Take Care of the Basics
Let's cover some fundamentals of cyber security. By understanding a few concepts and taking a few simple steps, you can make your system much more secure.
Here, the 80/20 rule applies in a big way. By expending 20% of the total effort to make your system ultra-secure, you can improve your security by approximately 80%. That's to say it only takes a little time and effort to make huge strides in security!
The rank and file PC/tablet/phone user isn't protecting national security, so these first simple steps go a long way towards making you the kind of target a hacker will pass up to move on to easier systems.
First you should understand one fundamental principle that applies to all cyber security efforts.
The Cyber Security Triangle
There is a long-standing precept in cyber security illustrated by this image. The triangle represents a continuum with three points: security, functionality, and convenience (or ease of use). Any given computer system designed with security in mind falls somewhere on this continuum. The red ball represents where on the continuum the system lies.
Consider making a system more secure, represented by the red ball moving toward
When you do that, you're forced to lose some convenience and/or functionality.
An example of this would be to make your password more complex.
This makes your login less prone to cracking (more secure), but makes it harder to remember and enter (less convenient).
On the other hand, if you make the system more capable by adding more programs, you move the ball toward functionality, but security and ease of use are affected. Security is diminished because you've created more opportunities for a hacker to find a vulnerability, known as increasing the attack surface. More programs also mean the system is more complex, and therefore more difficult to use and master.
Why is this important?
If you make changes which improve your security, you can expect to make your system a little less convenient, and sometimes a little less capable. This is the price we pay for better security.
Most Common Exposures
So what are the ways we commonly expose ourselves to hackers?
Estimates vary, but somewhere around 90% of successful cyber attacks on personal or corporate systems are by phishing.
What is phishing? It's including a link in email that leads to an exploit if clicked. When you click on the exploit link, it takes you to a website location where malware is instantaneously downloaded to your computer. Once this has been done the malware executes, completing the infection and giving the hacker access to your system.
The perpetrator will do everything he can to make the infection invisible to you. Often, the infecting page won't display anything, but will quickly redirect you to a legitimate page. All you would see is a brief flash of the infecting page URL in the address bar before the legitimate page is loaded.
Solution: Don't click the link.
The best protection against phishing is prevention. Just don't click links which lead to the infection.
How do you avoid the bad links? The simplest way is to never click links included in emails at all. Of course, this is hardly a workable solution. We rely on email links to get things done--to see a friend's Facebook post, correct account details, make payments, etc.
So what can you do to avoid trouble?
- Hover over the link.
All common email programs show the destination URL when you hover:
Examine the link closely, especially the spelling of the domain. If the link isn't a domain you recognize as appropriate, don't click it. In this example, since the link is to facebook.com, you shouldn't have to worry about it, but if the domain were, for example,
faceboook.com(notice the extra 'o'), you'd avoid it.
Special note: Phishing schemes are becoming much more sophisticated. The email often looks legitimate based on theme colors and images. The perpetrator may even conduct some research on you via online searches to make the email appear to be coming from a friend.
Secure Your Passwords
You've heard it before. There's a reason it's important. Passwords are often cracked by use of brute force algorithm. A program is run which repeatedly tries common password variations and word combinations to break into a system.
Generally, the classic guidelines for passwords still apply. They are more secure if they:
- Are long - the longer the better, but practically speaking, around 10-16 characters will suffice when the other characteristics listed here are employed.
- Use combinations of upper- and lowercase letters.
- Include numbers.
- Include random punctuation marks.
- Include special characters, like ']' and '@'.
- Are changed regularly.
But these types of passwords are beginning to fall out of vogue in favor of pass phrases that are easier to remember. Such a password can often be brought to mind without using a cheat sheet.
An example would be:
Test your password creativity by using a website like How Secure Is My Password. Enter a password like the ones you like to use, and it will tell you how long it would take to crack using a brute force attack. (Note: don't enter actual passwords you use, only passwords similar to the ones you like to use.)
Because passwords should be changed regularly and should be unique for each login, employing these guidelines can still be daunting unless you use a password database like Keepass.
For more information about things you can do to protect yourself online, check out this list of top 10 things you can do to harden your systems!