1. Physical Protection
One of the easiest ways to protect yourself from criminals and computer viruses or other malware is to install a physical (hardware) firewall/router. These devices are your first line of defense and can be purchased at almost all major electronics retailers and local computer shops. They work by blocking incoming, unsolicited network or internet requests. For example, a virus trolling the Internet wouldn't be allowed to enter your network under its own power if a hardware firewall was in place. A firewall/router may NOT be able to block malware, however, if you [un]intentionally download it; that's where section two and the "software firewall" are covered. Expect to pay $40 to $80 for entry-level hardware firewall/router models with an adequate 3-4 year life span. More expensive models will have features such as wireless connectivity.
Networks and the Internet aren't the only place malware originates. If you have a friend with an infected computer and they burn a CD or share software with you, there is also significant physical risk. Connecting MP3 players, Cell Phones, and other devices introduce risk as well. To mitigate this risk:
- Only insert discs, drives, or other media into your computer if they've come from a reputable source
- Disable auto-run features when media is inserted; instead, allow the computer to prompt you for an action
- Be selective when connecting to physical or wireless networks. Use encryption/passwords when available, and refrain from connecting to wireless networks that use obscene, strange, or default network names (like "linksys" or "dlink")
- Connect devices like phones and MP3 players to as few computers as required; NEVER connect them to public computers.
2. Software Protection
If the first line of defense fails (above) or if you inadvertently find yourself in a compromising situation (explained in #3), the proper software protection can mitigate the likelihood that your computer and sensitive personal information is compromised.
Follow these steps to ensure your computer is as safe as possible:
- Update applications and software regularly or set them to auto-update, especially if they interface with a network, like Internet Browsers and JAVA components, Media and Video Players like 'Flash' or 'Reader', Music Downloaders, Mail Applications, Online Meeting or Chat programs, etc.
- Remove programs you do not use or need, such as JAVA or 'Flash'. It's been estimated that in 2013, over 90% of all computer infections stemmed from simply visited a web page containing malicious JAVA code. You can even be infected from a trusted web site if that site was 'hacked' or compromised.
- Make sure your Operating System (like "Windows 7", "MacOS", "OS X", etc) is up-to-date, and installing software updates automatically.
- If you are using unsupported Operating Systems like "Windows XP", immediately consider switching to a newer, supported platform capable of automatic security updates.
- Install an appropriate Anti-Virus (or Anti-Malware) application. Most reputable vendors and some Operating Systems manufacturers provide free Anti-Virus applications that work well.
- Install and use Spyware protection if it isn't already bundled with your current Anti-Malware application.
- Make sure smart phones and other smart devices on your home network are also updated to the latest software versions - including your physical network equipment like firewall/routers, TV streaming appliances, DVR's, Networked Printers, Network Storage, etc.
3. Avoiding Compromising Situations
During the past few years, criminals have been targeting users rather than our computers. They've found the average user can easily be fooled into willingly providing sensitive personal information and/or installing malware.
Viruses, Trojans, Malware, Spyware, and Phishing Explained
Malware can be classified as any type of computer code that is designed for malicious purposes. Many people refer to all malware as "viruses"; however a virus is only one type of malware. A conventional virus is computer program that is able to replicate itself and infect additional computers - like through the sharing of programs, disk drives, etc. Trojans and Spyware, on the other hand, may or may not replicate themselves, and can be caught by unknowingly downloading or installing infected software. Trojans and Viruses can be controlled remotely to stage attacks on other computers in addition for their potential to collect your personally sensitive information. Recently, criminals have been increasingly using malware to encrypt infected computers ("ransomware"). This act renders the data essentially useless until the victim pays a ransom to unlock their system.
Spyware references code that is designed to collect information about you - whether personally sensitive or not - and share that information with a third party. Some spyware might only collect information about your browsing habits (sites you visit, duration, links you click, items you shop for online, etc), and is typically deemed non-malicious (although still intrusive).
Phishing is the criminal attempt to lure you into a compromising position, often by disguising themselves as someone reputable, where you then willingly follow their directions (perhaps clicking a link) or share sensitive personal information. The most common origination of phishing is via E-mail, such as a message asking you to respond with your current credit card information as your card on file is about to expire, or perhaps luring you to a fake website where you enter the information. See Also: E-Mail Safety
Social Networking Safety
Increasingly popular among criminals is the use of social networking to spread malware. These tricky situations can be easily avoided by using a single tip: Don't click/open links sent to you in E-mail/Social Networking Messaging by friends/family if they are unsolicited, strange, and/or seem out-of-character for the sending individual. Instead, text, call, or write them back about the link - especially if they don't realize their computer and sensitive personal information or passwords may have been compromised.
In addition, avoid installing and using 'apps', 'features', 'widgets', 'plug-ins', etc. If you must use an 'app', read the terms of service first and understand the permissions it will require. What appears to be a simple enhancement may actually compromise your security, and that of your friends.
Determining if a Web Site is Reputable
Malicious websites sometimes have the ability to infect your computer with malware; therefore, it's crucial to be able to identify and then visit only trustworthy websites. A reputable website is one that is operated by a reputable business, organization, or individual. The following criteria may suggest the website is NOT reputable:
- The domain name ("www.domainName.com") is inappropriate or obscene
- The domain name is unconventional or strange
- The domain name ends with a dot and two characters, like .cn, .bz, .ru, etc. This designates the website originates in a country other than the United States, and has a higher chance of being malicious as it is not regulated by the US Government. A site ending in .us is United States-based, and .ca is Canadian-based.
- The website has poor English grammar, spelling, or punctuation
- The website is poorly designed or "too" simple given the party's reputation
- The website has too many advertisements
- The website features advertisements that are inappropriate, unethical, or "tricky" in nature
- The website features key words and/or phrases, but not actual cohesive content
- The website pops up a message that your computer is infected with viruses or spyware, and you must take action to fix the issue.
