Security is always a trade-off with usability. The only completely secure computer is one turned off, in a safe, in the ground, guarded by barbed-wire and armed personnel. Unfortunately this hypothetical computer is also completely useless.
Computer security may be an entire highly-specialized field, but there are a few very effective ways to protect your devices and data.
Implement a Credit-Freeze
Putting a preemptive credit-freeze in place might sound overly cautious, but it’s also very effective. Though unfreezing can take some time or require a fee, you probably don’t apply for credit all that often. Plus, a freeze is usually cheaper and more secure than using a “credit-monitoring” service.
Use Two-Factor Authentication
Two-factor authentication is important for banking and other sensitive accounts, where you’re required to enter something besides just your password, such as receiving a SMS text message on your phone each time you login from a new device. It’s a very effective extra layer of account security, and something that most banks as well as Microsoft, Google and Facebook support for their accounts.
Install and Keep an Active Subscription to a Reputable Anti-Virus Program
This applies to Macintosh computers and Android cell phones, too. For a good comparison of Anti-Virus products check out av-comparatives.org
Keep Adobe and Oracle Products Up-To-Date
More than 50% of viruses exploit old versions of Adobe Flash Player, Adobe PDF Reader, or Oracle Java to get into a system. Nearly 10% of Macintosh computers worldwide were infected at the same time during a single Oracle Java virus outbreak.
Use Complex Passwords
Your passwords could definitely use a security increase. Modern desktop password crackers can run at 500 million guesses a second, and a hacker can rent an Amazon cloud cracking array that runs billions of guesses a second for only a few dollars. To see how long it would take a massive cracking array to break your password, check out Steve Gibson’s excellent Password Haystacks website.
Use Made-Up Security Question Answers
Most spouses (and many companies that track your online footsteps through the ads that websites display) will know your “security questions” such as your aunt’s birthday (probably publicly available on Facebook) or favorite vacation spot (search history), etc. The best defense for this using a password management software such as LastPass to make up completely random answers to these questions. LastPass is free for Mac/Windows and works with Internet Explorer, Google Chrome, and Mozilla Firefox Internet browsers.
Use a Password Management Application such as LastPass
LastPass stores all your passwords and important secure information behind a single, strong-password, and will generate extremely complex and difficult to break unique passwords for each website (so that someone who breaks into one does not have access to any others), and will automatically enter those passwords for you so you don’t even have to remember them. LastPass is available on iOS, Android, Windows Phone and Blackberry too for a subscription fee of $12/year. We store all of our passwords and sensitive information in LastPass, and LastPass has been audited by third-parties we trust to verify that the information encrypted in LastPass is not even available to LastPass (LastPass can not read your information or give you your information if you forget your password, as it is directly encrypted on your local computer by your “master password”. The “Master password” is the password you use to unlock your LastPass password vault when you login to your computer).
Encrypt your Physical Devices
Unless they are encrypted and have strong passwords themselves, anyone who has physical access to your devices (and knows what they are doing) is going to be able to break in. Apple iOS 9 and newer has whole-device encryption enabled by default, and if you set a 4-digit passcode it will be strongly encrypted. Windows 10 Professional (a free upgrade from Windows 7 Pro) has a built-in whole-device encryption called BitLocker which can be enabled to encrypt everything on the computer, and thus requiring you to enter the decryption password whenever the computer is turned on. This whole-device encryption is extremely effective at securing physical devices from unauthorized access, and also extremely effective at preventing you from accessing your own device if you forget the password (there is no back-door if you forget the password!), or if the disc gets corrupted. Thus having good, secure, tested backups is even more critical with encrypted devices.
Lock Down Physical Accounts
Preventing access to other accounts such as utilities and cell phone carrier accounts is actually much more difficult, because the security these companies have is often wholly inadequate. If you think you’re being maliciously targeted, often your only option is informing companies of the possibility of attempted unauthorized access and manually changing passwords and security codes. Verizon Wireless is the one of a few exceptions in this area as Verizon now requires unique account passwords with image-verification. If you know your Verizon security image this extra step can greatly reduce the chance you’ll accidentally enter your credentials into a fraudulent website and fall victim to one of these so-called information-harvesting “phishing attacks”. (So-called because they are “fishing” for your personal information).
Avoid Phishing Attacks:
- Don’t click links in Email or Advertisements. Standard security mantra is to never click a link in an email, even if from someone you know or a company you do business with. Email is trivially easy to forge. Always type in the website manually into your web browser and login from there instead of clicking a link in an email or an advertisement, as these links can send you to a forged website that will capture your login information. Image-verification is helpful to avoid these social-engineering (“phishing”) hacking attempts to get you to enter your login credentials or share your personal information with a website (or person on the phone) impersonating a company you do business with. Verizon Wireless’ image-verificaiton is helpful to fight phishing attempts, as you choose an image ahead of time, which Verizon will display to you each time you login (so that you can verify that you are actually entering your password at the Verizon website and not a site that just looks like Verizon).
- Verify the Security Certificate of Websites You Visit. Checking the security certificate of the websites you login to is very important, as the certificate verifies that you’re visiting a website owned by the company you think you are. Most browsers have a padlock icon next to the address-bar at the top of the browser that you can click on for more information about the website and it’s security certificate:
Keep a Backup Encrypted Off-Site
Okay, so this is # 11, but keeping backups isn’t going to help keep you from getting hacked, but it will keep you from losing everything to ransomware. Remember, if Fortune 500 companies can get hacked, so can you. Keep an off-site backup of your data using an automatic service such as Carbonite or Mozy, and test them periodically to make sure they’re working.