because everyone loves “Free Advice”
8 EASY TO IMPLEMENT ideas to help protect against malware, ransomware, hackers, and other cyber threats
DISCLAIMER: I (the writer) am not just making suggestions and “Poof! The capital of Australia” outta here. Eventually there will be detailed blog posts related to each one of the following suggestions. If you would like to ask further details about any of these items feel free to use the contact form on our website.
Thank you for visiting the very first post on the official intelliGENTS blog. Here is the quick list of the 8 suggestions in no particular order of importance or hierarchy.
- Passwords and using Complex Passwords
- Separate Admin and User Privilege Accounts
- Virtual Private Network, VPN
- Two Factor Authentication, 2FA
- Turn on Bit Locker Drive Encryption
- Stop using Mapped Drives (at work)
- Educate yourself on Phishing
- Stop sharing passwords
The following is a high level overview of the suggestions, if you have specific questions about any of these ideas, post questions in the comments section and our team will try to provide feedback.
USE A PASSWORD
It might seem obvious. 15-20% of people still aren’t using a password to either a) log in to their computer, or b) unlock their phone. Do they also leave their vehicles unlocked with a key in the ignition?
- Strong Password protection gives Peace of Mind in the event a device is lost or stolen.
- A Password mitigates against the threat of someone acquiring (stealing?) your laptop/computer/phone, simply turning it on, and having access to EVERYTHING you normally have access to without inputting one password. Think about that.
Use a more COMPLEX PASSWORD
If your password Does NOT employ at least 4 of the 5 annoying password requirements (upper case, lowercase, number, symbol, 8+ Characters), then update your password so that it does.
- Again, Peace of Mind if equipment is ever lost or stolen
- Mitigates against all Cyber threats to some degree.
- Effectiveness of Mitigation directly proportional to complexity of password.
Separate Administrator and User accounts.
Does that screen look familiar? It helps, but still too easy to click yes. It seems like a LOT of hassle always entering another password to run as admin right? Lets all stop being silly and separate the Administrator account from the User account on our computers. Yes, even YOU, home user. Windows 10 makes it easy to run processes as “administrator”. Having to input credentials will make you “think” before you press OKAY after that link, running that program install, or opening that file.
- If you have kids, or careless/unsuspecting people that use your computer, this can be especially effective.
- Mitigates against threats that infiltrate your computer and attempt to self-install and run on your system like malware programs, spybots and auto-run files on USB sticks.
- Mitigates against users overloading computers with programs in Overflow area (ie Junk area) as pictured below.
Use a VPN (Virtual Private Network)
You don’t ALWAYS need to use a VPN, but if you are in a public WiFi like a coffee shop or hotel, you should consider using a VPN or just stick to your Cellular Data. VPN is your own private tunnel you are browsing the internet with. A VPN will slow down your internet speed, because it takes a lot of extra data to create this “virtual tunnel” around your internet activity.
- Your network activity & packets can still be intercepted, but the VPN encrypts them in a manner that the data is completely unreadable to anyone not using the VPN .
- There are many commercially available VPNs at low monthly costs (ex: NordVPN).
- Some consumer grade routers include functionality to host your own VPN. To do this you might just have to get your hands dirty, maybe RTFM about your router, do some google searching, that kind of thing. (blog post?)
- Ask at your workplace about providing a VPN service you can use for private browsing while outside the office. Employers – with enterprise grade firewall equipment there is no reason not to provide this service for your employees.
**Note – Public WiFi not only apply to WiFi networks, open wired network connections at trade shows and hotels are perhaps even more vulnerable.
- Mitigates against threat of network activity being intercepted, monitored, “sniffed”, or analyzed by others using the WiFi or supplying the WiFi.
Use Two Factor Authentication, 2FA
Two factor authentication adds an extra layer of security to all your accounts, knowing the username/password is not even enough to access the device. There are both hard and soft two factor authentication methods out there. The USB key pictured above is an example of a hard control. An app like Google Authenticator associates a random number sequence that changes every 30 seconds (aka One Time Password, OTP) with your account.
- Mitigates against brute force attacks on your login
- Mitigates against damage from leaked username/password lists available on the “dark web”
Use BitLocker Drive Encryption
I’m a windows guy. I’m sure there is a way to do this with Mac as well, but I haven’t done it. I’ll eventually write a detailed post about Drive Encryption, but for now any semi modern PC should have a TPM built in so you can use BitLocker.
Here is how to turn it on:
- Find THIS PC on your computer, click it
- Right click your C: drive, choose TURN ON BITLOCKER
- Follow on screen instructions
- DO NOT LOSE YOUR DECRYPTION KEY GENERATED AT THE END
That’s it. Now your C: drive will be encrypted.
- Mitigates against threat of hard drive ending up in wrong hands and being mined for information
- In combination with a Complex Password, basically makes any information on stolen device inaccessible.
Stop using Network Mapped Drives!
Mapped drives at work? (ie: X: Drive, Z: Drive, K: Drive) . Use UNC path shortcut icons instead.
- easy to setup (post coming soon) train staff
- Provides much higher level of security than a mapped network drive like X:\.
- Definitely not a bullet proof solution, however
- Users will hardly notice a difference, and for a threat targeting your file systems it can make all the difference.
- Mitigates against threats that might scan your file system looking for other connected drives and files to infect.
- Prevents ransomware type attacks from reaching server share files through a local client computer that normally accesses those files through a mapped drive.
- Prevents command line browsing of network files
Understand Phishing and Spear Phishing Emails.
Phishing, generally speaking, is when a hacker impersonates someone or something, ie: email from your colleague, email from server (pictured above), or text from a bank, in order to get you to click a link or download a file. Phishing attempts have become very sophisticated.
If you are questioning an email you received, a good practice is either asking your IT department or reaching out directly to the person or company who sent it to you, “Hey Lisa, did you send a document to my email this morning?”, to check its legitimacy. Don’t reply to the email, call or ask in person. If it is an email from a company, like a tracking number, go to the supposed vendors website (ex: fedex.ca) and paste the tracking number there. Don’t click any links embedded in emails you aren’t 100% certain about.
- Ask IT department about sending semi regular mock phishing attempts to staff to ensure everyone understands phishing emails.
- The Human Factor is the best (and worse) mitigation against Cyber Threats. Keep yourself and your peers aware and educated on latest trends in cyber threats
- Discuss any incidents, no matter how small, with others, you might start to find patterns that should be investigated.
One last note on Phishing. If someone receives a Phishing email in your organization, impersonating anyone else (or themselves) in the organization, this type of activity should be addressed immediately:
- Don’t delete the email right away. It may contain valuable forensic information.
- Report the email/text to IT and Management ASAP
- Origination of email and how it passed through spam filters needs to be understood and explained
- Internal Phishing attempts should be dealt with in a manner that they do not reoccur.
Stop Sharing Passwords
Stop sharing passwords with co-workers/family and don’t share passwords between computers. Its best if you and other people in your life use different passwords that are more or less unknown to each other. Its keeps everyone secure and gives me warm fuzzies.
Environments with a “Store Front”, such as salons, hotels, boutique stores, may require a single computer accessed regularly by different users. If this is the case then try NOT to give every computer (even if there’s only 2 of them) the same password, like “hair111”. maybe do “hair111”, “hair222”, “hair333”.
- Mitigates against threats due to information being leaked or falling into the wrong hands such as a password being cracked/known.
Thank you for reading through some or all of these easy to implement ideas. Let us know in the comments what you thought about this post and what you would like the next post to be about.