It’s not easy protecting your devices and data these days.
Ransomware, e-mail scams, identity theft, hacking attacks, massive data breaches – the news is filled with stories of the security threats that consumers, businesses and governments face. When even the National Security Agency can’t keep its crucial information secure, you may rightly wonder what a person can do.
“I don’t envy the average consumer who has to stay on top of these things,” said Marcin Kleczynski, CEO of Malwarebytes, which makes anti-malware software.
Consumers and businesses have been bilked out of billions of dollars and lost access to valuable files and data thanks to malware and online scams.
There are simple steps you can take to make your devices and data more secure. The top advice from security experts: Don’t expect any one step to completely protect you. Instead, think of the steps as lines of defense.
▪ Assess your risk. Someone working in the political opposition in Egypt is going to have a different level of risk than the average American. Someone who spends much of her life online is going to have more at risk than someone who goes online only occasionally to check his e-mail. The more at risk you are or the more sensitive your data, the more steps you’ll likely have to take to protect yourself.
▪ Back up your data. This is perhaps the most critical step you can take, because it helps ensure against not only security threats but also hardware failures. A malware infection becomes much more tolerable if you can just wipe out your computer and reinstall everything from a backup.
It’s smart to back up regularly, so that you can restore the latest changes you’ve made to your device or the latest data you’ve added. But it’s also important to ensure that the hard drive or service you use to back up your computer isn’t always connected to it. The latest versions of ransomware, a type of malware that encrypts data and extorts users for money to unscramble it, can jump from a PC to attached drives, potentially affecting backups as well.
You can avoid such problems by disconnecting your hard drive after it backs up your computer; burning your data to DVDs; or using an online backup service like Carbonite that only connects to your computer periodically and keeps multiple versions of your data.
▪ Keep your software up to date. Much of the malware in circulation exploits security holes in operating systems, browsers and plug-in programs like Adobe’s Flash. It’s important to install security updates to those software programs because they close those holes.
▪ Run anti-malware software and keep it updated. Anti-malware software is far from perfect. Research indicates that most programs do a pretty good job at catching viruses that have been in circulation for a while – and a pretty lousy job at identifying and eliminating novel threats. But anti-malware is usually better than nothing – as long as you don’t rely on it as your sole means of defense.
▪ Be careful with your passwords. Key advice from security analysts: Generally, the longer the password and the more random the characters used, the better. And don’t reuse passwords, at least not with the accounts that house your most valuable information.
Of course, following such advice can make it difficult or impossible to remember passwords. One thing that can help is a password manager. Programs like LastPass and 1Password can store all your complicated passwords, help you create new ones and allow you to access your list on different devices.
▪ Be careful with social media. What you say on Facebook doesn’t necessarily stay on Facebook. Scammers can use information they glean about you from your social media posts to impersonate you to scam money from your friends and relatives or your company. They can also use that information to crack your passwords or the security questions that many companies use to authenticate users who want to reset their passwords.
That doesn’t mean you should close your Facebook and Twitter accounts. But it does mean you should think about what you post and who has access to it.
▪ Think before you click. A common source of malware is through e-mail links and attachments. Scammers have gotten pretty good at sending out e-mail that looks like it legitimately came from your bank, and hackers have frequently been able to use malware to hijack consumers’ accounts to send out e-mails in their name to family members and friends. That’s why it’s a good idea to be skeptical of any link or attachment you receive, even if it appears to be from your spouse or most trusted associate.
Instead of clicking on a link that appears to come from your bank, go to the bank’s website directly. Rather than open the attachment that appears to come from your friend, text or call the friend to make sure they actually sent it to you.
▪ Be skeptical. You should develop a “suspicious mindset” when you’re online, said Eugene Spafford, a professor of computer science at Purdue University who focuses on security issues. This extends beyond being skeptical of e-mail links and attachments to being careful about clicking on advertisements you see or visiting websites.
Advertisements for free software or notifications that urge you to download anti-virus programs can be vehicles for malware. And the internet’s pornography and gambling sites can be havens for malicious software.
“Moral issues aside, there are solid technical reasons why to not visit the seedier sites on the internet,” said John Dickson, principal at the Denim Group, a security consulting firm.
How to keep your information secure
1. Assess your personal risk.
2. Back up the information on your devices.
3. Keep your software up to date.
4. Run anti-malware software (and keep it updated).
5. Don’t ignore advice on creating strong passwords.
6. Watch what you share on social media.
7. Think before you click.
8. Be cautious online.