitdefenderNorton, Trend Micro or Avast free versions or step up for a few $ for the paid version. Every Android device should have anti-virus. Get any of the well rated ones from the Google Play store.

Have a 2nd line of Cyber Defense

Even though you have (or will get) anti-malware and/or antivirus, it’s a good idea to have a second layer of defense. We specifically recommend MalwareBytes as supplementary protection. Because the attacks are constantly changing, having multiple layers of protection increases your odds of blocking the attacks. Note: Malwarebytes has an Android version – MalwareBytes for Android

9. Patch & update anything that connects to the internet.

We need to update, patch, and secure every device that connects to the internet. As an example, if you have Microsoft Windows, the updates can be annoying but you should ALWAYS apply them. Update your smartphone as soon as possible. Update the bios or firmware and patch the software. Don’t just think about Windows patches, you need to update your: smartphones, PCs, laptops, tablets, smart TV, router, firewall, refrigerator, baby cam, home security and any other internet connected system. If you have old computers, or internet connected devices that you CAN'T update, eliminate or replace them. Remember you need to make sure your antivirus or antimalware software too.

Only Get Updates from Trusted Sources

Bad guys know updates are critical, so they may try to lure you to click on a link or attachment that isn’t an update, it’s a virus or other malicious software. Be suspicious. Go to the vendor to get the update.

Avoid “Free” Download Sites

Bad guys attach bad content, viruses or malware to legitimate software and load them on websites. Unless you have a very secure computer or one you can wipe and reinstall easily avoid download sites.

Protecting Other Internet Connected Devices

Although they don't support antivirus, TVs, gaming consoles, tablets, home control systems, refrigerators, clothes washers, baby cameras – anything with Bluetooth or internet access are hackable, so keep all software and firmware up to date. You can use your firewall to block internet access to those devices.

10. Don’t Trust Public WiFi.

WiFi also known as wireless can be a problem. Unsecured wireless can be hacked easily by anyone in range of the signal. An older WiFi controller that isn’t updated or is using default compromised username or password can be hacked. This means that anything you do on the link that isn’t encrypted can be eavesdropped on.

You can watch Netflix or Hulu on the free Starbucks or McDonalds connection but never do banking there. Instead use your cellular link for secure transactions.

WiFi encryption – WEP and WPA2 Enterprise? 

When you connect to a WiFi service, your mobile device will show a lock for a secure WiFi (wireless) connection. The lock is not a guarantee though. You need to check it because only WPA2 is secure, WEP is not. Be careful ONLY do banking & purchases on trusted internet connections (home is best).

What looks like a secure WEP connection, can be hacked. You need to look for WPA2 Enterprise. See “The Difference Between WEP, WPA, and WPA2 Wi-Fi Passwords” for an explanation of the different wireless network types. If your router/firewall doesn't support WPA2, upgrade it right away.

Secure WiFi on Your Smartphone, Laptop or Tablet

Set your smartphone and/or laptop so it doesn’t connect automatically. If possible, ONLY connect to KNOWN secure wireless services (WPA2 Enterprise). Avoid insecure public WiFi networks. If you really need to connect, consider a personal secure VPN (which may be bundled with your firewall/router).

Secure Your Home WiFi

Turn on WPA2 Enterprise encryption on your wireless router or firewall. If your wireless router doesn’t have WPA2, get one that does (see #13 – firewall). Many of the good firewalls include wireless router security features. Make sure you update the firewall/router as firmware updates may be required to secure your wireless network.

11. Be Careful Sharing Information Online

Bad guys use Google and search through everything online. They use the online information against you. So you need to be careful what you post on social media. Never share personal information on Facebook, LinkedIn or other social media.

Stalking and Sex Trafficking

Stalking and sex trafficking are an unfortunate reality. Posting selfies (especially immodest ones) with the geotagging (GPS location info) intact to the general public could make someone a target. The geotagged selfies show where you go and when you go there, leaving you or your loved ones more open to theft or attacks.

