• “91% of cyber attacks start with an email.”¹
  • “Data from KnowBe4’s 2019 Security Threats and Trends global survey of 600 organizations indicates that “76% of organizations say the biggest and most persistent security threat comes from ‘the enemy from within.’” This describes careless end users who regularly endanger organizations by engaging with phishing emails, ransomware, malware, and other dangerous content.”²
  • “96% of survey respondents report email phishing scams as the top security risk”²
  • “Consumer PCs are twice as likely to get infected as business PCs, new research from Webroot has revealed.”³

The thing about malicious software and actors on the Internet, is that nobody is immune to either – not even the most highly protected systems in the world, and not even the techies employed to look after those systems.

Companies (should) have fairly robust IT systems in place to protect themselves from these threats, but as we have seen, even they are susceptible to attacks. Just take the case of the Wannacry Ransomware infection of the UK’s NHS computers in 2017, which brought much of the NHS to a standstill, having an estimated cost totalling £92 million.

The NotPetya attack on Maersk started on just one PC, spreading throughout their entire global network, bringing their business to a halt, and causing congestion at 76 ports around the world, with a total cost of between $200m to $300m.

If you think the malicious actors have no interest in little old you, you’d be wrong – you, the home user, are the biggest target for these malicious actors. As already mentioned, companies (should) have fairly robust defences in place to protect themselves, but the bane of any IT administrator is the end user – more than 90% of infections start with them.

Once these malicious actors have compromised you, the end user, and you’re accessing your personal accounts from behind your company’s defences, you’re the ticket the hackers need to get into your company’s systems.

It may all sound quite alarming, but there are some basic safety measures people can take to…

Protect yourself on the Internet

1. Use a VPN

You would think there would be some level of security sitting behind your Internet router, but you’d be sadly mistaken. Unless all the communications leaving and entering your home network are encrypted, there is a chance a malicious actor could intercept your data – be that banking details, or other personal information that could be used to impersonate you.

These are known as “man-in-the-middle” attacks. There are various ways (beyond the scope of this article) that these are carried out, and there is quite a simple fix – use a Virtual Private Network (VPN).

VPN’s have long been used by remote workers to access company resources over the Internet, and at their most basic level ensure sensitive information is not accessible to others on the Internet. VPN’s are no longer the preserve of the private sector with many VPN providers now serving the domestic sector, providing end-to-end encryption services and IP-masking to protect their users while roaming the big bad web.

Surfshark offers the most affordable option with their two-year contract. Their 30-day money-back guarantee gives you ample time to test their service while you decide if it meets your needs and lives up to your expectations.

Besides their “no-log” policy, they also provide ad-blocking, tracker-blocking, malware-protection, and blocking of phishing attempts. A handy feature of their VPN App is its “Kill Switch” which will completely disables your Internet access unless the VPN is enabled, ensuring you are never connected to the Internet in an insecure way. Going one step further down the rabbit hole enables you to block access to all devices on your network, eliminating any threat that IoT (Internet-of-Things) and other devices may pose to your system.

Under one subscription, you can protect your whole family, with Apps for all the devices on your network – including Linux, Windows, macOS, iOS, Android, and even your Firestick. Enjoy extra protection while you’re about and connecting to public WiFi with the App installed on your portable devices, be it phone, tablet, or laptop.

If you have a capable router, you can even set it up on there, with plenty of guides on their website to show you how to set up all your devices.

There are other ways of protecting youself without shelling out cash, so read further if cash is tight.

2. Use a DNS-filtering Service

If the costs of a VPN are prohibitive, a DNS-filtering service is the next best thing, and there are quite a few out there that do it for free, with the caveat being that you have to place your trust in the service provider that they won’t be harvesting your data.

DNS (Domain Name System) is the backbone of the Internet. When you type the name of a website you want to visit, a query is sent to a DNS server. DNS servers translate website names into IP addresses (a numeric address), so when it receives your query it will ping back the IP address of the website you are looking for, and then your communications with that website can begin.

A DNS-filtering service will do its best to ensure that you are always directed to the correct website, and that any known malicious websites never open on your device.

Cisco’s OpenDNS, and IBM’s Quad9 are two capable services, offering different levels of functionality.

If you’re looking for basic protection, without adult content blocking, Quad9 is probably the best option. If you have children, OpenDNS offers a basic service which is preconfigured to block adult content. If you want to be able to customise what gets filtered, you can sign up for a free account.

Instructions on setting up your router and/or devices are available at the links below, including a pictorial tutorial from How-To-Geek on changing your DNS server settings.

3. Protect your Accounts

a. Password Managers

I am sure remembering passwords is everyone’s pet peeve, but if you want to protect yourself it’s just a fact of modern day life?

While browsers allow you to save your usernames and passwords, is this secure? Not at all, unless you use Safari or the Master Password feature in Firefox.

There are many online services that offer password storage, but as with anything that lives online – they are susceptible to attack.

It might not be convenient, but I use Keepass (protected with a relatively strong password), a free application that maintains a database of all your passwords. It does basic functions like auto-complete when you tell it to, and can be extended by way of many 3rd-party plugins for added functionality.

It has a portable mode, too, so you can take it with you wherever you go.

The shortest password recommended by security experts is 10 characters, made up of numbers, letters (both cases), and special characters.

b. Email Compromise Checkers

Check if any of your email addresses have been compromised in any known data breaches and change your login details immediately if they have.

