Use 2 Factor Authentication to Decrease Risk of Getting Hacked
If you're even vaguely aware of the news these days about online account hacks - like the recent Facebook breach - then you know the importance of changing your password immediately if you're at risk.
Post breach, change password!
Changing your password asap after such a breach prevents a hacker from accessing your account, as long as you change it before the hacker logs in! Otherwise, you have to go through an often-stressful password reset process, during which you have to prove your identity by some other means such as email, phone, or security question answers.
Password reset game is no fun
I have helped many clients through this reset process and it's not fun. It's not hard, it just takes time and costs money: my billable time. Believe me, it's not a preferred IT task for either me or my clients. We get painfully reminded about the importance of locking down account access using multiple layers of identification.
Use unique passwords
While strong and unique passwords raise the bar for anyone trying to hack your account directly, they don't prevent the types of hacks Facebook disclosed. Yet if your Facebook password or any other online password is unique, and you change it right away after a reported breach, then your vulnerability is reduced.
Don't give the keys to the kingdom!
If, however, you use the same password on multiple sites and a hacker obtains info on you, such as your name, email location, and a precious password, you can bet they will try that same identify combination to crack your other accounts. That's why it's critical to have unique and complex passwords, not just variations of a theme like "mydogbruno" and "mydogbruno1".
2 Factor authentication boosts security
So, the first line of defense is strong and unique passwords for EVERY online account. The second line is two-factor authentication (2FA), which requires access to something besides the knowledge of a password, like a cell phone. (The password is considered something you know, a first factor. The phone is something you have, a second factor.) The phone lets you receive a call or a text with a code to unlock your account, so it authenticates you beyond your password.
2-Step Verification in Gmail
Not all accounts provide two-factor authentication, but for the ones that do, I highly recommend it. Gmail is one. Google calls it 2-Step Verification. Here is a simple scenario after you set this up in Gmail: You get a new device, you try to log in to your Gmail account on it, and Gmail won't let you until you receive a code texted to your phone. You type into your browser or Gmail app that one-time-only code, then you're given access to Gmail on that new device. You won't be asked again, unless something changes on that device to make Google not recognize it.
After setting up 2-step in Gmail, if someone elsewhere tried to log in to your Gmail you'd receive a code on your phone. As long as that phone is with you, that person would have more difficulty accessing your email.
Set up 2 Factor where available
Besides Google, here is a short list of sites offering two-factor authentication: Facebook, Microsoft, Yahoo, AOL, and Twitter. If you have an account with any of these sites, take the time to set up 2FA.
Thanks for reading!
-Sam
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
Monday, October 15, 2018
Friday, July 14, 2017
Best Practices for Passwords
Best Practices for Passwords
One of the distractions these days to smoothly using computing devices and online resources is the dung heap of passwords one accumulates. Yeah, we all know the stench.
Password management
Some of my clients have made their lives easier by using a password manager, like lastpass.com, which I recommend. Others keep their passwords in a notes type of program which is viewable to anyone if the device is accessed locally or by online hack. This is NOT safe! Still others resort to old school means - writing credentials on paper and keeping that handy, or unfortunately sometimes, misplacing the paper.
This is one area of your life where you have to give latitude to the OCD part of yourself. You can’t be too careful with password storage.
Make them Unique
Whatever system you use - and I strongly recommend something that’s secure against theft or loss – is to make sure each password is unique. Why? Because if a hacker gains access to an account by cracking and revealing a password, she/he will attempt that same password on any other accounts you own that can be discovered. We don’t have the same key to our car, home, and office – the same prudent approach should apply to software keys.
NIST Guidelines
Where to begin when creating passwords? The National Institute of Standards and Technology (NIST) recently published guidelines that alleviate some of the difficulties. Here’s what they recommend based on research:
Strong Passphrases
Here are some examples of strong passphrases I generated with an Android app called Diceware Password Generator: “Graveness shallot relative tassel untried”. Yes, all those words together are the passphrase including the spaces. To break this would require 164 days of effort from a sophisticated hacker, like the NSA. A simpler passphrase created by this app is “banister extinct evict rejoin”. It would take 30 minutes to crack this one.