Turn Off GeoTagging / GPS / Location Services

Your iPhone or Android smartphone geotags pictures. This means it inserts date and time and location (GPS – Global Positioning System) information into pictures you take. The smartphone may also share location and date/time information with various applications or websites. We recommend turning off GeoTagging (also called location services) on smartphones.

12. Phone and Fax Scams

Unfortunately even you stay totally offline you might be a target of Social Engineering. The bad guys take advantage of our trust in other people. The bad guys use deception to manipulate you into sharing passwords, credit cards, or other personal information. Social engineering could be a phone call from a number that lists itself as the “IRS” or an email that appears to be from “FedEx”. Some are faxed fake purchase orders that look like they are from a legit organization but actually have a different shipping address.

Caller ID can be Faked and is Faked All the Time

Watch out of phone and fax scams. CallerID is regularly FAKED. The CallerID might display information such as: IRS, Microsoft, FBI, Police, or a bank or credit card name. If you get a call be suspicious and contact the calling agency directly. CallerID is just text and the bad guys can enter ANY text they want.

Don’t respond to threats

If someone uses phone, fax or email to threaten or try to force you must take some action to avoid jail or fines, it is likely a scam. Scams include threats that your computer is compromised and you must give them your credit card info to fix it. Many times the phone call will note your computer is infected. Don’t respond, simply hang up or delete the email or throw away the fax.

Be Suspicious of Creative Phone Scams

In a recurring scam, bad guys get the name, contact information and cellphone number of a college student going on spring break. While the student is on vacation they call an elderly relative and display the cellphone number of the student and then claim that the student is injured or in jail and needs a credit card number to get to the hospital or out of jail.

If you're unsure whether the call is real or not, tell them you will call the cellphone back once you find the credit card number. The scammers won’t want you to hang up and may get angry or wild or claim they you cannot call them back.

13. Buy an Advanced Firewall

Make sure you have a “current” (fairly new) firewall and make sure it has all its updates. You need a firewall to stop known attacks on your home network. A good firewall protects you from bad websites and may protect you from hacking and bad email. Newer firewalls have Intrusion Detection and Prevention which protects you even more. Also note, the good firewalls require an annual subscription which gives you hourly or even minute by minute security updates. Some also support roaming VPN for your smartphone (this is a way to encrypt ALL traffic to your smartphone to protect it when you are traveling).

Best Firewalls

The top four we recommend are:

Small Business

Just like for home, your small Businesses needs an up to date firewall. It is even more important if you do any online banking, sales, purchases or have multiple computers that you depend on to do your job.

We recommend any of these: Cisco 5506-X; Palo Alto; Barracuda, Fortigate/Fortimail; Dell SonicWall or WatchGuard. You will need to find a trusted partner to set up and maintain the firewall. All good firewalls require an active annual subscription to keep it up to date.

Firewall Email Security

For a more secure home (or for any business) you can also get firewalls that include an email gateway. Some of the advanced firewalls have “email sandboxes”. The sandbox automatically clicks on links and attachments and watches for bad behavior.

Vendors to consider include: Symantec messaging gateway, Fortinet/Fortimail, McAfee, Barracuda and for larger organizations Cisco, WebSense and Palo Alto. Look for cloud (web) based services so the email processing is someone else’s problem.

Firewall Tips

Block Bad Guys. All firewalls can block internet access to and from a specific device or IP address. If you are being attacked by a specific IP or URL you can go into the firewall and block it. However, be careful not to block an external IP that's being used for normal purposes (such as a file transfer to/from work, or an update server your devices are connected to) – you can find basic information about an IP address using IP lookup tools such as this one.

Block Internal Devices Configure the firewall to block Internet traffic to or from devices on your network that are insecure or should not be on the Internet. Maybe blocking a babycam or refrigerator. Blocking those devices also reduces unnecessary traffic. For a business this could mean blocking security cameras, or a CnC control system.