“‘;–have i been pwned?” keeps a comprehensive list of known breaches, but checking the integrity of your website logins can be quite cumbersome, which is why I would recommend signing up all your email addresses to Firefox Monitor. Once you have added your accounts, you will get an email whenever you email address shows up in a new breach, allowing you to be proactive, rather than reactive.

c. Two-factor Authentication

While it is not strictly necessary to use this on every website you have logins for, it is advisable wherever you have entered any personal information, such as addresses and banking details.

Two-factor authentication can be done by way of SMS, email, or using an App on your Android or iPhone. This adds an extra layer of security if your password is ever compromised.

Both Google and Microsoft provide authenticator applications.

4. Use a good Antivirus, and Keep it up to date.

Windows Defender has evolved into a highly capable antivirus and will do a good job of protecting your PC, but there are other antiviruses that offer a lot more functionality.

I’ve been using Malwarebytes for years, and have to say it is one of the most efficient at picking up any nasty malware that might infect your PC, even blocking websites that try to load malicious scripts as it happens.

A client of mine commented that she uses Malwarebytes because the first thing she notices the techies do whenever there is a possible malware infection on her company network, is to install Malwarebytes and run a full scan. Truth be told, that’s exactly what I do whenever I suspect some pesky malware may have slipped past the defences of other antivirus progams.

5. Keep your Operating Systems up to date.

This should go without saying, but having the latest updated software for your operating system offers an added level of protection because many vulnerabilities are fixed in new patch releases. If your operating system is no longer supported by the manufacturer, whether it’s on a phone or a PC, it is probably time to think of updating your operating system, or getting a new device.

6. Use a Safe Web Browser.


If you are using Internet Explorer, you shouldn’t be – even Microsoft itself has told people to stop using it because it has known vulnerabilities that can be exploited to take over your whole system. Mashable has the story here if you’re interested in all the technicalities.

Of the most popular alternatives, Chrome and Firefox, I prefer Firefox because of its focus on your privacy, which includes a master password for your browser passwords (remember the password manager), and tracking blockers. Additionally, Firefox syncs between devices, and provides features like Firefox Monitor to alert you if your email address has shown up in any known data breaches.

Mozilla make the case for using their Firefox browser here.

7. Backup, Backup, Backup!

Despite all the best efforts, and all the best intentions, there comes a point when disaster strikes everyone who has ever used a PC, from a failed hard disk drive, to a Trojan that infected their whole PC.

Get into the habit of backing up all your important files onto an external drive, preferably two, that is not connected to your PC permanently.

Never trust a single backup drive – always have a copy: I can’t tell you how many hours I have spent scraping data off damaged hard disks, and it’s an expensive, time-consuming affair.

8. Employ some basic security practises with your browsing and email usage.

Look for the lock

There’s a little lock that shows up in the address bar on your browser, normally to the left of the URL for the page you’re on. That tells you the website you’re on is using SSL, and that any communications between you and it will be encrypted. If you see an open lock symbol, there is no encryption. Only enter sensitive information when you know that the connection is encrypted.

Likewise, when setting up email accounts, always ensure that you set up any email accounts using SSL. Though you won’t see any lock in your email client, you know that the message between your mail server and your email client is encrypted if you have set it up using SSL.

 

Don’t do it, Just Don’t!

Don’t download attachments from people you don’t know no matter how interesting they may look, and don’t follow any of their links. If you get an email from your bank, or any of your service providers, asking you to verify your details, rather just login directly with your browser without following the link in the suspicious email.

If you see something that looks intriguing, and you absolutely must have a look at the website – copy the domain name, type that in your browser, and see what comes up. You can usually do a search for whatever it was you were looking for.

9. Use a Decent Router

If you are using a router supplied by your ISP when you signed up with them, maybe don’t? If you haven’t heard of the ruckus concerning Huawei then you’ve been living under a rock, but the gist of it is that the US has accused the Chinese government of forcing Huawei to install backdoors into their equipment for surveillance purposes.

TalkTalk in the UK uses routers made by Huawei, as I am sure do many other ISP’s due to the inexpensive cost of their equipment. If you’re willing to ignore the US’s advice, and carry on using what could potentially be compromised network equipment, be my guest.

I’d buy a decent router with firewall features, and preferably VPN support. You’ll also be grateful for the faster speed of your network because these routers generally tend to be faster all round.

10. Control Folder Access (Windows)

group policy editor

 

Windows 10 has a “Controlled Folder Access” feature which prevents programs from running inside folders you specify. It’s generally advisable to enable this for backup drives, documents, personal folders, and particularly your downloads folder.

Using Group Policy Editor (type gpedit.msc) you can add the wildcard directories as I have shown in the image above.

Google best practises for folder access and you will find a lot more recommendations than the limited amount I have given here.

If any programs do try to run in these folders, you will get a security warning, and if you trust the program making the changes you can add an exeception for that program in Windows Security – the warning will appear in your notification bar: just click it and open the most recent warning, then click “Allow on Device”.

11. Remember every single device on your network is a point of weakness.

In a world where everything is starting to connect to the Internet, from smart fridges, to TV’s, and even intelligent central heating systems, any one of those devices could be a point of access into your entire network.

Ensure all your devices have the most up-to-date software, and that you’re not treating them any less securely than you would your own personal pc or smartphone.

You could go the extra mile and install a dedicated firewall device for your network, which would be ideal, but all the firewall hardening in the world will mean nothing if you have been compromised in any of the other ways I mentioned previously.

 

Disclaimer

If you follow any links and make any purchase we sometimes, but not always, make a commision.