Dumbledore
Yes, these passphrases are complex. However, if you create one that you can memorize, then you can use it for a password manager like Lastpass as your master password. Thereafter follow NIST guidelines above for your online accounts - in my opinion, using long unusual words like Dumbledore or Beatlemania, or combos of words and spaces like Queen of Hearts or Stairway to Heaven.
Be creative!
Of course, some websites will require you to use their system of password lengths and combos of upper-case letter and special characters; but for everything else, get creative, break free, and have some fun with the drudgery of passwords! And again, keep them unique to each system.
Thanks for reading.
One of the distractions these days to smoothly using computing devices and online resources is the dung heap of passwords one accumulates. Yeah, we all know the stench.
Password management
Some of my clients have made their lives easier by using a password manager, like lastpass.com, which I recommend. Others keep their passwords in a notes type of program which is viewable to anyone if the device is accessed locally or by online hack. This is NOT safe! Still others resort to old school means - writing credentials on paper and keeping that handy, or unfortunately sometimes, misplacing the paper.
This is one area of your life where you have to give latitude to the OCD part of yourself. You can’t be too careful with password storage.
Make them Unique
Whatever system you use - and I strongly recommend something that’s secure against theft or loss – is to make sure each password is unique. Why? Because if a hacker gains access to an account by cracking and revealing a password, she/he will attempt that same password on any other accounts you own that can be discovered. We don’t have the same key to our car, home, and office – the same prudent approach should apply to software keys.
NIST Guidelines
Where to begin when creating passwords? The National Institute of Standards and Technology (NIST) recently published guidelines that alleviate some of the difficulties. Here’s what they recommend based on research:
- Minimum length of eight characters; maximum length of 64 characters
- No need to create complexity with numbers and characters like $*&
- No need to periodically change passwords (although some online systems may still require this)
- Avoid common words, found in the dictionary
- Avoid anything associated with you as an individual - like maiden names, birth dates, children’s names, etc.
Strong Passphrases
Here are some examples of strong passphrases I generated with an Android app called Diceware Password Generator: “Graveness shallot relative tassel untried”. Yes, all those words together are the passphrase including the spaces. To break this would require 164 days of effort from a sophisticated hacker, like the NSA. A simpler passphrase created by this app is “banister extinct evict rejoin”. It would take 30 minutes to crack this one.
Dumbledore
Yes, these passphrases are complex. However, if you create one that you can memorize, then you can use it for a password manager like Lastpass as your master password. Thereafter follow NIST guidelines above for your online accounts - in my opinion, using long unusual words like Dumbledore or Beatlemania, or combos of words and spaces like Queen of Hearts or Stairway to Heaven.
Be creative!
Of course, some websites will require you to use their system of password lengths and combos of upper-case letter and special characters; but for everything else, get creative, break free, and have some fun with the drudgery of passwords! And again, keep them unique to each system.
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Wednesday, March 15, 2017
Boost Your Email Security or Suffer
Boost Your Email Security or Suffer
For years now the electronic mail system of the Internet (email) has been a victim of annoying advertising spam and virus attacks.
The latest threats to email include hacking to take control of the account, spam with links that when clicked infect a computer with ransomware, and tracking/spying on email usage by email providers and their affiliates.
Below are some suggestions for boosting email security. Remember though, networking and the Internet were not designed from the ground up to be a secure communication system, nor was email. Whenever you send something via email it can be compromised somewhere along the communication chain.
Wishing you a safe day in cyberspace!
Thanks for reading.
For years now the electronic mail system of the Internet (email) has been a victim of annoying advertising spam and virus attacks.
The latest threats to email include hacking to take control of the account, spam with links that when clicked infect a computer with ransomware, and tracking/spying on email usage by email providers and their affiliates.
