Start by writing down a list of all the devices in your house that connect to the Internet. The obvious ones are your laptop, tablet, television, Wi-Fi router, and printer. Other devices such as the thermostat, the refrigerator and lighting may also have IP addresses today. Once you have developed your list, change the default passwords on all those devices, especially the Wi-Fi router that connects your house to the Internet. As you go down the list, turn off Wi-Fi or other connectivity that’s not absolutely necessary.
Hackers like to take advantage of devices that have not been updated. Unpatched vulnerabilities are easy to take advantage of, so update your systems regularly. If possible, set your main devices to auto update. Also find out if your ISP does router updates automatically in the background or if you have to do them yourself. If your router is more than three years old, ask your ISP if you can replace it. The newer routers have better built-in security and given the threats and all the connected devices coming into the home should be replaced every year or two anyway.
Sure, endpoint protection from brands such as Norton or McAfee/Intel are signature-based and can only protect against known threats, but most people still need it. And any endpoint protection package you buy should also have web protection because let’s face it, the bad code typically comes from the Internet. And while personal firewall software can help, it’s not necessary for the average user. Personal firewalls tend to require a bit more expertise for the average person to manage the settings. If you decide you need one, ask a friend or relative for help.
Authentication may be a stretch for an average user, but they should really look at something stronger than a mere password. Remember that the 2016 Verizon Data Breach Investigations Report found that 63% of breaches result from compromised credentials in the form of weak, default or stolen passwords. There are a lot of simple, inexpensive and easy to use methods such as USB keys that can improve authentication.
Between social media and questionable Internet sites, kids can get into a lot of trouble. Develop guidelines for usage and make them aware of the downside of social media, especially teenagers looking for their first job or kids having trouble making friends at school. Teach them basics like not clicking on suspicious links or attachments. And, it’s also a good idea to avoid using the same device for sensitive tasks that the kids use for Internet activities and gaming. Taxes or online banking are best done on devices that the kids don’t access. Gaming sites especially are magnets for malware. We believe that Sophos Home is the ideal way to keep your kids safe online this year, and give you one less thing to worry about!
If you learn anything about online scams, understand that nobody credible will call you from Microsoft or any other leading computer company out of the blue to help you for free. Good security support can be pricey, but it’s well worth the cost of the alternative: being scammed or worse, having the computer taken over by ransomware.
While EMV chips are not perfect, they do improve security. For credit cards, be sure to change the default PIN. Most people use four-digit PIN numbers, but many retail security experts say people should use six-digit PINs. Also, if a POS terminal looks marked up or scratched, point it out to the clerks or the store manager, there could be skimming going on.
People who are more than 50 years old remember the days that computers regularly crashed, so they tend to use either online backup or some form of backup software. Even if you simply use a USB drive or back up your files on Google Drive or iCloud, that will come in handy if your system is ever hit by ransomware. It’s a real problem if your system is frozen and the bad guys want $500 or more and you have no backup to restore your files.
Whether it’s Facebook, LinkedIn, Twitter, Snapchat or Instagram, they all offer settings that let you block certain users or limit the universe of people who can see your information. For business sites like LinkedIn you may want to include a phone number or email address, but if you are concerned about privacy make it a practice to limit the personal information you share on social media sites. Also, think twice before you post travel plans or scenes from a vacation, it can tip off criminals that you’re not home.
This may take more time than the average person has for security, but here are some of the points the National Cyber Security Alliance recommends: