10 Tips for Safer Online Computing

Technology is wonderfully amazing!! Sit back and think about it for just 10 seconds... can you imagine working, playing and relaxing without your laptop, iPhone, iPad, etc? When is the last time you checked your email, Instagrammed (that's a verb, right?) or surfed the web? You're reading this so I know the answer already. We're all connected all the time.

Being connected has it's obvious benefits, but it also introduces a significant amount of risk. Malware, spyware, viruses, hackers... these are all things that can ruin an otherwise great day. But they don't have to, if we're doing the right things! To help keep you safe, I created a list of 10 simple things that everyone can (and should) be doing. There is no rocket science involved here. Mostly common sense infused with many years of my own experiences.

Use (Superman) Strong Passwords

Notice I didn’t say “Create [a] Strong Password”. First and foremost, you should avoid using a single password for everything. Secondly, a strong password is one that is not found in the dictionary. It also isn’t something that can be easily guessed by those who know you (even those who know you really well). Hint: using your cat's name or birthplace is a bad idea. Most password systems require at least 8 characters, so that’s a good starting point (longer is better). It should also include a combination of uppercase letters, lowercase letters, numbers and special characters (&, $, #, etc). The best passwords are those that appear to be very cryptic to most, but is easy for you to remember. For example, it could be the name of your favorite book, but slightly modified like “Th3M@rt1@n”. Bottom line: the best passwords are those that are meaningful to you, but very cryptic to others.

Never, Ever, Ever, Ever Share Your Password

Now that you have a great password, keep it to yourself! The second you share that password with someone else (even a family member or a trusted colleague), it has been compromised and should be changed... immediately! Hopefully that is common sense, so I won’t go on about that.

Change Your Passwords Often

Passwords are meant to be changed periodically. The frequency depends on two things: 1) system requirements (some systems require you to change your password every 90 days or so) and 2) the sensitivity of the system you are protecting. It is recommended that you change passwords to sensitive systems (i.e. banking, email, etc) on a fairly frequent basis. Once a year probably isn’t good enough, but every 15 days is overkill. Somewhere in the middle is probably perfect. I change passwords to sensitive systems every 60 days (and have considered every 30 days).

Manage Your Passwords

With access to so many systems and a different password (hint, hint) for each of those systems, keeping track of those can be a nightmare! There are plenty of password managers available. My preference (and recommendation) is 1Password. It works for Mac, Windows, iOS, Android, etc. 1Password is great for managing your website passwords, but it's also great for managing frequent flyer memberships, social security numbers, bank accounts, credit cards, etc. All of this is extremely secure using strong encryption. Best of all… it’s all kept in sync between your many devices! Add a password to 1Password on your Mac and it atomically syncs to 1Password on your iPhone. It takes all the sting out of password management.

Use a VPN Service for Protection (and Convenience)

I try to avoid using public WiFi hotspots as much as possible because they are simply not secure. Not to scare you too much but anything and everything sent and received over the average public WiFi hotspot (ahem, Starbucks) is accessible by anyone running free software. I’m certainly not suggesting avoiding them altogether, but if you find yourself needing to use them, keep security in mind. A VPN (Virtual Private Network) service encrypts all your traffic before it leaves your device and hits that public WiFi hotspot. Using a VPN service is easy. Simply sign up for one of many available (my recommendation is ExpressVPN). Once it’s set up, all you have to do is turn it on and use it. It’s that simple. A good VPN service (like ExpressVPN) works on all platforms… Mac, Windows, iOS, Android, etc. A VPN service can also give you access to content only available in specific countries. For example, you can easily configure your VPN connection to make it appear as though you are located in the UK or New Zealand.

Two-Factor Authentication is Our Friend

In most cases, using a simple username and password is no longer good enough. Earlier, I recommended changing your password often to protect against wandering eyes of a coworker. If you change your password every 60 days, and someone happens to guess your current password 2 days after you change it, they have full access to that system for another 58 days. Yikes! Two-factor authentication not only requires your username and password to log in to a service, but it also requires physical access to a predefined secondary device (such as a cell phone). Not every service provider support two-factor authentication (yet), but all the big players do (Apple, Google, Microsoft, etc), and even most of the smaller companies. if it’s available, turn it on!

Think Before Opening Email Attachments or Clicking on Links

Almost weekly, I hear from someone who has a compromised computer, now infected with malware, viruses, etc. As I start asking routine questions about what happened to lead up to this, it very quickly becomes apparent to me that it all started by someone opening an email attachment or clicked on a link that they shouldn't have. My rule of thumb is that if you aren’t expecting an email from the Prince of Mumbai, even if it sounds enticing, don’t open it! Delete it immediately and forego the $20,000,000 that he promised to send you. Common sense should be used.

Keep Your System Software Current

Software isn’t perfect. It’s usually peppered with bugs, security holes, etc. The best way to fight security threats is to always stay current with your software. This isn’t limited just to your Operating System (macOS and Windows), but your other apps as well (Microsoft Office, iWork, Adobe Creative Suite, etc). Believe it or not, even older versions of your favorite FTP software can be a magnet for intruders to gain access to your system. Oh, and one more benefit to staying current with your software… new features! Believe it or not, developers love giving you new features as often as possible. If you're not staying current, you can’t take advantage of these new features.

Use Hard Drive Encryption

Every modern Operating System is secure, right? I mean, they do require a password to log in, so I’m good, even if I lose my laptop, right? WRONG!! That password that you enter to log in is only useful if you are logging in using the Operating System on your hard drive. Here’s another way to put it. If I picked up your laptop at the airport, pulled out your hard drive and connected it to my laptop as an external drive, I now have full access to everything on that hard drive… no password required. macOS (formerly known as OS X) and Windows both have drive encryption features built-in, but it needs to be enabled. For the Mac, this can be done in System Preferences > Security > FileVault. For Windows, search for “Device Encryption” in the Control Panel. If you don’t have Device Encryption, you’ll want to use BitLocker.

Backup, Backup, Backup, Backup and Backup

A good backup doesn’t prevent others from snooping your data, but it certainly helps to protect you against data loss. I am still shocked at how many people don’t have a current backup plan! If you aren’t backing up, then I assume you are ok with losing data. Don’t be that person! If you aren’t sure where to start, contact us today to help.

Posted on September 30, 2016 by Kevin Allgaier and filed under How To, Opinion, Mac, iPhone, iPad.