Configure or Block IPv6. This is the most current internet protocol. IPv4 is what most of us still use. Many devices support IPv6 but don’t have it configured, or worse yet, it is configured incorrectly. This can be used to attack your devices and network. Configure it or disable it.

Firewall Alternatives. Consider alternate firewall solutions such as ZoneAlarm, Comodo Firewall or SafeSquid if you have an extra PC or Raspberry Pi and can deal with installation and updates yourself.

14. Encrypt your important information

Encryption is basically creating a file folder that requires a password to open. There are a number of good Encryption tools such as:

You can use this type of software to encrypt a folder and then place files inside the folder. This makes it hard for someone to access those files.

Why not encrypt everything?

The main challenge is that encryption works great IF the computer hasn’t been hacked. If the bad guys can see what you type, they can get the password for your encrypted file. So encryption is second to getting good antivirus and a good firewall.

When to use encryption?

You should encrypt files that contain personal and confidential information, like a backup of a password file, or information regarding banking, taxes and/or healthcare. Encryption is especially useful if you need to send a small amount of sensitive information via email. Encrypt it and send it, and call the other person and tell them the password. This way even if the email is hacked the bad guys don’t have access to the contents of the encrypted file.

Encryption is also used for backup files on the internet. Web site services like SpiderOak allow you to store information securely on the internet. You keep the key they just store the encrypted file. Lastpass is similar in that they don’t have your password so even if they get hacked the bad guys only get the encrypted file, which means they need your master password to access the data.

15. Add DNS Filtering

This a techy thing. DNS (Domain Name Service) is a tool that nearly every internet connected device uses. It converts a URL (website name) like “google.com” to an IP address such as “172.217.8.206”. This allows the computer to access content.

A couple of new services can protect your devices from bad websites by filtering DNS. Basically you make your network get its DNS lookup from a site that blocks bad sites. This means that a device such as a babycam that might be hacked, and then directed to a bad website would be blocked from reaching it via DNS. The firewall may even block the address entirely, thereby protecting your device – even though it has not anti-virus or anti-malware protection at all.

Three Free DNS Filtering Options

OPENDNS The addresses for the Primary DNS is 208.67.222.222 and the Secondary DNS field is 208.67.220.220

Quad9 (GCS) the Primary DNS is 9.9.9.9 and the Secondary DNS field is 12.12.12.12

Google the Primary DNS is 8.8.8.8 and the Secondary DNS field is 8.8.4.4

How do I add them?

You add the Primary and Secondary DNS addresses to your home firewall. That will make all your devices use the more secure DNS.

More Secure DNS Information

You can get more info on from https://www.opendns.com/home-internet-security/. OpenDNS can be used on a smartphone also. For a small business and non-profits you can also consider the free GCA DNS Security. Basically you change your DNS from whatever it is to the secure DNS provided by OpenDNS or GCA.

16. Be Secure when Traveling

Don’t share lots of information about traveling on social media. The bad guys can use your information to break in when you are on vacation in Florida. Another trick bad guys use is to scare family members into sharing credit card information. They use the travel information to scam your loved ones by calling in the middle of the night while you are vacation and ask for a credit card and associated information to get you out of jail, or get you to the hospital.

Hotel PC

Never use public devices for personal info or banking. A PC at a hotel (or library, or any other publicly accessible computer) very likely is fully compromised. It probably has malicious software such as a keyboard logger, so the bad guys use it to track everything you type and every website you visit.

Don’t use Hotel / Insecure WiFi when traveling. Don’t make do banking or make any online purchases and you may not even want to check your mail as insecure wifi can be used to steal your userid/password.

Burner Phone

When you travel overseas consider getting a “throw away” or “burner” laptop and phone. Don’t put critical personal, financial or business information on devices when traveling. The devices are likely to get compromised.

