SECURING YOUR DEVICES AND NETWORKS
1. Encrypt your data.
Data encryption isn't just for technology geeks; modern tools make it possible for anyone to encrypt emails and other information. "Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to encrypt, decrypt, sign and verify emails using the OpenPGP standard. And for protecting files, newer versions of Apple's OS X operating system come with FileVault, a program that encrypts the hard drive of a computer. Those running Microsoft Windows have a similar program. This software will scramble your data, but won't protect you from government authorities demanding your encryption key under the Regulation of Investigatory Powers Act (2000), which is why some aficionados recommend TrueCrypt, a program with some very interesting facilities, which might have been useful to David Miranda," explains John Naughton in an article for The Guardian.
2. Backup your data.
One of the most basic, yet often overlooked, data protection tips is backing up your data. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don't also lose your important information. It's best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised.
3. The cloud provides a viable backup option.
While you should use sound security practices when you're making use of the cloud, it can provide an ideal solution for backing up your data. Since data is not stored on a local device, it's easily accessible even when your hardware becomes compromised. "Cloud storage, where data is kept offsite by a provider, is a guarantee of adequate disaster recovery," according to this post on TechRadar.
4. Anti-malware protection is a must.
Malware is a serious issue plaguing many a computer user, and it's known for cropping up in inconspicuous places, unbeknownst to users. Anti-malware protection is essential for laying a foundation of security for your devices. "Malware (short for malicious software) is software designed to infiltrate or damage a computer without your consent. Malware includes computer viruses, worms, trojan horses, spyware, scareware and more. It can be present on websites and emails, or hidden in downloadable files, photos, videos, freeware or shareware. (However, it should be noted that most websites, shareware or freeware applications do not come with malware.) The best way to avoid getting infected is to run a good anti-virus protection program, do periodic scans for spyware, avoid clicking on suspicous email links or websites. But scammers are sneaky: sometimes malware is cleverly disguised as an email from a friend, or a useful website. Even the most cautious of web-surfers will likely pick up an infection at some point.," explains Clark Howard.
5. Make your old computers' hard drives unreadable.
Much information can be gleaned through old computing devices, but you can protect your personal data by making hard drives unreadable before disposing of them. "Make old computers’ hard-drives unreadable. After you back up your data and transfer the files elsewhere, you should sanitize by disk shredding, magnetically cleaning the disk, or using software to wipe the disk clean. Destroy old computer disks and backup tapes," according to the Florida Office of the Attorney General.
6. Install operating system updates.
Operating system updates are a gigantic pain for users; it's the honest truth. But they're a necessary evil, as these updates contain critical security patches that will protect your computer from recently discovered threats. Failing to install these updates means your computer is at risk. "No matter which operating system you use, it's important that you update it regularly. Windows operating systems are typically updated at least monthly, typically on so-called 'Patch Tuesday.' Other operating systems may not be updated quite as frequently or on a regular schedule. It's best to set your operating system to update automatically. The method for doing so will vary depending upon your particular operating system," says PrivacyRights.org.
7. Automate your software updates.
In order to ensure that you're downloading the latest security updates from operating systems and other software, enable automatic updates. "Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option," suggests StaySafeOnline.org.
8. Secure your wireless network at your home or business.
A valuable tip for both small business owners and individuals or families, it's always recommended to secure your wireless network with a password. This prevents unauthorized individuals within proximity to hijack your wireless network. Even if they're merely attempting to get free Wi-Fi access, you don't want to inadvertently share private information with other people who are using your network without permission. "If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router," says FCC.gov in an article offering data protection tips for small businesses.
9. Turn off your computer.
When you're finished using your computer or laptop, power it off. Leaving computing devices on, and most often, connected to the Internet, opens the door for rogue attacks. "Leaving your computer connected to the Internet when it’s not in use gives scammers 24/7 access to install malware and commit cyber crimes. To be safe, turn off your computer when it’s not in use," suggests CSID.