Below are some suggestions for boosting email security. Remember though, networking and the Internet were not designed from the ground up to be a secure communication system, nor was email. Whenever you send something via email it can be compromised somewhere along the communication chain.
- Use separate accounts for business and personal use. In my opinion, it's generally more likely a personal email account will be compromised. You don't want your business contacts exposed by a hack.
- Ditch Yahoo email. Use Gmail instead. True, there are privacy concerns with Gmail. But I believe Google does a much better job at security than Yahoo. Just read the recent news on the hacks of Yahoo's system and their failure to take action and disclose.
- Use 2-step verification. This requires that someone trying to access your email from a device you haven't previously used/approved will need to enter a code sent by text to your phone to gain access.
- Use unique, complex passwords for each account, and make sure passwords are not used for any other online accounts.
- Don't send anything confidential by email. As mentioned earlier, email isn't inherently secure. So don't email account numbers, passwords, social security numbers, etc. If you must share this stuff via email, find a means to encrypt the data, such as zipping an attachment with the 7-zip program and using a password/encryption. This is not perfect security, but raises the bar.
- Set your spam scanner on aggressive and check the spam folder often for valid email. You can white-list the wrongly labeled "spam" email so the filter won't screen it out next time.
- Use Antivirus software to scan all email if you use a program like Outlook, Thunderbird, Windows Mail, etc.
- If your email is hacked, changed your password immediately and monitor the account for oddities. If the hacker sent email from you to your contacts, immediately notify your contacts about the hack - tell them to be careful about suspicious content, including asking them to click links.
Wishing you a safe day in cyberspace!
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Wednesday, February 15, 2017
Beware of Click and Tap Fever
Beware of Click and Tap Fever
But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.
Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)
So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete. If the message is important enough, the person will call, or you can call them.
Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.
Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.
The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)
Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.
I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.
Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software.
Here's the site: https://www.malwarebytes.com
After you buy and install it, close all programs on your computer and run a full scan, including your external drives.
Living much of our lives on digital devices has
programmed us to be adept clickers of the mouse or tappers of the finger. Kids
especially do this at lightning speed!
But we have become so adept that we're clicking and tapping way too fast, too reflexively. It would behoove us to be more deliberate, especially when selecting weblinks.
Weblinks from Hell
Selecting weblinks without thinking can get us into big trouble, as one click or tap can cause a computer infection, or worse yet, a completely hijacked machine. (This is more common on Windows computers than on Macs or mobile devices – at least for now!)
So, best practice is to NOT open emails, links, or attachments from strangers, or even people you know if something seems suspicious about the email. When in doubt, delete. If the message is important enough, the person will call, or you can call them.
Careful on Facebook
This applies also on social media sites like Facebook, where clicking a link in a poisoned advertisement can lead to infection.
Don't get Phished!
Phishing is big business in the cybercrime world. Phishing (a twist on the word fishing) is all about trying to hook computer users by clicking/tapping links to infect a computer, scam with a product or service, or hack a computer in various other ways.
The US government created a campaign to promote more careful web use. It’s called Stop.Think.Connect. I recommend you check out their site. (Yes, this link is safe)
Training is key
If you’re an employer, you can print out material from the site or show a video clip to your staff. Education is key to reduce risk of getting hacked.
I give cybersecurity presentations to businesses and community groups. You can contact me to schedule on Hawaii Island.
Last, I’m recommending Malwarebytes Anti-malware 3.0, the paid version, to my clients these days. Training and knowledge is primary, second is good security software.
Here's the site: https://www.malwarebytes.com
After you buy and install it, close all programs on your computer and run a full scan, including your external drives.
Wishing you a safe day in cyberspace!
Thanks for reading.
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Sunday, January 15, 2017
Tech Magic Comes with a Price
Tech Magic Comes with a Price
So, did Santa give you the
new Internet-connected gadget you hoped for at Christmas? Remember, as they say in
fairy tales, all magic comes with a price!
