Following on from our last post about Sextortion and Security Camera Spies, I have adapted the business standard Cyber Essentials to be used by the individual, presenting Five Pillars to Cyber Security. Please note: the following advice is aimed for the home-setup (for individuals rather than businesses).
Pillar 1: Secure your Boundaries
We don’t want to sound like a Brexiteer or Donald Trump here, however it is important to secure your own boundaries. The way to do this is by using firewalls, built into our routers. To secure the boundary you must change the default password to your account, change the router name and change your password. Some will argue It’s not necessary if the routers have individual passwords, not default ones, that they don’t need changed. Someone knows them, that can be leaked so lets get in the habit of changing vendor supplied passwords. Passwords can make you vulnerable if they are found out by someone else. You should always therefore, when available add an extra layer of security called 2 Factor Authentication. All this does when set up is send you a text (or you can use an app.) to give you an extra access code when you set up a new machine.
ACTION: Change your Passwords and use 2 Factor Authentication
Pillar 2: Secure Your System
The next step is setting your system up so it’s secure. It doesn’t matter if it’s a desktop, laptop, baby monitor or a fridge they are all as vulnerable as each other. When you purchase a computer it arrives in administrator mode, when you have set everything up add a user account and use that account as everyday access to the internet. Use your administrator account only when you wish to download applications. This will stop you downloading malware inadvertently.
ACTION; Change the default password to the account, Change the device name, Change your user password and when using computers change your admin accounts to User accounts.
Pillar 3: Define Access
Next on the agenda is to define who should have access to your devices. If more than 1 person in your family needs access, set them up with another user account. It’s really good to get into the habit of having separate accounts and not sharing accounts. It’s the first thing that a bank would ask if you have a breach!
In two years time we’ll not be talking about using keys to access houses, front doors will be accessed using apps, these are already widely available already but you’ll need to know who accessed your property and when. Think about the ageing population, carers will let themselves into property using apps, currently they have access using key safes drilled to walls of vulnerable peoples homes! This doesn’t sound very safe to me.
ACTION: Do not share user names and passwords.
Now this is the point where you all turn off because I’m going to talk about remembering passwords. How can I remember all of these passwords I hear you say? Until technology comes up with a better solution you should use a PASSWORD MANAGER, I could go on forever explaining how they work but to be honest you would never ask a locksmith how a lock works but needless to say they are now recommended for use by the National Cyber Security Centre.
Password Managers can be as simple as storing your passwords on one device, like your smart phone and using it when you need a password. This is usually a free service, by paying a small fee it will integrate with all your devices and will automatically fulfill data on websites etc. Use 1 strong password to access the manager and let the manager do the rest.
ACTION: Set up and use a Password Manager
Pillar 4: Malware Protection
A well set up free application is better than a badly set up paid for application, so spend a little bit of time setting up your anti-virus protection. IoT devices rarely include enough ‘space’ for AV to be installed but your computer, be it Windows or Mac, must have antivirus or another system (whitelisting or sandboxing) installed.
Android mobile devices need protecting with anti virus protection too, although iPhones don’t as they can only access ‘approved’ apps from the app store.
ACTION: Install Anti-Malware protection on your devices including Android phones
Pillar 5: Software Updates
For a home systems set up auto updates, not just for your windows applications, check your browsers and adobe applications as well. There are some apps on the Market, I use NANITE, this checks all my devices and updates the software when it gets released. This service costs me $1 per month per device.
ACTION: Set updates to Auto for all applications
PS – Recently WhatsApp Gold started to do the rounds again, this spoofs users to ‘upgrade’ to a better service from WhatsApp. It actually downloads some pretty nasty malware onto your phone. The big message here is to always use your app store to download apps, never download from a message itself.
My goal for 2019 is to better inform my contacts on what’s effecting business be it though cyber or information security, supply chain procurement, health and safety or any other business risk. If you’d like to receive this information via email please complete my form