10. Use a firewall.
"Firewalls assist in blocking dangerous programs, viruses or spyware before they infiltrate your system. Various software companies offer firewall protection, but hardware-based firewalls, like those frequently built into network routers, provide a better level of security," says Geek Squad.
11. Practice the Principle of Least Privilege (PoLP).
Indiana University Information Technology recommends following the Principle of Least Privilege (PoLP): "Do not log into a computer with administrator rights unless you must do so to perform specific tasks. Running your computer as an administrator (or as a Power User in Windows) leaves your computer vulnerable to security risks and exploits. Simply visiting an unfamiliar Internet site with these high-privilege accounts can cause extreme damage to your computer, such as reformatting your hard drive, deleting all your files, and creating a new user account with administrative access. When you do need to perform tasks as an administrator, always follow secure procedures."
12. Use "passphrases" rather than "passwords."
What's the difference? "A passphrase is simply a different way of thinking about a much longer password. Dictionary words and names are no longer restricted. In fact, one of the very few restrictions is the length - 15 characters. Your passphrase can be a favorite song lyric, quote from a book, magazine, or movie, or something your kids said last week. It's really that easy," explains Indiana University's Protect IU. Think of a saying or series of words that is easy for you to remember, and use the first letter of each word in the phrase, along with a combination of numbers and special characters, as your passphrase.
13. Encrypt data on your USB drives and SIM cards.
Encrypting your data on your removable storage devices can make it more difficult (albeit not impossible) for criminals to interpret your personal data should your device become lost or stolen. USB drives and SIM cards are excellent examples of removable storage devices that can simply be plugged into another device, enabling the user to access all the data stored on it. Unless, of course, it's encrypted. "Your USB drive could easily be stolen and put into another computer, where they can steal all of your files and even install malware or viruses onto your flash drive that will infect any computer it is plugged in to. Encrypt your SIM card in case your phone is ever stolen, or take it out if you are selling your old cell phone," according to Mike Juba in an article on Business2Community.
14. Don't store passwords with your laptop or mobile device.
A Post-It note stuck to the outside of your laptop or tablet is "akin to leaving your keys in your car," says The Ohio State University's Office of the Chief Information Officer. Likewise, you shouldn't leave your laptop in your car. It's a magnet for identity thieves.
15. Disable file and media sharing if you don't need it.
If you have a home wireless network with multiple devices connected, you might find it convenient to share files between machines. However, there's no reason to make files publicly available if it's not necessary. "Make sure that you share some of your folders only on the home network. If you don’t really need your files to be visible to other machines, disable file and media sharing completely," says Kaspersky.
16. Create encrypted volumes for portable, private data files.
HowToGeek offers a series of articles with tips, tricks, and tools for encrypting files or sets of files using various programs and tools. This article covers a method for creating an encrypted volume to easily transport private, sensitive data for access on multiple computers.
17. Overwrite deleted files.
Deleting your information on a computing device rarely means it's truly deleted permanently. Often, this data still exists on disk and can be recovered by someone who knows what they're doing (such as, say, a savvy criminal determined to find your personal information). The only way to really ensure that your old data is gone forever is to overwrite it. Luckily, there are tools to streamline this process. PCWorld covers a tool and process for overwriting old data on Windows operating systems.
18. Don't forget to delete old files from cloud backups.
If you're diligent about backing up your data and use a secure cloud storage service to do so, you're headed in the right direction. That said, cloud backups, and any data backups really, create an added step when it comes to deleting old information. Don't forget to delete files from your backup services in addition to those you remove (or overwrite) on your local devices. "If you back up your files to the cloud, remember that even though you delete them on your computer or mobile device, they’re still stored in your cloud account. To completely delete the file, you’ll also need to remove it from your backup cloud account," says re/code.
