System Security Spotlight

System Security Spotlight, because too many people are still just blindly clicking links and fake download buttons.

The internet is a dangerous place, there are plenty of people and groups out there that want to steal your information, plant trackers on your computer or just simply cause havoc for a laugh. 
This doesn't mean you should unplug your router and chuck it in the nearest skip and return to pre-internet times, there are a few simple things you can do to keep yourself, your data and your computer safe whilst online.

Make sure your computer is up to date. Windows update is automatic for most systems, it downloads the latest security patches from Microsoft and installs them automatically at set intervals. Usually during start-up or shut-down. When it says “Do not turn off your computer” that’s it installing updates (and seriously, don’t turn off your computer, you could break your Windows install near irreparably depending on what the updates do).
On a Mac (OS X) updates are now installed through the App Store, it will notify you when updates are to be installed for your apps and for the system, it’s recommended that you install them when they become available.
Linux users, I assume you know how to run updates yourself, but always keep an eye on your distributions update or package manager, it will let you know when there are updates to be installed.

Make sure your anti-virus software is up to date and running. (sidenote, using Norton, AVG or McAfee is usually worse than no anti-virus at all. They slow your machine down and provide a false sense of security) I recommend Avast Free, it’s a powerful and comprehensive suite of tools that has been free for a long time. It performs well in all tests and causes minimal impact to system performance whilst keeping you safe. Links at the end of the post. Avast is also available for Mac OS X and Linux.

Use a modern browser like Firefox or Chrome. The old saying goes “friends, don’t let friends use Internet Explorer” and even on the modern web, that is true. Whilst it is nowhere near as bad as it used to be in terms of performance and security issues, it’s still best that you install a 3rd party browser. Firefox and Chrome are both available for Windows, Mac and Linux.

Install an ad blocker. A lot of places and sites rely on ad-revenue to continue to exist, however a lot of sites that you may encounter on your travels across the web don’t host ads that have been properly “vetted” and as a result are at best, misleading (fake download buttons), and at worst dangerous (“drive-by downloads” using code exploits) infecting your machine without you even needing to click the ad. I recommend uBlock Origin, available for both Firefox and Chrome.

Use common sense. If it looks too good to be true, it probably is. That woman didn't “lose a stone in five minutes with one simple trick”, and the stock brokers don’t “hate a couple from [your location] because they learned to cheat the stock market”. It’s a lie, to get clicks, to steal your personal information or to infect your computer with a virus of some kind.

All this talk about the web, and we’re forgetting emails. Emails are a very popular attack vector in the modern age, and whilst most modern spam filters catch the bad ones, some do slip through. Particularly if a friend of yours has been infected with something.
If you receive a file or a link from a friend via email, Facebook messenger, Skype, etc and you are not expecting it, DO NOT CLICK ON IT. Attempt to contact them via alternate means to verify if they did, in fact, send you that file/link. If they did not, advise them to change their passwords, and run a virus scan. If a friend of yours advises you that your account is sending out strange links, follow the same advice. Change your password and run a virus scan on all machines that you’ve used recently.
Additionally, a popular scam just now is the “WhatsApp voicemail” email. WhatsApp does not offer a voicemail service, those emails are not real. 
PayPal will always refer to you by name, and so will your bank. 
If an email appears suspect in any way, contact the company it supposedly came from to verify it’s validity and don’t click any links or download any attachments.

Passwords, the keys to the digital world, and your personal data. It’s advised that you don’t use the same password everywhere, and that is for very good reason. If a password database gets leaked or compromised, the first thing the hackers do is try your email address and discovered password on every major social media platform, it’s practically automated. If you used the same password in multiple locations you’ll end up with multiple compromised accounts.
Password management, complexity and other factors can get long and complicated, I will cover passwords and security more in another post later. Basic best practice would be to use a series of easily remembered English words with spaces in between and possibly a “1!” somewhere to meet “complexity requirements” of most sites. 

Last, but by no means least, HTTPS “Hyper Text Transport Protocol over Secure Socket Layer”. A complex series of words that effectively means “This website is secure, and by extension, real”. In Chrome the little green padlock on the address bar tells you that a site is secure and is verified, you can click it for more information, Firefox has a similar system.
If you are ever on a site that you normally believe to be secure and that padlock isn’t there or has a warning on it, or your browser presents you with a scary looking error, STOP, go back and check that you followed a legitimate link.
If you are ever doing online banking, or any other sensitive transactions online, do not proceed unless the site is secure. If it’s not, it’s either a con or your card details could be intercepted during communication.

So that’s your crash course in security I will cover each of these sections in more detail in the future. If you have any questions or concerns about your own IT security, feel free to contact me here or on Facebook and I will do my best to assist you.