The
magic in modern times is technology. One of the prices in the cyber
realm is the security vs. pleasure trade off.
This
shows up when we get or buy a new gadget like a web cam for home
"security", then hear on the news they're getting hacked
left and right due to poor protections built in by the manufacturers.
Assume the worst!
Assume
the worst when you set up a new device! Check with one of your techie
friends about it. Or do a web search, inquiring about
security and privacy concerns.
There
are ways to fix some of the known security holes in vulnerable web devices,
such as updating software/firmware, changing default settings, and
turning off any unwanted features.
Amazon Echo Dot - can be too convenient
Like
web cams, the Echo Dot is a cool web toy. If you haven't experienced
it yet, you can check it out on YouTube. One downside is it can be
set for easy ordering from amazon.com. Hence there are many stories
of kids ordering stuff without their parents' permission. Ouch$!
Keep a close eye on your devices and users
If
you want to be security-minded and keep control of your devices - lest
they control or jeopardize your bank account or worse - make a list of
the devices you have and who has access to them. Keep the devices updated, and
set desired controls (such as parental controls). If you're unsure about the vulnerability of any
device, unplug it from the Internet until you research it or get some
help from a techie.
Trust sparingly
It
can be a painful lesson to "trust the company" who made it
to have your security and privacy interests at heart. In my opinion,
most don't. They want a fast turnaround on their investment.
Web
cams (yes, I'm picking on them again) are notoriously unsafe in this
regard. I recently unplugged security cameras for one of my clients
due to the uptick in remote hacking of such systems. We can
still see the cameras in operation and record video to a hard drive, but we have the system unplugged from the web.
Unplug to be safe
Along
these lines, a good rule of thumb when leaving your home for travel
is to unplug all your equipment, including your Internet
modem/router. This is a good practice due to electrical surges from
stormy weather, but also ensures no one can access or hack any of
your devices while you're away.
And
if you ever suspect a device has been hacked, turn it off immediately
and get tech support from someone local or the vendor. Be sure to go
directly to the vendor's website - don't just “google” for help
on that device. There are plenty of scammers who prey on people
searching online for tech support.
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Saturday, October 15, 2016
We Have Met the Enemy and He is Us
We have met the enemy and he is us
If you're doing your best to keep your computer protected from cyber attacks - using a router firewall, running security software, keeping software current, etc. - please be aware, the main threat is closer at hand.
That threat is you. And by you, I mean all of us end users, sitting between the system and the keyboard. In most attacks, we are the primary means of exploit.
Social engineering
In many cases, cybercriminals prey upon our good nature to gain access to our computers and/or our private information. A term used to describe this is "social engineering."
Examples of social engineering include: phone calls to our homes or businesses offering bogus computer tech support; calls pretending to be an institution we belong to; or even calls supposedly from charities. These approaches are tried via email too, in which case they're called "phishing" attacks.
Don't be polite
Suspicion is the name of the defensive game here. Don't feel the need to be polite when you sense you're being probed in this manner. Disengage from the phone call. Delete the email. Close the webpage.
Take action
If you feel you may have been scammed, contact the actual institution or business immediately to notify them. If you feel an online account has been compromised, change your password at once. If your computer has been hacked turn it off, unplug from the Internet, and call trusted local tech support asap.
In sum, to quote that famous Pogo cartoon line: "We have met the enemy and he is us." We have to change our behavior to keep ourselves safer from cybercrooks. All the software and hardware filters we use are just aids and deterrents, not final solutions.
Thanks for reading.
If you're doing your best to keep your computer protected from cyber attacks - using a router firewall, running security software, keeping software current, etc. - please be aware, the main threat is closer at hand.
That threat is you. And by you, I mean all of us end users, sitting between the system and the keyboard. In most attacks, we are the primary means of exploit.
Social engineering
In many cases, cybercriminals prey upon our good nature to gain access to our computers and/or our private information. A term used to describe this is "social engineering."