17. Restrict Remote Access

Don’t let anyone (or anything) remote connect to your computer unless you are ABSOLUTELY sure who they are. Some online tech support service may offer to login and fix your computer remotely. Be absolutely sure you know who is connecting before you allow any connection.

Restrict PC Admin Access

Set up accounts on your PC that don't have administrator privileges and use the less privileged account day to day. Make a new account that doesn’t use the name admin, administrator, or root as the real administrator account. And of course, use a long password on the real admin account, and enable two factor if you can.

Change Admin on Other Devices

Consider changing ADMIN account names on all your devices wherever you can. Store those new Admin UserIDs and passwords securely. Many devices have an “admin” account. Rename that to anything else such as “my88login” “theBIGdude” or anything else you come up with. That will reduce the likelihood of brute force attacks (mass userID and password spamming) against the devices admin account.

Physically secure your computer, smartphone, credit card and other devices.

There have been plenty of movies and TV shows where someone has hacked an “unhackable” system by getting physical access to it – unlike most movie hacking, this has some basis in reality. Don't leave your devices in a public location unattended. They are an easy target for theft.

RFID Blocking Wallet and Purse

Consider getting an RFID blocking purse or wallet. It is getting easier for the bad guys to steal RFID credit card information from your wallet without ever touching you. RFID is radio frequency ID. The bad guys carry an RFID reader also known as a credit card skimmer (a device that can read your credit card without it leaving your pocket, purse or wallet). They carry the reader in large crowds or events and get close enough to you to get the info off the credit card. Even tinfoil around the card or ID you want to protect will block RFID skimmers.

Wipe or Destroy Your Old Electronics

When you no longer want your old computer, tablet, smartphone or USB drive, you need to securely dispose of it. Consider using DBAN, CBL Data Shredder, HDShredder or others to ensure that a drive has all its data securely destroyed. Alternately you can get out a hammer and pound until the device is entirely unrecoverable.

Potentially vulnerable devices

There is No Such Thing as Total Internet Security

Even if you do everything “right”, all it takes is one data breach at a store, government organization or financial institution (or even a friend or family member) to leave you open to attack. Even if you do almost nothing online, your personal information is now out there somewhere in cyberspace.

It's up to each of us as individuals to protect ourselves. We need to use the right tools and make sure we use good habits to minimize risk. We need to keep a close eye on our accounts and personal information. There are plenty of bad guys out there, but we don't need to make their job easier.

Make sure to share this post with those you care about to help keep them protected.

We know this is a long list, but if you take it section by section you can get it done.

August Neverman

This post was written by August Neverman IV. August is the Chief Information Officer and Information Security Officer of Brown County. He's served on several emergency preparedness teams during his tenure at a local hospital, as well as undergoing emergency response training during his time with the Air National Guard. He and his wife, Laurie, live with their two sons in a Green Built, Energy Star certified home with a permaculture twist.

Other preparedness posts you may find useful:

Similar Posts

24 Comments

  1. Oh my! I just made a password that would take “2 quintillion years” to figure out!

    Thanks Laurie for this important information.

    1. You’re welcome, Vickie. It should probably be noted that the password hack time on that site is estimated for a single processor, and nowadays hackers typically use banks of processors, so the time required would be lower, but you’re probably safe with 2 quintillion years. 🙂

  2. Do you have any recommendations for anti-virus software? In addition to the malware bytes, etc? Like Norton or McAfee?

    1. I asked my husband for his current recommendations and updated the post. Here’s what he suggested.

      If you are looking to step up your PC security purchase one of these:

      1. Webroot SecureAnywhere (protect up to 5 devices) ANNUAL (4.3)
      2. Symantec Norton AntiVirus Basic (5 devices) (4.1)
      3. Kaspersky Antivirus 5 devices (4.1)

      There are others such as: BitDefender, McAfee and new competitors such as Carbon Black and Heimdal.

