National Cyber Security Awareness Month: Data on PCs and Mobile Devices
We’re almost done with October, now three quarters of the way through National Cyber Security Awareness Month. As such, this is my fourth of five installments addressing basic concepts in cybersecurity; keeping personal and financial data safe and accessible on personal computers and mobile devices.
What does it take to keep personal files safe on a home computer? Are accounts on a cell phone reasonably safe from theft? Where would someone have to stand to steal the wi-fi signal? Why would I want to store files in a cloud? These questions don’t seem farfetched in 2018. I myself have five different cloud accounts, across three different providers. When it comes to the best way to keep files safe from prying eyes, here are six approaches.
My first suggestion is to get to know the websites you visit regularly. A great deal of stolen information happens in the form of users unwittingly entering their login information on forged, fraudulent, or otherwise unrelated websites that are run by cybercriminals.ᶦ Know the telltale signs of a forged website; low quality graphics, poor grammar, obvious misspellings, unsecured connections, and an address in the browser that doesn’t match the known address of the website.ᶦᶦ A prime example would be if the address bar at the top says faaaaacebook.com, with four extra ‘a’s, don’t enter your facebook.com username and password.ᶦᶦᶦ Cybercriminals know humans make typographical errors and take advantage of that fact to steal identities.
Even without logging into a website, my second suggestion is to never download programs from unknown websites.ᶦᵛ If the computer is an HP, then make sure to visit HP’s website to download support software for it.ᵛ If Google Chrome is the browser of choice, make sure to download it from Google’s website and not a third-party.ᵛᶦ Always look at the address bar of the browser before clicking download or submit. If the address doesn’t read like the expected company, just like my faaaaacebook.com example, don’t download the file or interact with the page at all. As with strange websites, never download or open applications sent via e-mail either, especially if the e-mail isn’t part of an existing back and forth exchange.ᵛᶦᶦ
When considering whether or not to download an application, game, or other piece of software, remember there’s no such thing as free.ᵛᶦᶦᶦ Applications may want an e-mail address, or for an account to be created on their website. Games will offer to login via social media accounts, or to link the account to G-mail.ix Users need to strike a balance between what information is being given up versus the utility of the application. Is it worth giving out personal information to play with Pokémon? Realize that whenever using a social media login on a third party’s website, that third party may gain access to private profile information.
In a day and age of smart-homes and smart-devices, the outdoor footprint of home wireless networks is getting bigger and stronger. To get maximum signal in every room, families can use two, three, or more mesh routers to form robust wi-fi networks.x Increasingly, home wi-fi products can only be managed online or via proprietary cell phone applications. Google Wi-Fi,ˣᶦ which I use at home, delivers fantastic throughput and high-quality video streaming when coupled with fiber-to-the-home.ˣᶦᶦ My third tip, when it comes to the setup, pick a wireless network name that has nothing to do with family names, addresses, or passwords. Chose a password that is memorable, yet more than 24 characters. Be sure to include a mix of upper case, lower case, and numbers.ˣᶦᶦᶦ All of this helps ensure that the car out front, or the neighbors downstairs, can’t get access to the family wi-fi.
A fourth tip, almost all home wi-fi routers have parental controls, use them.xiv Use then on the television,xv use them on cell phones,ˣᵛᶦ and if the phone or computer didn’t come with software on it, consider purchasing parental control software. Set strong passwords, I can’t stress this enough, use long complex passwords even on frequently accessed accounts, but especially on parental control software and accounts.ˣᵛᶦᶦ Children will eventually get smarter than their parents and online safety could come down to a well-conceived parental password versus losing access to files or the computer itself.
When is a password more than a password? When the password is someone’s finger print or someone’s face. Newer computers and mobile devices are coming out with fingerprint readers and facial recognition technology for ease of use in security applications. This means not having to remember passwords for every application on the phone, but still having to keep track of passwords in case the fingerprint reader or facial recognition isn’t available.ˣᵛᶦᶦᶦ Similarly, banks are allowing customers to access their accounts through their phones, without using debit cards.ˣᶦˣ There are a number of ways to secure phones, but my fifth tip is simply to have a secure lock on the phone. Secure might mean a six- digit PIN, a fingerprint, facial recognition, or an eight-character password; but it has to be SOMETHING to be secure.ˣˣ
My next tip is a strong number six; pick and pay-for a home antivirus, antispam, antimalware suite.ˣˣᶦ There are a number of reputable companies out there, but none of them will protect consumers from themselves. Setting up parental controls and antivirus software will do nothing if they aren’t monitored and updated periodically by the parents. End-users all need to follow basic concepts to keep themselves safe, and not just during National Cyber Security Awareness Month.
My final piece of advice is to find a cloud and pay for it. Google has their cloud-based file and backup service called Google Backup and Sync. ˣˣᶦᶦ Microsoft has their cloud-based file service called OneDrive.ˣˣᶦᶦᶦ Apple has their iCloud services,ˣˣᶦᵛ and Dropbox does a fantastic job with their offerings as well. ˣˣᵛ Just about everyone’s cloud marries well with photo and word processing applications too. I mentioned I have five accounts across three providers, and the reality is that three of the five accounts are paid for by someone else; one by my job, two by SUNY Polytechnic, and the other two are free. I have the luxury of sorting files into the folders they specifically relate to, but across my work, university, and personal folders, I don’t have to directly pay for any of them. My situation is both ideal, and uncommon. Find a service that works, stick with it, and pay for more space before it becomes necessary. Don’t forget to pick a long complex password for the account when it’s finally setup!
ᶦ i https://www.safecomputing.umich.edu/security-alerts/beware-increased-phishing-and-fake-login-sites