Examples of social engineering include: phone calls to our homes or businesses offering bogus computer tech support; calls pretending to be an institution we belong to; or even calls supposedly from charities. These approaches are tried via email too, in which case they're called "phishing" attacks.
Don't be polite
Suspicion is the name of the defensive game here. Don't feel the need to be polite when you sense you're being probed in this manner. Disengage from the phone call. Delete the email. Close the webpage.
Take action
If you feel you may have been scammed, contact the actual institution or business immediately to notify them. If you feel an online account has been compromised, change your password at once. If your computer has been hacked turn it off, unplug from the Internet, and call trusted local tech support asap.
In sum, to quote that famous Pogo cartoon line: "We have met the enemy and he is us." We have to change our behavior to keep ourselves safer from cybercrooks. All the software and hardware filters we use are just aids and deterrents, not final solutions.
Thanks for reading.
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Monday, August 29, 2016
Don't Mix Personal and Business Email
Don't Mix Personal and Business Email
Those of you in business know about the best practice of keeping separate personal and business bank accounts and credit cards. Any accountant will tell you this is a no-no for several reasons.
It's best to follow this no-mix approach for email too. Limiting our business email accounts to business matters only, including creating spam and filter lists that black-list all non-business correspondence, will reduce the threats of malware and hacking.
Will-nilly email sending
Why? Because of the willy-nilly approach many users take to opening, sending, and forwarding potentially unsafe emails (I'm guilty too!), you increase your risk of mixing those types of missives in your in-box with important business email. Some malware and hacks that gain a foothold on your computer via email can wipe out data, take over the email account, and infect the email program or browser.
I'm not suggesting the business, professional, and governmental world does not bat around junk email and infected messages. But the variety and exposure is generally more limited. This is partly because many institutions have strict email use policies and stringent filtering of inbound and outbound email. This is largely not true for the personal email user.
How to un-mix the accounts
The easiest remedy to un-mix your email - if you don't already have a personal email address - is to create a free gmail account. Choose a non-identifying address, one that doesn't include your name or pointers to who you are. For example, you can refer to a hobby (passion) like fishing: live.to.fish808@gmail.com. (It's easy to add a gmail account to your phone or tablet after set up in a web browser on a computer.)
Once you create the new email, notify all friends and family to send email only there. Re-route any subscription or online shopping accounts to that address too, or create a new email for that type of thing.
Filter your business mail
Then in your business email account/program, set up a filter to block anyone not in your business contacts list.
The joy of a smaller inbox
One joy you will notice from doing this is your business email in-box will shrink dramatically. And you'll not be distracted by the noise of non-business messages.
Personal email browser
As for your personal email, you can keep it handy in a browser window, which you can flip to when you like. If using gmail for your personal email, I recommend using Google Chrome. If you're already using Chrome for your business email, then I suggest using Firefox for the personal account. A better practice is to not access personal email on a work computer; use a personal laptop, tablet, or phone.
Related article
You may also like to read my post about segregated web browsing, which dovetails with this article.
Those of you in business know about the best practice of keeping separate personal and business bank accounts and credit cards. Any accountant will tell you this is a no-no for several reasons.
It's best to follow this no-mix approach for email too. Limiting our business email accounts to business matters only, including creating spam and filter lists that black-list all non-business correspondence, will reduce the threats of malware and hacking.
Will-nilly email sending
Why? Because of the willy-nilly approach many users take to opening, sending, and forwarding potentially unsafe emails (I'm guilty too!), you increase your risk of mixing those types of missives in your in-box with important business email. Some malware and hacks that gain a foothold on your computer via email can wipe out data, take over the email account, and infect the email program or browser.
I'm not suggesting the business, professional, and governmental world does not bat around junk email and infected messages. But the variety and exposure is generally more limited. This is partly because many institutions have strict email use policies and stringent filtering of inbound and outbound email. This is largely not true for the personal email user.
