Have You Had Your Wake Up Call for Security: Are you protected?
My Hard-Won 6-Step Security Checklist
Tell me if you’ve experienced any of these security events:
You’ve noticed a spike in email from various people you do not know with a blank ‘re:’ from address domains you’ve never seen before.
People you know are sending strangely worded email to you – the messages sound uncharacteristically cheery or their English is odd.
You received an email from YOURSELF? What’s that all about?
Someone sends you an urgent email about a business transaction you’ve never engaged. Could be about a bank account that’s about to be closed, or a transaction that’s been denied.
Someone sends you an urgent message, a plea for help to transfer a large amount of money from some country you have to look up to figure out where it is.
In each of the above cases, the email contains a link to a website or a document. When you click it, either one of three things happen:
- If the link is to a website, when you click, you go to a page that looks legit but they’re asking for lots of personal information;
- You click it and go to a blank website or the link seems to do nothing; or
- You click the link and dozens, maybe hundreds of webpages open up in your browser.
How about this one: you received a phone call from the “Windows Administrator” or “Microsoft Cybercrime Help Desk” (or variations). The person on the phone claims that you’ve been hacked and they need access to your computer to help repair the damage on your computer.
If you have experienced any of these events – especially if you’ve clicked the link or let the “administrator” have access to your computer (e.g., you followed their phone instructions) – it is a near guarantee that your computer has been hacked. It is likely that all your accounts (passwords, account information) have been compromised. I recommend that you collect a list of all possible transactions or accounts you’ve accessed since the incident, use another computer and change all passwords immediately. You may have to take stronger measures where banks and credit cards are concerned (close accounts, request reissue). THEN take your old computer to a professional tech for total cleaning. Note – even then, you may never trust that old computer again.
Like other things that have hit us full force, clearly the Internet is not a peaceful and safe place. Innocuous email from a friend can be a prelude to disaster. Visiting a seemingly innocent site can tag your computer for future attacks. Much of the spam we receive is designed to entice and invade our computers. Moreover, if you have added DSL or cable for access, your potential for trouble is only multiplied.
I have been hacked. I have visited sites that I shouldn’t. I have opened email that in retrospect was stupid to open. I never let the “Microsoft Administrator” have access to my computer, but I did download infected software once. Since those times, I have instituted some Draconian limitations on friends and myself.
To friends who feel an urge to forward “interesting” email to me… I say “Please don’t.” I have gotten a bit persnickety over this issue – but they got over it.
Another big rule – ask me before you send me any attachments or I will delete the email. That’s a biggie. I don’t reply to the email about the attachment – I phone/text them. A few times, I found that they’ve been hacked and didn’t (intentionally) send the email.
I also limit my own activities.
That’s a biggie. I have long since stopped forwarding my own “interesting” emails. I never visit sites that come from spam – I have enough problems controlling cookies I get from sites I actually WANT to visit. I don’t download freeware – no matter how badly I want the software. If I really need to download software, I’ll go to the original vendor and pay for the full function version.
I have found that you can control most threats without buying one piece of software or service: one simply makes a decision to be proactive and a bit defensive, and most of the threats instantly evaporate.
The result is that I trust the net again. I control most threats without buying one piece of software or service. My discovery: one simply makes a decision to be proactive and most of the threats simply evaporate.
Here are a few other things you can do to improve security – six actions that I tell almost all of my friends and family who ask:
My 6-Step Security Checklist
- Get a firewall – particularly if you have DSL or cable. I’m not going to go into the details why – there’s just too many reasons. If this is the first time you’ve heard this warning, then I suggest two things: (1) turn off your computer and (2) read some literature on the subject before you turn it back on. If you get DSL (or ADSL) service from your phone or cable company, likely as not, the router you’re using has a firewall that will protect your entire network (and all connected devices). If you have any kind of other router (e.g., Netgear, Asus, TP-Link, et cetera), note that they come with firewalls as well. Find out how to use the basic functions. Note that Microsoft (for PC) has a very good firewall that is built into the operating system that will only protect the computer where it is installed. If you don’t have an active router firewall or if you take your laptop to Starbucks (or other place with free wifi), then use this firewall.
- Get serious about your anti-virus software. I suggest, as do most experienced computer users, antivirus services like AVG, McAfee, or Norton. If you have Microsoft Windows, Defender is built in and works pretty well at no additional cost. Once you get it and activate it, keep the virus table updated as often as the company offers updates – DAILY if possible. If you don’t do this, then don’t complain WHEN your computer is attacked.
- Check your DSL (digital subscriber line) settings. Go to DSL Reports and sign up for DSL TOOLS (the Speed Check is pretty cool). There you will find various self-explanatory tests and software tools that will help tweak your system for optimal online use and check to see if you are vulnerable to crackers and hackers.
- If you have wifi in your house, make darned sure that you have a good password for access. Don’t use the default password. And it is advisable that you change the default name of the network (the SSID). The default name may be something like “TP-LINK_2.4GHz”. Why change the password and SSID? Because hackers browse neighborhood wifi signals to see if there are any that are unprotected (i.e., no password, which is dumb, really). But the default password is just as bad – often “admin” or “password”. Also, when you leave the default SSID, it’s like alerting hackers that you’re new to the game and possibly vulnerable. Some security pros also suggest that you not use family names for your SSID (to protect your privacy). I have four Wifi hubs at my home, all named after characters from a favorite book.
- Optional extra step, you can reboot your DSL/ADSL at least once a week. Most DSL services assign IP addresses dynamically – and this IP address is specific to your computer. It’s fairly rare, but it has happened when hackers scan for computers that are vulnerable and have fairly reliable IP addresses (e.g., vulnerable computers that have been online for more than 48 hours). If you simply do not want to get a firewall, security experts recommend rebooting your access once every day to effectively eliminate your computer from any list of ‘reliable’ machines. Note that ADSL (asymmetric digital subscriber line) is different and fairly difficult to hack, which means your computer is safe until some codekiddie figures out how to hack it.
- Another optional extra step, you can turn off your computer – at least once in a while. I leave my machines on all night to save wear and tear on the hard drive from cold starts each day. However, unless you have an iron-clad firewall that can stop ANY hacker attack (btw, nobody has one), then you could lose what’s on your hard drive AND your pride.
It’s a nasty world out there – and it’s getting nastier. So be vigilant.
Updated: July 2013, April 2016