The following is an excellent, informative article by Geoffrey Fowler from the
Wall Street Journal. It contains not only good information but lots of
excellent follow-up links throughout the piece.
Don’t Be Hacker Bait: Do This One-Hour Security Drill
5 Steps to make your digital self less attractive to hackers, phishers and
overly aggressive marketers
Don't feel helpless about digital security and privacy. Personal Tech columnist
Geoffrey A. Fowler shows five steps to becoming less of an easy target for
hackers, phishers and aggressive marketers. Photo: Monika Auger / The Wall
Street Journal
[cid:part1.01010903.09010405@outlook.com]
By
Geoffrey A. Fowler
Updated Feb. 3, 2016 3:13 p.m. ET
80 COMMENTS
<http://www.wsj.com/articles/do-this-one-hour-security-drill-5-steps-to-being-safer-online-1454528541#livefyre-comment>
Ask a hacker if your digital security is at risk, and the answer is always yes.
You could hide in a mountain bunker lined with tin foil and twigs, and somebody
still might drain your bank account.
It’s no reason to feel helpless. You can make yourself less of an easy target
for hackers, money-hunting phishers and overly aggressive marketers by
bolstering your security and data privacy. I’ll show you how to do it in an
hour or less.
The answer isn’t the antivirus software we were all trained to run on our PCs.
That can be useful to identify problems, and now antivirus is built into
<http://www.wsj.com/articles/windows-10-review-a-welcome-upgrade-perhaps-too-late-1438103014>
Microsoft<http://quotes.wsj.com/MSFT> MSFT -4.59 %
<http://quotes.wsj.com/MSFT> ’s Windows 10. But viruses don’t spread the ways
they used to—and the bad guys change their strategies so quickly, traditional
antivirus can’t keep
up<http://www.wsj.com/articles/SB10001424052702303417104579542140235850578>.
The foundation of smartphone and laptop safety is software updates, smarter
passwords and more defensive Web browsers. Then it comes down to learning a few
new digital habits to avoid being duped by criminals who exploit our own good
natures<http://www.wsj.com/articles/SB10001424053111904836104576556421692299218>.
If you suspect your computer is already in trouble because it’s slow or keeps
flashing shady-looking offers, your first step should be to check for malware,
damaging software you might have unwittingly picked up on the Web. I recommend
downloading the free MalwareBytes<https://www.malwarebytes.org/>, which does a
great job of finding and removing worms, Trojans and other nasty stuff on Macs
and PCs.
[cid:part10.03060908.02090805@outlook.com] ENLARGE
Then dedicate an hour, and work your way through this checklist, starting at
the top. Even if you only get through a few areas, you’re less likely to be
hacker bait.
▶
1. Update your software
Advertisement
Why it matters: Software changes constantly now, which can be annoying—but
helps address new vulnerabilities. The golden rule of security is that if you
install something, you have to stay on top of it.
Quick fix: Update your phone and computer OS, then move on to your apps. If you
browse the Web with
Chrome<https://support.google.com/chrome/answer/95414?hl=en> or
Firefox<https://support.mozilla.org/en-US/kb/update-firefox-latest-version>,
make sure they update automatically in Settings.
Updating software can be either fast or tedious depending on when you last did
it. (Before a major update, it’s also a good idea to backup your
device<http://www.wsj.com/articles/the-best-way-to-back-up-your-computer-1425404466>.)
On iPhone or iPad: Plug in your device and connect to Wi-Fi. Tap Settings, then
General, then Software Update<https://support.apple.com/en-us/HT204204>. To
update apps, tap the App Store app, then Updates in the bottom right corner. To
turn on auto updates, select Settings, then iTunes & App Stores, and then
toggle Updates to on<https://support.apple.com/en-us/HT202180>.
[Using a screen lock or fingerprint on an iPhone makes
sure its contents are encrypted.] ENLARGE
Using a screen lock or fingerprint on an iPhone makes sure its contents are
encrypted. Photo: iStock
On Android: Every handset maker handles updates slightly differently, but look
for Settings, and then System Updates. To update apps, go to the Google Play
Store app, then My apps, then Updates. To turn on auto updates, inside the
Google Play Store app, select Settings, then Auto-update
apps.<https://support.google.com/nexus/answer/2819522>
On Mac OS X: Open the App Store, and select updates in the
toolbar<https://support.apple.com/en-us/HT201541>. To turn on auto updates,
select System Preferences, then App Store, and check Automatically check for
updates.