How to un-mix the accounts
The easiest remedy to un-mix your email - if you don't already have a personal email address - is to create a free gmail account. Choose a non-identifying address, one that doesn't include your name or pointers to who you are. For example, you can refer to a hobby (passion) like fishing: live.to.fish808@gmail.com. (It's easy to add a gmail account to your phone or tablet after set up in a web browser on a computer.)
Once you create the new email, notify all friends and family to send email only there. Re-route any subscription or online shopping accounts to that address too, or create a new email for that type of thing.
Filter your business mail
Then in your business email account/program, set up a filter to block anyone not in your business contacts list.
The joy of a smaller inbox
One joy you will notice from doing this is your business email in-box will shrink dramatically. And you'll not be distracted by the noise of non-business messages.
Personal email browser
As for your personal email, you can keep it handy in a browser window, which you can flip to when you like. If using gmail for your personal email, I recommend using Google Chrome. If you're already using Chrome for your business email, then I suggest using Firefox for the personal account. A better practice is to not access personal email on a work computer; use a personal laptop, tablet, or phone.
Related article
You may also like to read my post about segregated web browsing, which dovetails with this article.
Thanks for reading.
Sam
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Monday, August 15, 2016
Disable Third-Party Cookies to Protect Against Threat
Disable Third-Party Cookies to Protect Against Threat
Hackers are trying by
every hook and crook to access our private information. A newly reported vulnerability
in https, the protocol that encrypts our web surfing, may now be exploited. I
have provided a link the news story at the bottom.
This is a very
technical, sophisticated exploit called HEIST. The best way to reduce your risk from this
attack is to disable third-party cookies
in your web browsers.
What
are cookies?
Here’s a nice
explanation from howtogeek.com:
“Most cookies exist for
the sake of persistence. When you visit a website such as Facebook or Twitter,
cookies let you stay logged until you log out again. This means that every time
you visit that site, you will still be logged in, which saves you the time and
effort of re-entering your password.
If you clear you
cookies, then you will be logged out (or rather, the browser will think you’re
logged out because it will have no memory of you every visiting the site in the
first place).
Third-party
cookies
Third-party cookies are
cookies placed on your device by a website other than the one you’re visiting.
For example, say you visit a website and their advertiser(s) set a cookie–this
allows that advertiser to track your visits to other websites. You probably
don’t want this to happen.
Cookies
off, errors possible
For example, you might
try to view streaming video on a website, but the video originates from another
source. In this case, you will likely see an error telling you that the video
cannot be viewed. Often, the error message will provide little clue as to what
the problem may be, but if you have third-party cookies disabled, that is most
likely the culprit.”
Howtogeek.com gives
clear instructions how to disable third-party cookies here:
News story on HEIST
exploit:
http://uproxx.com/life/https-heist-exploit/
http://uproxx.com/life/https-heist-exploit/
Thanks for reading.
Sam
Sam
---
If you haven't already, you can subscribe to our email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Wednesday, April 15, 2015
Reduce Hacker Risk - Use Mobile Devices for Online Work, PC for Offline Work
Reduce Hacker Risk - Use Mobile Devices Online, PC Offline
What's the issue?
Many of my clients are multi-device users. That is, they have a smartphone, a tablet, and a laptop or desktop, at least. They use them all for email, web surfing, and social networking. Often the laptop or desktop is primarily used for offline activities and larger programs such as bookkeeping, gaming, word processing, photo editing, and music library management.
I'm beginning to recommend to my clients that they can reduce the risk of computer hacks by not using Windows-based systems for the web or email. In other words limit email, social networking, and most web surfing to phones and tablets.
Why?
Because most hacking occurs via web browsers and emails, targeting Windows-based computers. These hacks occur when user land on certain websites, click weblinks in emails or on social networking sites, and open infected emails. If you don't do these activities on your Windows computer, you likely won't get hacked. (Macs are inherently more secure and so far not widely targeted.)
You still have to be careful about phishing exploits, which can trick you to reveal confidential information on any device. If you'd like to educate yourself on phishing, here's one site to check.