DATA PROTECTION TIPS FOR MOBILE DEVICES
19. Consciously check and configure app privacy settings.
Most apps offer privacy settings for users, enabling you to determine how much and what types of information are shared or stored. Always choose the least amount of data-sharing possible. Google, for instance, offers individual permission levels and privacy settings for the mobile apps it provides: "Google offers a variety of mobile applications that you can download onto your smart phone and some of these apps, such as Search, Maps and Latitude incorporate geolocation features. Some parents may be concerned about their teen sharing their location with others. Each app allows you to adjust the privacy setting so you can share as much or little as you want."
20. Enable remote location and device-wiping.
"If your gadget is lost or stolen, tracking apps can tell you exactly where your phone is. These apps also let you wipe sensitive information remotely. If your phone does end up landing in the wrong hands, you can at least make sure they don't get your information," says Kim Komando.
21. Take care of privacy settings immediately upon setup.
When configuring a new device or operating system, configuring privacy settings should be the first order of business. This ensures that you're not inadvertently sharing sensitive information as you set up your standard apps and services. "The minute you download and install iOS 8, the latest version of Apple's mobile operating system for iPhone and iPad, you should take note of these privacy steps in order to lock down your device. iOS 8 has a number of new features tied to your location. It also has new privacy settings, allowing users to limit how long data is stored for, such as message expiry features and new private browsing settings...Before you do anything like customizing your phone, loading new apps, or syncing your data for the first time, these first seven settings need to be checked, and if necessary, changed," explains Zack Whittaker in an article appearing on ZDNet.
22. Use MyPermissions.com to control app permissions in one fell swoop.
While it's not all-inclusive, MyPermissions.org is a handy tool that allows you to check your permission settings across a multitude of apps, get reminders to clean your permissions with mobile-friendly apps, and get alerts when apps access your personal information so that you can remove it with a single click.
23. Lock your smartphone and tablet devices.
Practically everyone has a smartphone, tablet, or both these days. All it takes is a single mishap where your device slips out of your pocket or briefcase at a restaurant or on public transportation, and your data could wind up in the hands of someone who will use it maliciously. You can take steps to protect your data in the event of a lost or stolen device, however, beginning with locking your device. When your device is locked, a thief must crack your password before gaining access to your apps or personal information, adding a layer of protection. "As soon as you get a new smartphone, set a hard to guess password to protect your device and change it on a regular basis." says CTIA, The Wireless Association.
24. Don't forget to backup your mobile device data.
Another data protection strategy that's often overlooked for mobile devices is the need to backup your data from your mobile device in addition to your desktop computer's or laptop's data. There are some automatic cloud-backup options, but this article on Yahoo Small Business Advisor suggests an interesting strategy: using IFTTT (If This Then That) to facilitate automatic backups of important files, such as photos or work documents.
25. Disable automatic uploading.
Some devices automatically backup your data to the cloud, and some apps used on smartphones or tablets store information in remote servers. Yes, having a backup of your data is a good thing, but the backup should be accessible only by you or someone you authorize. You can prevent your devices from sharing your personal photos and other information with the cloud for the world to see by disabling automatic backup settings on your device and on individual apps. In an article on BBC, Colin Barras explains, "As cloud services grow it’s becoming common for devices like smartphones to upload user data to remote servers by default. If you’re at all worried about some of your photos falling into the hands of malicious parties it’s probably not a bad idea to check your phone settings to see what data is being automatically backed up to the cloud, and disable automatic uploading."
26. Disable Bluetooth when you're not using it.
Bluetooth technology has offered incredible conveniences to the mobile world, but it also opens the door for vulnerabilities. Most threats exploiting Bluetooth connectivity are dependent on the active Bluetooth connection, and while they aren't typically devastating or dangerous, they're certainly inconvenient and can be serious. "Bluetooth attacks depend on exploiting the permission request/grant process that is the backbone of Bluetooth connectivity. Regardless of the security features on your device, the only way to completely prevent attackers from exploiting that permission request/grant process is to power off your device’s Bluetooth function when you’re not using it — not putting it into an invisible or undetectable mode, but completely turning it off (there are bad apps that can power your device back on, just one more reason overall app security is vital)," advises Kaspersky Lab.
