Small business and home computers are at a distinct disadvantage in today’s web-based world of communication. The problem is that when you have no dedicated IT support staff or know-how, it is easy to get compromised by viruses and malware, often without even knowing it. The cost and downtime of having to take your computer in to get fixed is an issue, especially if you rely upon your computer(s) for day-to-day business.
They key is in prevention. Knowing some basic ways to protect yourself can help prevent problems from arising in the first place.
Any computer connected to the Internet is susceptible to a wide variety of attacks. Today’s attackers are more interested in compromising your computer without you knowing it than the attackers of 5 to 10 years ago, an era where their primary goal was to make your systems crash.
Today, a compromised computer could be part of what’s known as a botnet – a large network of computers that can be bought and sold on the global black market and used to launch attacks on larger targets such as governments and businesses. Alternately, if a computer is compromised, it could be sending reports of everything you do and type (including online banking and email) to someone somewhere else in an entirely different country.
Scary, right?
Viruses and Malware
The most important step to take is making sure your computer is running a trusted, up-to-date antivirus and malware solution. There is no longer any need to pay a company for this software. If your computer runs Windows Vista or Windows 7, you can install the free Microsoft Security Essentials suite which will help safeguard you from both viruses and malware, and also provide you with firewall protection from targeted attacks.
Alternately, there are other trusted, free solutions such as Avast! and AVGFree. These tools will actively protect your computer while surfing the web, checking email, and downloading files.
It is crucial to let these tools keep themselves updated, which all of them will prompt you to do on a regular basis. Another good practice is to also run full system scans with these tools on a weekly basis in case something did sneak by and infect your system. You can configure these tools to scan your computer at night when you aren’t using it, and in most cases, they will be able to repair anything they find.
A Dangerous New World
It’s important to realize that threats are no longer targeted mainly at Microsoft Windows-based computers. There are growing numbers of attacks on Apple computers, iPhones, and Blackberries because these devices gain more market-share every month and contain avenues to valuable information such as bank account and email passwords.
Best Practices
Remembering passwords can be a nightmare, but it is very important to choose passwords which cannot be easily discovered. Today’s sophisticated hackers have scripts which can try multiple password combinations to the tune of millions per minute. This makes simple passwords such as ‘banana123’ very easy to crack.
Passwords should not be reused for multiple web site and email accounts. They should be complex, and should contain at least:
- 2 uppercase letters
- 2 lowercase letters
- 2 special characters
- 2 numbers
What to do?
So how are you expected to keep up with all these? Create a ‘mnemonic’ system which makes it easy to remember. For example, come up with a theme for your passwords and a method of making them complex but easy to remember:
Password theme: Baseball teams
- Think of a baseball team you will remember, such as the Baltimore Orioles.
- Remove any spaces and add an exclamation so it becomes: BaltimoreOrioles!
- Replace vowels with numbers and special characters: B@lt1m0r3Or10l3s!
- You now have a very secure password!
But how are you supposed to remember one of these for every web site you have an account on?
Make it easy by using the same mnemonic system above, and add a trick for customizing that password to a web site. For example:
- Your password for your Gmail account is B@lt1m0r3Or10l3s!
- Customize it for using with Gmail: B@lt1m0r3Or10l3s!_gm@1l
- Now you can reuse the same password for Facebook, but customized:
- B@lt1m0r3Or10l3s!_f@c3b00k
- Or for Yahoo: B@lt1m0r3Or10l3s!_y@h00
In other words, you add the name of the web site to the end of the password, but convert vowels to numbers and special characters:
_yahoo becomes _y@h00
Once you get used to that system, you will be much safer from your online accounts getting hacked, and you won’t have to worry about remembering entirely new passwords for every web site.
Being Aware & Secure Online
Another common threat you face is from targeted attacks known as Phishing attacks. This can be anything from someone calling you saying they are from your bank and they need your password to reset your account security, to a valid looking email with a malicious link in it, which takes you to a web site that silently installs software to turn your system into a part of a botnet.
The most compromised web browser is Microsoft’s Internet Explorer because of the way it is tied into Windows. It is a good idea to use a stand-alone browser such as Mozilla Firefox or Google Chrome, which can go a long way towards preventing many threats when you are surfing the web.
In Summary
A computer can never be 100% secure from potential threats unless it is turned off. But following the steps outlined above and keeping an awareness of new threats you might face online can go a long way towards protect you, your computers, and your business.
Resources
- National Cyber Security Alliance
- US-CERT’s guides for non-technical computer users
- Ready.gov’s cyber security resources