On Windows 10: Select Settings, then Update & security, then Windows
Update<http://windows.microsoft.com/en-us/windows-10/getstarted-choose-how-updates-are-installed>.
Be sure Windows Defender is turned
on<http://windows.microsoft.com/en-us/windows-10/getstarted-protect-your-pc>,
unless you have a better third-party antivirus program.
Deeper dive: Update the software that runs your Wi-Fi router, an
often-overlooked back door for
hackers<http://www.wsj.com/articles/rarely-patched-software-bugs-in-home-routers-cripple-security-1453136285>,
either with its app or by pointing a Web browser to its setup page. Know what
I’d do? Just buy a new
router<http://www.wsj.com/articles/wi-fi-woes-time-to-upgrade-your-wireless-router-1422990004>—they
keep getting faster and easier to manage.
If you have smart home cameras, locks or thermostats, you’ve taken on extra
risk. So confirm they’re running the latest software, usually by checking their
control apps.
If you want to make sure all the third-party software on your computer is also
up to date, Flexera Software’s free and rather handy Personal Software
Inspector<http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/>
can scan a Windows computer.
2. Fix your passwords
Why it matters: A good password is truly all that stands between you and a
hacker. Using passwords the right way can contain the threat when sites get
compromised, and keep out snoopers closer to home too.
Quick fix: Go to your most-used Internet services and turn on what’s called
two-factor authentication. This way, they ask you for additional information
when you log in, and notify you if someone else is trying to access your
account. Start with the big five: Apple
ID<https://support.apple.com/en-us/HT204915>,
Google<https://www.google.com/landing/2step/>,
Facebook<http://quotes.wsj.com/FB> FB -5.81 % <http://quotes.wsj.com/FB>
(called “login approvals”),
Microsoft<http://windows.microsoft.com/en-us/windows/two-step-verification-faq>
and Twitter<http://quotes.wsj.com/TWTR> TWTR -7.33 %
<http://quotes.wsj.com/TWTR> (called “login verification”). Some banks also
offer this feature.
Deeper dive: To maximize safety, use a different password on every site—so if
one company is compromised, a hacker can’t use your stolen password somewhere
else. The best passwords are long, random strings of numbers and letters that
our overstuffed noggins can’t usually remember on their own.
I strongly recommend using a password manager
<http://www.wsj.com/articles/SB10001424052702303647204579545801399272852> such
as Dashlane or 1Password to collect and keep these passwords in sync across all
of your devices. (It’ll even let you print them all out, if you so wish.) This
takes a little extra setup but will save you time in the long run.
3. Encrypt your drives
▶
Why it matters: If you lose your phone or laptop, criminals or even governments
could access valuable information. Encryption makes it much harder to retrieve
anything without your
permission<http://blogs.wsj.com/digits/2015/12/04/does-encryption-really-help-isis-what-you-need-to-know/?mod=ST1>.
Quick fix: Add a password or fingerprint screen lock to your iPhone or Android
phone<https://support.google.com/nexus/answer/2819522>. That makes sure iPhones
and newer Android phones are encrypted. On older Android phones, you have to
turn on encryption
separately<https://support.google.com/nexus/answer/2844831?hl=en>.
Deeper dive: Password-protect and encrypt your computer. The Mac’s OS
X<https://support.apple.com/en-us/HT204837> and Windows
10<http://windows.microsoft.com/en-us/windows-10/turn-on-device-encryption>
both have it built in, though you have to turn it on separately. If you get an
external drive, even for backup, use a disk utility to encrypt that, too.
▶
4. Bolster your browser privacy
Why it matters: The browser is the No. 1 venue snoopers and aggressive
marketers use to exploit you. But there are ways to keep them at bay.
Quick fix: Start with a clean sweep of everything in your browser—sometimes
called “clear browsing data” or “remove website data.” Doing this will delete
passwords saved in the browser (which isn’t a safe place to store them), and
may require you to re-login to some sites that previously remembered you.