27. Get anti-virus or anti-malware protection for your mobile devices.
Anti-malware protection software is a given for most computer users, but many consumers still overlook the importance of protecting mobile devices from the growing number of malware programs impacting all types of mobile devices. Just a few years ago, however, security options for mobile devices offered mediocre protection against threats, at best. "Besides antivirus and malware scanning, security apps for Android also offer a full McAfee LiveSafe 2014 Android screenshot McAfee for Android security suite with features such as device location, remote wipe, backup, and suspicious-URL blocking. These extra features usually require a premium subscription, but most apps offer a minimal, basic level of protection for free, including malware scanning," according to an article on PCWorld.
28. Check your push notification settings on mobile devices.
Push notifications are notices posted to your device homescreen so that you don't miss important information or updates. "Many applications send proactive notifications to your phone's home screen. In general, these notifications are valuable and make it easy to keep track of what's happening in your favorite applications. Personal health applications may send these types of notifications as well. If you are using applications that use push notifications, review them to ensure that sensitive data isn't being shared unexpectedly to your home screen. You don't want your personal health data laying out in plain site on your phone," according to an article on TrueVault.
29. Enable Touch ID if you use an Apple device.
If you use an iPhone 5 or later, you can take advantage of an added security measure known as Touch ID, a technologically advanced fingerprint security tactic. "The actual image of your fingerprint is not stored anywhere, and is instead converted to a mathematical representation of a fingerprint that cannot be reverse engineered into one. This mathematical representation is stored in a Secure Enclave within your phone’s chip, and is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else."
30. Set up content filters.
If you have children who use mobile devices, check into security options such as content filters that can be activated either through your wireless provider or on the physical device. These filters restrict access to certain types of content, ensuring that your children cannot inadvertently go to websites or download apps that contain either inappropriate or malicious content. Verizon Wireless, for instance, offers a number of content filters and security options for families.
31. Set your device to automatically lock after a period of inactivity.
Most smartphones and tablets enable you to set a specified time frame, after which the device automatically locks if it's been inactive. This means if you lose your smartphone but it wasn't locked, it will lock on its own, ideally before a thief obtains it and attempts to access your personal information. "Configure your settings to ensure that your device locks after a short period of time," says ProtectYourData.ca.
32. Be mindful of the apps you install.
There are new apps entering the market constantly. But too many apps running in the background not only slows down your smartphone or tablet, but some of them could be sharing your personal information, even your current location via GPS, without your knowledge. Don't install apps unless they're from trusted sources. "The problem is that many third-party app stores are not safe. If you choose to download an APK file and install it yourself, you could be putting malware on your device. You may also be sent an APK file in an email or a text message, or you could be prompted to install one after clicking on a link in your web browser. It’s best not to install these unless you are certain it is safe," according to an article on Digital Trends.
33. Prevent your smartphone from being stolen.
While remote wiping and location-tracking solutions are great for finding your device and protecting your data if it's been stolen, the ideal solution is to avoid having your smartphone or other device stolen in the first place. "One of your best 'grab-prevention' options is a wireless proximity alarm system. These handy app/device combos let you know when your phone gets more than the pre-set distance limit from the proximity device (which is usually small enough to fit on a key ring)," ComputerWorld recommends.
34. Use an on-device, personal firewall.
Firewalls aren't just for servers and browsers; you can get a personal firewall for your mobile device, too. MySecurityAwareness.com suggests installing "an on-device personal firewall to protect mobile device interfaces from direct attack."
35. Wipe devices and set to factory defaults before donating or discarding.
Don't just give your old mobile devices to someone else, particularly someone you don't know, without first wiping it clean and restoring it to factory settings. Otherwise, you're basically handing over all your personal data to whoever ends up with your old smartphone or tablet. "Many security experts say performing a factory reset on your old phone is exactly what you're supposed to do if you plan to sell or donate it. According to the nation's major wireless carriers, a reset will erase all personal information – such as texts, contact lists, photos and important user data – from your phone's memory," says WTHR.com. But, this method isn't fool-proof; in fact, 13 Investigates put this very theory to the test and found that in some cases, a factory reset will wipe a device clean. In others, it won't. The solution? Do a factory reset as a precaution, but do your research and determine the best way to discard of your device or cleaning it before donating it to charity.
36. Be mindful of eavesdroppers when shopping via your mobile device in public.
If you have time to kill on your morning commute, you might browse the virtual shopping aisles, but be mindful of who is sitting beside you or behind you. Criminals can easily peep over your shoulder and watch as you enter passwords, credit card details, and other information. "A long commute on a bus or a train is the perfect time to get some holiday shopping done, but beware of that stranger sitting next to you. Your neighbors might try and read your screen and steal your credit card number or other information. Investing in a privacy screen or filter can significantly reduce the risk of peeping thieves. Screen protectors come in all shapes and sizes and at Best Buy, you can find the one that’s best for your favorite tech gadget," advises BestBuy in an article offering tips for keeping your digital data safe on Cyber Monday (and really, anytime you're shopping online).
PROTECTING YOUR DATA ON SOCIAL NETWORKING
37. Don't share too much information on social networking platforms.
Social networking has become a way of life for many individuals, but sharing too much personal information on your social media profiles can be dangerous. For instance, many hackers have successfully guessed passwords through trial-and-error methods, using combinations of common information (such as children's names, addresses, and other details) easily found on users' social media profiles. "Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections," advises the United States Computer Emergency Readiness Team (US-CERT).
38. Customize your social networking privacy settings.
Social networks like Facebook enable users to customize their privacy settings. On Facebook, for instance, you can choose who is able to see the content you post and who is able to view information on your profile, such as your place of employment, birth date, and hometown. Always choose the highest level of privacy possible to ensure that your personal data doesn't end up in the hands of someone with malicious intent. "The content you post online will be around for a long time, but you can customize privacy settings on most social media sites. This will affect who can contact you and who can see the information you post. Be choosy: while it’s fun to share information, keep your online reputation in mind. And if you over-disclose information publicly, it could be used by identity thieves to hijack your identity," suggests the Chronicle of Data Protection.
39. Don't trust "friends" who claim to be mugged or have other unbelievable stories.
Facebook has become a dangerous platform for users who aren't careful. Scams have been attempted, some successfully, on the social network, involving thieves masquerading as users on an individual's friends list, asking for financial help after supposedly being mugged in a foreign country. Nonsuspecting users who merely want to help their friends may wire money to these criminals, failing to recognize the ploy. Never trust anyone who cannot verify they are, in fact, the person they claim to be. Ask strategic questions to which the answers are not readily available on the user's profile or easily located online. If it seems suspicious, get in touch with the person via phone or another communication method to try to verify the story.
40. Block suspicious or shady users on Facebook.
For users you don't know outside of Facebook who befriend you and then make you uncomfortable by asking repeated, personal questions or pressure you to meet them offline, blocking them is a viable option. "You also have a 'Block List' feature in your privacy settings. If you choose to block people, you cannot interact with them on Facebook at all," says Just Ask Gemalto. Blocking shady users means they cannot message you, contact you, or see that you're online. In fact, they cannot view your profile at all.
41. Protect your Tweets.
If you're using Twitter to promote your business, you might want your Tweets to be publicly available. However, if you use Twitter for personal communications, you have the option of setting your Tweets to private, meaning only approved followers are able to view your content. Read more about the difference between public and private Tweets here and how to change your settings here.
42. Check your privacy settings regularly.
Privacy options are always changing on social networking platforms, so be sure to check your personal settings regularly and make adjustments as needed. "Content uploaded to social media platforms is not always secure, so it’s imperative to understand how to use the privacy features your social media sites have to offer," according to Social Media Examiner.Click through to the full article for a breakdown of how to update your privacy settings on each of the popular social networks.