If you believe the company/organization/individual is reputable but the website you are on doesn't appear so, you may be a victim of criminals that take advantage of domain name misspellings. If in question, search for the website using a popular search engine, such as "Google", and follow reputable links from there being careful not to use links found in advertisements.
If you find yourself on a website that isn't reputable - especially if it pops up a message that your computer is infected with viruses and requires immediate attention - leave the website, or close your Internet browser and re-open it. If you cannot close the website for any reason, restart your computer immediately using any means necessary.
Transmitting Personally Sensitive Information
If you've initiated a connection to a reputable website that requires you to submit personally sensitive information (such as paying your utilities online, credit cards, tuition, etc.), make sure you are protected from potential data intercepting criminals by using these tips:
- When entering passwords, ensure your password is hidden with symbols, similar to the following: "••••••". If these symbols are not used, this may indicate the website is not reputable.
- Log-out of the web site, then close your web browser completely when you're done.
- Avoid using features that prompt you to save your credit card or account information, username, or addresses. These features store information on your computer that could later be read by a criminal.
- Before entering personally sensitive information, ensure the website uses encryption.
- Encrypted sites begin with "https://"
- Ensure the site is validly encrypted: Many times you'll see some type of green indicator or closed-padlock icon in your web browser when visiting "https" pages; red or pink text or open/broken padlock icons indicate you should NOT submit personally sensitive information on this page.
||Microsoft Internet Explorer
Downloading and Installing Programs (including those required to display web sites/pages correctly)
There will come a time when you need to download a program from the internet, or a script or component to view a webpage. Before doing so, remember that viruses and spyware are most commonly transmitted using these methods.
Suggestions when downloading software or accepting/allowing scripts or components to run:
- Only allow content that you initiated; NEVER allow additional or suggested content
- Download content only from reputable web sites (examples: download.com, adobe.com, microsoft.com, etc)
- Stick to main-stream downloads; stay away from strange or obscene file names
- NEVER download software that sounds too good to be true
- Downloading software from sharing services like KaZaA and BitTorrent may expose you to additional risk
- When allowing scripts/content to run, ensure they are "signed". Unsigned items will typically prompt for your permission first before running; be sure to read warnings carefully before overriding actions that were prevented. Unsigned content may expose you to additional risk.
- If still in question, use a popular Internet search engine to find ratings and reviews of the software.
Always double-guess your decision to download software or allow a script or component to run. Re-load the webpage to test that you don't need the script or component. Or, visit another a website that offers the same information. Search additional reputable websites for the same or similar downloads to ensure the download itself is reputable. Only download when you've done enough research on the program, its source, and you feel comfortable doing so.
Safely Sharing Information
Sharing Software and Files
If you'll be sharing software and/or files with someone, it's critical to know where the media has been that will be transferring this information. Ensure your computer software is up to date and you have anti-malware software installed and current, all as described in section two.
Sharing Sensitive Personal Information
If you find the need to communicate sensitive personal information to someone, the best method is in person or over the phone. E-mail may be the worst possible method and by default is in no way secure; saving information in files and transmitting them on CD's or Drives offers minimal protection. If you MUST share information, use a method such as PDF that has optional password encryption before sending files to someone else.
See Also: E-Mail Safety
Passwords & Security
Compromising your password(s) is one of the easiest ways for criminals to gain access to your sensitive personal information. When working with passwords, take the following into consideration:
What to Do if you Suspect an Issue
- Whenever possible, use a "Strong" password. Strong passwords contain not only lower case letters, but also upper case letters, numbers, and symbols (if allowed). Strong passwords should be at least 10 characters. Don't use passwords that contain information about you, for instance birthdates, age, first name, last name, address, hometown, school, favorite color, movie, actor, etc., as these can be guessed more easily. In addition, stay away from words found in a dictionary (of any language).
- Use different passwords for different accounts. If you must re-use a password, use them at similar risk levels. For instance, re-using your E-mail password for your Online Banking is a bad idea, as your E-mail password is more likely to be compromised therefore increasing risk to your Online Banking account(s) as well.
- Change your passwords as frequently as you can easily remember them, at minimum, yearly.
- Never share your password with anyone. If you must share your password, change it immediately afterwards.
- Don't store your passwords on your computer unless a reputable, encrypted password storage program is used.
- Don't allow auto-saving or auto-login of information or passwords used to access personally sensitive information.
- Lastly, don't use the same passwords at work as you do at home.
If you believe your computer, or data on your computer, has potentially been compromised:
- Shut your computer down using any means necessary.
- If you must continue to use the computer, disconnect it from ALL networks including home and wireless networks, and the Internet.
- Disconnect and do not use any computer external media, including hard drives, flash drives, etc. that were plugged into the computer in question.
- Use another trusted computer system to change passwords for any critical websites like online banking, online utilities, credit cards, etc. Do not use any passwords that you had previously used.
- To prevent issues from spreading to your friends and family, use another trusted computer to change your password for all of your E-mail and social networking systems. Don't use any passwords that you had previously used.
- Keep an eye on your financials, like online banking and credit/store card accounts, etc, for several months. Criminals may give you a false sense of security by holding onto your information for several months before actually using it.
- If you believe your financial information was jeopardized, contact your financial institutions immediately.
- Take your computer (and any devices previously connected to it, including disk drives, flash drives, etc) to a local computer repair shop for inspection and malware removal. Spending $50 to $100 or more for this service has the potential to save several hundreds of dollars more in fraud, time, and frustration in the future. Make sure to ask your technician to provide you with a detailed list of any malware found and the implications of that malware so that you can communicate these to help assist your financial institution(s) and potentially law enforcement.