While we’re focused on security, this checkup provides a good chance to shake
off some unwanted marketers: Activate Do Not
Track<https://www.allaboutdnt.com/> in the settings for your browser and
install a browser extension like Ghostery<https://www.ghostery.com/>,
Disconnect or EFF’s Privacy Badger<https://www.eff.org/privacybadger> to block
spying ads and trackers.
Deeper dive: Disable Adobe Flash in your
browser<http://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/>;
it is one of the most common means of transmitting malware.
To further escape tracking by the ad industry and companies like
Facebook<http://www.wsj.com/articles/what-you-can-do-about-facebook-tracking-1407263246>,
go to aboutads.info/choices<http://www.aboutads.info/choices/> and request an
opt out from more than 120 participating companies.
5. Conduct an app census
Why it matters: The rise of the app economy means more businesses are watching
where you’re going and what you’re doing every minute of the day—which is both
a privacy and a security concern.
Quick fix: On your phone, check to see which apps have access to your location
and other data. Turn off access or delete any you don’t really use. (Bonus:
This will save you battery life!)
On iPhone: Go to Settings, then
Privacy<https://support.apple.com/en-us/HT203033>, and be sure to check
Location Services, Contacts and Health.
On Android: To review permissions based on category such as location in the
latest Android 6 (Marshmallow), go to Settings, then Apps or Application
Manager, and tap the gear icon and App
permissions<https://support.google.com/googleplay/answer/6270602?hl=en&ref_topic=6046245>.
On Android 5 (Lollipop), you have to check the permissions of each app
individually<https://support.google.com/googleplay/answer/6014972?hl=en&ref_topic=6046245>.
Deeper dive: Inspect your Facebook
apps<https://www.facebook.com/settings/?tab=applications>, and clear out ones
you don’t care about—many have your personal info. When I checked, I had 210,
including one called “How hipster are you?”
Perform the
Google<https://security.google.com/settings/security/secureaccount?pli=1> and
Facebook<https://www.facebook.com/help/securitycheckup> security checkups on
your accounts from any Web browser. You might be surprised how many different
devices you’re still logged in on.
Healthy Habits
The biggest security risk to our computers may be ourselves. Today’s hackers
try to trick us into giving them access to our computers. “People need to think
before they click,” says Stu Sjouwerman, founder of KnowBe4, which trains
corporations to avoid attacks.
Be on alert for phishing schemes, which can easily impersonate a friend or
family member. Don’t click on links or open attachments in emails you weren’t
expecting. And ask people who sent them, “Is this really you?”
Use secure websites—marked by “https” at the front—particularly any time you
enter payment info. You can force your browser to use it by installing HTTPS
Everywhere<https://www.eff.org/https-everywhere>.
When you’re on a public
network<http://www.wsj.com/articles/the-future-of-public-wi-fi-what-to-do-before-using-free-fast-hot-spots-1453232580>,
consider using a VPN—HotSpot Shield<https://www.hotspotshield.com/> for
Windows and Android, Cloak<https://www.getcloak.com/> for iPhone and Mac users.
Use PayPal<http://quotes.wsj.com/PYPL> PYPL -5.52 %
<http://quotes.wsj.com/PYPL> instead of a credit card on any site you don’t
know well enough to trust. And avoid paying online with debit cards, or putting
any account information in emails.
Need more help?
Can’t figure out whether to trust a site or app? Check TOS Didn’t
Read<https://tosdr.org/>, which summarizes those long privacy policies and
notes any red flags.
Go to a local meetup like Techno-Activism 3rd Mondays
<https://wiki.openitp.org/events:techno-activism_3rd_mondays> to ask a geek to
help you perform a security audit.
Go to EFF’s panopticlick.eff.org<https://panopticlick.eff.org/> to test how
easily your current Web browser configuration can be tracked. And for more
detailed advice on dealing with specific concerns, check its Surveillance Self
Defense<https://ssd.eff.org/> website.
Write to Geoffrey A. Fowler at <mailto:geoffrey.fowler@xxxxxxx>
geoffrey.fowler@xxxxxxx<mailto:geoffrey.fowler@xxxxxxx>
--
David Goldfield, Assistive Technology Specialist Feel free to visit my Web site
WWW.DavidGoldfield.Info<http://WWW.DavidGoldfield.Info>