As a bonus, you should notice improved computer performance. Why? Because having browsers open (especially more than one, with several tabs in each) can slow down the system.
How to limit web and email use on your PC?
Start by limiting web use to recognized secure sites like your bank, amazon.com, and reading news at legitimate sites like cnn.com. While on your computer you can download updates to your photo-editing software, your bookkeeping program, etc. because the updates come directly from the software vendor. The same goes for updating banking data in your bookkeeping program, which links securely to your bank.
Here's a recommendation for company managers: If your organization depends on staff using the web and email for work, you can at least prohibit access of non-work-related websites. Here's a template your organization can adapt concerning acceptable use of its computers.
When should you do it?
Try this approach for a few days: Don't do any email or social networking on your computer. Ask yourself how it's working for you. Perhaps you can tweak my recommendation for your purposes.
I know what I'm proposing seems extreme, but trying it will at least bring more awareness to how you use the Internet and what risks you're taking.
Where can you find more info on this topic?
If you'd like to get more educated about the most common online threats, check out this article by Symantec.
Who can help?
You may want to hire an IT consultant--especially if you run a business--to learn how you can reduce your exposure to online hacking threats. It can be money well spent, as business data connected via your network to the Internet (most always the case) is at risk.
In Sum
Knowledge is power. Keep educating yourself on computer security, take appropriate action, and you will reduce threats to your confidential data.
Thanks for reading. You're feedback is appreciated!
Aloha, Sam
You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
What's the issue?
Many of my clients are multi-device users. That is, they have a smartphone, a tablet, and a laptop or desktop, at least. They use them all for email, web surfing, and social networking. Often the laptop or desktop is primarily used for offline activities and larger programs such as bookkeeping, gaming, word processing, photo editing, and music library management.
I'm beginning to recommend to my clients that they can reduce the risk of computer hacks by not using Windows-based systems for the web or email. In other words limit email, social networking, and most web surfing to phones and tablets.
Why?
Because most hacking occurs via web browsers and emails, targeting Windows-based computers. These hacks occur when user land on certain websites, click weblinks in emails or on social networking sites, and open infected emails. If you don't do these activities on your Windows computer, you likely won't get hacked. (Macs are inherently more secure and so far not widely targeted.)
You still have to be careful about phishing exploits, which can trick you to reveal confidential information on any device. If you'd like to educate yourself on phishing, here's one site to check.
As a bonus, you should notice improved computer performance. Why? Because having browsers open (especially more than one, with several tabs in each) can slow down the system.
Start by limiting web use to recognized secure sites like your bank, amazon.com, and reading news at legitimate sites like cnn.com. While on your computer you can download updates to your photo-editing software, your bookkeeping program, etc. because the updates come directly from the software vendor. The same goes for updating banking data in your bookkeeping program, which links securely to your bank.
Here's a recommendation for company managers: If your organization depends on staff using the web and email for work, you can at least prohibit access of non-work-related websites. Here's a template your organization can adapt concerning acceptable use of its computers.
When should you do it?
Try this approach for a few days: Don't do any email or social networking on your computer. Ask yourself how it's working for you. Perhaps you can tweak my recommendation for your purposes.
I know what I'm proposing seems extreme, but trying it will at least bring more awareness to how you use the Internet and what risks you're taking.
Where can you find more info on this topic?
If you'd like to get more educated about the most common online threats, check out this article by Symantec.
Who can help?
You may want to hire an IT consultant--especially if you run a business--to learn how you can reduce your exposure to online hacking threats. It can be money well spent, as business data connected via your network to the Internet (most always the case) is at risk.
In Sum
Knowledge is power. Keep educating yourself on computer security, take appropriate action, and you will reduce threats to your confidential data.
Thanks for reading. You're feedback is appreciated!
Aloha, Sam
You can subscribe to email tips by visiting www.kokuadigital.com and entering your name, email, and "add to email list" in the request form, then click Send.
Subscribe to:
Posts (Atom)