      Android smartphone: get Bitdefender, Norton, Kasepersky or Avast there are free versions. Every android should have anti-virus.

      1. How about for Mac and iPhone? Does your comment below about keeping your OS up to date cover that typically? Note – I just got malware on my Mac. 🙁

        I would also like to know what you think about something like Lifelock vs putting freezes on your credit. I read today that some think that’s a better way to go…but of course it could be more cumbersome. Thanks!

        1. Regarding MAC/iPhone yes you need to keep your OS up to date. For the MAC you will also want Anti-Malware such as: BitDefender, ESET, AVG or MalwareBytes. You can also put MalwareBytes on the iPhone (iOS).

          Regarding Lifelock vs do it yourself. You can do it yourself but… you wont likely be able to get $1,000,000 in financial loss insurance that the top 5 identity protection providers include. They also provide professional assistance if your identity is hacked, plus other monitoring and services. Some of their services are not feasible as “do it yourself”. If you don’t have the money – do it yourself is possible and better than nothing, but if you have funds, even the lower end Identity Protection Services can provide you some protection in a world where breaches of 100 million+ userids and password is commonplace. As you put it, manual protection is at best cumbersome and at least somewhat risky especially if you take into account the $1mil in insurance. If you can afford it, look at the providers.

  3. Laurie as always your posts are timely and appropriate. We now use our smart phone, tablet & laptop via wifi, for entertainment, banking and a majority of our shopping.
    Thank you for this useful information.

    1. You’re welcome. The last time there was a big attack we looked around for information to share, but very little of it was focused on internet security for the home user.

  4. Laurie,
    I have an iPhone, am I okay?? Or do I/can I use antivirus on my phone??
    Great post, I use to use Kaspersky but hubby prefers security based in the USA.
    Thanks!
    Kat

    1. While iphones are generally considered secure, there have been some issues with malware inserted in apps and other problems. This post has a good discussion – http://www.macworld.co.uk/feature/iosapps/is-ipad-iphone-ios-safe-xcodeghost-what-security-software-need-3453938/

      Make sure to keep your OS updates up to date, and they should take care of your antivirus needs for you. Also, two part authentication on key accounts is still highly recommended.

  5. Great and timely post, thank you to August for chiming in. I have Android, and a previous carrier told me AV would only slow my phone down. Now I am curious. We use Zone Alarm for the laptops, I have used both free and paid versions and have always been pleased with service. I wonder which free AV’s August would recommend for android. I was not aware that Kaspersky, et al offered free android versions.

    The Equifax site would not tell me if I was affected or not, but gave me a date to come back to sign up for free credit monitoring, as you mentioned. It’s a bit of a cluster overall. They have now said that signing up does not affect taking part of a lawsuit. Equifax is on a downward spiral at this point. But who’s to say the others won’t face the same thing in the future?

    Thanks Laurie and August!

    1. You are most welcome, we are glad to help.

      Regarding AV on smartphone: Yes anti-virus will slow your phone (at least some) but it a trade-off we would make any day (a bit slower to reduce risk). I have AV installed on Laurie’s Samsung. There are many good Anti-Virus/Anti-Malware providers- get any of them with a positive ratings such as: BitDefender, McAfee, TrendMicro, Norton, AVL, Avast, Sophos and so on.

      Regarding Equifax – Oh yes, Equifax pretty much did a text book insert foot in mouth and swallow. Regardless: even if you were not impacted I still recommend you get separate identity protection insurance (not just credit monitoring) for everyone in your family. (This includes kids as unfortunately children are targets, and we rarely check their credit / identity status). The odds are every year you have a 1 in 3 chance of being a victim of cyber-crime and every hour there are about 2000 identity related thefts. So be safe out there.

      Regarding the lawsuit part, we are not lawyers and don’t play them on TV either. I suspect we will be able to participate in a class action regardless of the click, but we suggest you get advice from a trusted lawyer, not the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *