12 Tips for Cyber Security at Home
Employee's home cyber security should be on the minds of all businesses and wherever possible, advice and guidance should be provided as part of the corporate information security strategy. As more and more employees work from home, have work devices and remote access, its critical that businesses secure these endpoints in to their systems.
Cyber security is a wide ranging issue with no simple or quick fix, the following tips are recommended as a minimum but are far from exhaustive or complete!
1. Enable Two Factor Authentication
Despite having the least catchy name in an industry obsessed with acronyms, two factor authentication (2FA?) is gaining momentum for home users. The premise is simple: associate a device (such as a mobile phone) with an important account and when you login, a text message is sent to your mobile device with a unique code that you use in tandem with your password.
Sound like too much hassle for signing in to Amazon or Hotmail? Hell yes! Fortunately virtually all accounts have an option to ‘trust’ a familiar device, meaning it only requires your username and password going forward.
The beauty of this approach is if anyone finds out your login details, unless they are on your 'trusted' computer, they still can't login without also having your mobile phone with them!
2. Say Yes to Updates
Many users don’t install updates on their computers because, ironically, they are concerned they might be installing malicious software if they say ‘yes’ to the wrong prompt. Users should ensure they install all updates to their operating system (for example ‘Windows’), their anti-virus and related software such as Java.
While far from comprehensive, a good rule of thumb is to only do updates when a computer first boots up (never when browsing the internet) so you are are not ‘fooled’ by a website pop-up designed to look like a system update message.
I would also recommend setting both your operating system and your anti-virus to update automatically. I've heard some old-school IT engineers claim automatically updating Windows is dangerous and can 'cause problems' but in truth, this is incredibly rare and I'd rather have a glitch on my machine that I can fix than have it compromised and have to be reinstalled from scratch (not to mention the risk to your data and privacy).
3. Create Separate Admin & General User Accounts
All users should have at least two accounts on their computer: one as an account with limited privileges and another with ‘administrative’ privileges.
The former should be used for day-to-date activities and the latter should only be used for tasks that require special (‘elevated’) privileges such as to install updates, software or new hardware. This reduces the chances of you accidentally installing malicious software.
4. Keep Your IOT Devices up to date
The ‘Internet of Things’ refers to non-computer devices on networks such as ‘Smart Home’ devices like fridges and electronic thermostats to security cameras and Smart TVs.
While not as obvious or simple, employees need to ensure the ‘firmware’ on these are up to date, if in doubt a search on the internet should yield some information from the manufacturer and many devices like smart TVs will prompt you with offers of an update.
5. Use the parental controls provided by your broadband provider
Most Internet Service Providers (ISPs) provide broadband routers that have ‘Parental Controls’ on them to restrict what sort of content can be viewed.
This kind of restriction should be used even if there are no children in the household as it can protect against accidental clicks and misdirection, blocking known malicious websites.
Contact your ISP or browse their website for instructions on enabling the parental restrictions.
6. Encrypt computer drives
Homes tend to be far more prone to theft and burglary than commercial locations (especially opportunistic) and so encrypting home computers and laptops is a good idea to keep the data stored on them out of the wrong hands.
It’s bad enough knowing someone was in your home but thinking that they could easily be trawling through your private files – even if your machine has a password – unless you enable encryption.
Windows 10 comes with a free encryption tool called BitLocker which is excellent and easy to use. Just remember - if you forget your password, any data that is stored only on your device is gone forever (this is why I always recommend having an automatic cloud backup in place first).
7. Encrypt Your Phone!
Most modern phones now have the ability to encrypt the device so that without the password, pin code or fingerprint (depending on your preference), data cannot be retrieved from it by a third party.
The process of encrypting your device differs slightly from one device to another but a quick search online should provide simple instructions. The only common thing to remember across all devices is that you should have a full battery when you start encryption and ideally it should be plugged in too.
It’s also important to note that if you forget your password, any data on the phone is lost (otherwise there’s really not much point in the encryption!).
8. Change Default Passwords on Everything
When you buy a device, particularly smart devices and items like wireless routers, they come with default logins such as a username and password of ‘Admin’ – for obvious reasons this is a bad idea.
No devices connected to your home network should use the ‘default’ username and password supplied from the manufacturer and it should be changed when you first set the device up.
9. Shred Documents (personal or work)
Shredding documents renders them much more difficult to retrieve information usable for extortion or to form the basis of a targeted attack.
A ‘cross cut’ shredder is better. Shredded paper can then be recycled, composted, used as packaging or – as I do – you can burn it (this isn’t some form of extreme paranoid data destruction, it just makes good kindling!).
10. Disable WPS on home Wifi and use WPA-PSK encryption
Older wireless routers may still be using older technologies such as WEP encryption or ‘WPS’ for connecting new devices.
These should both be disabled with the WEP encryption being replaced by something like WPA.
If in doubt, buy a new wireless router as modern ones generally have these insecure technologies removed.
11. Cover Webcams
Unfortunately, the necessity of covering your webcam is not an urban myth. If you don't believe it, a simple search of the internet will show you how just how common it is but fair warning: its a gut wrenching feeling when you realise how often the sanctity of people’s homes has been violated.
When a computer is compromised, the webcam can be used by an attacker to gather imagery for use in an extortion scam. Remember that the average time between a network getting compromised and its discovery is 200 days!
The photo to the right went viral in the 1990s. It shows the face of someone whose machine was hacked and suddenly found himself reading this message on his screen:
Hi. I know we haven’t talked before. This is your computer. Since I see everything in your room, I thought I’d throw you a few pointers. First, put on a shirt. PLEASE. Second, you’ve got a nice girl lying there on your bed and you’re sitting there looking like a goon on the computer. Come on.
Unfortunately in modern times its not just hackers having a bit of fun, cyber criminals gather embarrassing imagery and and use it for blackmail in a trend being referred to as sexploitation.
12. Destroy hard drives when disposing of old computers.
When disposing of old computer equipment, always destroy the data and recycle if possible. If you’re unsure how to destroy the data using software (not as easy as it sounds), take the storage drive out and drill three holes through it with an electric drill.
If you do not, you are potentially putting hundreds of documents and details about you in to the hands of strangers.
The original version of this post can be found on my blog at: https://bobmckay.com/i-t-support-networking/security/12-tips-cyber-security-home/