43. Know who your friends are.
Don't accept random friend requests on Facebook from people you don't know. "Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a 'fan' page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know trust) more synched up with your daily life," advises StaySafeOnline.org.
44. Use two-step verification for LinkedIn.
"LinkedIn offers members the ability to turn on two-step verification for their accounts. This will require an account password and a numeric code sent to your phone via SMS whenever you attempt to sign in from a device that your LinkedIn account does not recognize," according to a post on Business News Daily. This ensures that should someone crack your account password, they will be unable to login unless they can't access your account unless they also gain access to your code -- meaning they'd have to also be in possession of your mobile device.
45. Contact the social network to regain access, and let your friends know if you've been hacked.
Sometimes, having your social networks hacked means your friends could be being conned by criminals pretending to be you. Or, you could even be blocked from your own account if they've changed the password or conducted activities that have led to your account being banned by the service. "If you’re locked out of your account or blocked from accessing it, many Web services have steps in place so you can get back in. For example, Facebook has a system where you can use a trusted source like a friend to take back your account. Search each service’s help section for specific instructions. Speaking of friends, you should let your contacts know that you’ve been hacked, and report the issue to the site. Also, run a scan of your computer or mobile device using a trusted and up-to-date antivirus program.
PROTECTING YOUR DATA ONLINE
46. Avoid sensitive transactions on public Wi-Fi.
Working at the local coffee shop may have some appeal, but relying on a public Wi-Fi connection means your data is interceptible by outsiders. Avoid conducting banking transactions and sending other sensitive information over a public Wi-Fi network. "Public wi-fi 'hotspots' in public places like cafés, airports, hotels and libraries are convenient but unlike your home computer, use of public hotspots involves security compromises. It is easy for other users to intercept your data, so be careful about what information you send or receive while connected. Try and limit activity when connected to a public wi-fi network to web browsing and avoid banking or any other activities that involve user password access. Avoid using hotspots that are run by people you do not know or trust. Criminals can set up hotspots known as 'evil twins' and 'rogue hotspots' to steal users' information. Always try and use encrypted (password protected) networks," advises Stay Smart Online.
47. Use website privacy settings.
Websites other than social networking platforms also offer some privacy options. YouTube, for instance (which could arguably be considered a social networking platform, as well), allows users to make videos private or viewable only by specified persons. "You can often find privacy controls on a site by navigating to a control panel or settings menu. Sometimes, websites will draw attention to privacy controls while in other cases they will group them under broader categories like “Account Settings”. Privacy controls may also be offered during the sign-up process for a new online service or account. To best protect your privacy you should explore and understand privacy controls available to you on a given website/platform before you share personal information on or with the site," recommends TRUSTe.
48. Don't forget to sign out.
Signing in to online services is necessary when you need to access your personal accounts, but many users forget to sign out when they're finished using a service. "But when using public computers like in a cybercafe or library, remember that you may still be signed into any services you’ve been using even after you close the browser. So when using a public computer, be sure to sign out by clicking on your account photo or email address in the top right corner and selecting Sign out. If you use public computers often, use 2-step verification to help keep your account safe, and be extra careful to sign out of your accounts and shut down your browser when you have finished using the web," according to the Google Safety Center.
49. Don't open emails from people you don't know.
If you receive an email from a source or individual you don't recognize, don't open it, and definitely avoid clicking any links or file attachments. The Hubbard Township Police Department in Ohio suggests, "Delete email from unknown sources. Watch out for files attached to e-mails, particularly those with an 'exe' extension-even if people you know sent them to you. Some files transport and distribute viruses and other programs that can permanently destroy files and damage computers and Web sites. Do not forward e-mail if you are not completely sure that any attached files are safe."
50. Use two-factor authentication.
Two-factor authentication is an additional layer of security that provides protection in the event that a hacker guesses or cracks your password. Two-factor authentication requires a second verification step, such as the answer to a secret question or a personal identification number (PIN). You should opt for two-factor authentication when given an option. "Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code. Authenticator apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option," explains the Webroot Threat Blog.