DIY security that works

It can be pretty scary out “there”.

The digital revolution has changed the way we live, the way we do business, and the way we communicate. But it seems like every other day we hear about some new security flaw, or virus, or hack, or ransomware.

What’s worse, we often don’t even understand what everyone is talking about…but it sounds bad.

A cursory glance might make it seem like cyberspace is a dangerous place – the kind of neighbourhood where you shouldn’t save your family photos, or host your business platform, or do your banking.

Let’s just cut through all that noise: it’s not, and you should.

The Real Deal on Web Security

Threats exist. Absolutely. And when there is an issue, it’s big news. But when you stop to consider the billions of people using the internet for virtually every facet of their lives, the number of security breaches and failures is actually quite reasonable.

There’s a certain degree of risk in everything we do, but advances in technology and protocol have made the digital way one of the safest ways to store, access, and do virtually anything.

It just requires a bit of planning. It’s infinitely better to be proactive, rather than reactive, when it comes to your online security and privacy.

To that end, consider this your “getting started” guide to do-it-yourself security that works. No fancy skills or major investments required. Protect yourself, your privacy, and your data.

Ready? Let’s lock your digital door.

Cyber Security Risks

It’s a double-edged sword. Because of its popularity and pervasiveness, the internet is a very convenient and easy access point for individuals looking to steal from us.

And that goes beyond “just” dollars and cents. Sure, they’d love to gain control of your online finances, but hackers and cybercriminals target information, data, photos, documents, videos, and personal details just as much as they do cold hard cash.

Take identity theft, for example. With a few key details about you, criminals can then impersonate and take out a loan or apply for a credit card in your name, or gain access to your bank accounts and investments. Identity thieves made off with $16 billion – yes, billion – and affected 15.4 million people in 2016.

All told, cyber crime is expected to cost businesses about $6 trillion annually through at least 2021.

It is a problem? Yes. Should you be scared? No. “Scared” is the wrong word. You should be aware. You should be cautious, mindful, and meticulous when it comes to your digital life.

The harsh reality is that as long as the internet exists, so will cybercrime. DDoS attacks, ransomware, malware, security breaches, phishing, viruses, IoT attacks… the list goes on.

As an individual or small business owner, you need to be extra vigilant. 43% of cybercrime targeted small businesses in 2016, and individuals are easier targets than multinational enterprises.

Why? Because big corporations spend millions on cybersecurity every year, using the best minds, tools, and services they can afford to protect themselves. The small standalone store down the street or a soccer mom? Not so much.

But you can protect yourself. And you should start this very second if you haven’t already.

Stay up to date on Microsoft 365 Business and more



DIY Security Solutions

Let’s start with three quick fixes that can have a big impact. Do one, two, or all three, and you’re instantly more secure.

Quick Fix #1 – Automatic Updates

First up, double-check to ensure you have automatic updates turned on for your computer OS and mobile device. When a problem is first identified, Apple, Microsoft, Google, and others work fast to create a security fix, and that’s released as an update.

Without automatic updates, you’ll be exposed longer than you need to be. It might be hours or days before you personally hear about the issue and/or notice an update awaiting your approval. Don’t become a victim because you waited too long.
your
Set your preferences for Mac, Windows, Android, and iOS. Do it now. It takes less than a minute, but then you’re covered for any eventuality.

If you use a comprehensive service like Microsoft Business 365, automatic updates are turned on by default for your security. You’re good-to-go and up-to-date from the moment you log in.

Quick Fix #2 – Cover Your Webcam

This is another quick win. Cover your webcam with a sticky note, a piece of opaque tape, or hop on Amazon and search for “webcam covers”.

Mark Zuckerberg, Edward Snowden, and former U.S. FBI Director James Comey are among the millions using this simple trick to protect their privacy. Is it paranoia to believe someone will hack into your laptop? Perhaps, although you’d be surprised how often this type of attack happens in the real world. As with all security protocols, better safe than sorry.

I put a piece of tape over the camera because I saw somebody smarter than I am had a piece of tape over their camera.” ~James Comey

It’s not just the risk of being seen and recorded in a compromising situation, either. Someone with control of your webcam might be able to steal account numbers, access codes, and more from documents on your desk.

There are a lot of good reasons to do it, and zero to not.

Quick Fix #3 – Harness the Strength of HTTPS

Look at the address bar on any browser, and you’ll see that web addresses start with HTTP, which stands for HyperText Transfer Protocol. Go to your online banking site or checkout page on an ecommerce platform like Amazon, and you’ll (hopefully) see it starts with HTTPS. The extra ‘S’ stands for secure.

With a regular HTTP connection, your browser connects to a web server and data is sent between the two in clear text. An interloper can intercept and see the data being sent back and forth.

An HTTPS connection, however, is encrypted and secure. A web server redirects to HTTPS when needed, such as the point during checkout when you have to provide payment details.

More and more websites are making the jump to all HTTPS all the time, but you can guarantee you always get the HTTPS connection if it exists with a simple browser extension. HTTPS Everywhere works for Chrome, Firefox, and Opera.

Taking Security Further

Once you’ve implemented the three quick fixes above, take the following steps for even stronger security.

Use a Firewall

You’ve got a firewall on your computer whether you know it or not. Both Windows and Mac come with one pre-installed. All you have to do is turn is activate it. Head to the Control Panel or System Preferences – depending on your OS – make sure it’s on, and set a few exceptions.

A firewall basically prevents outside access to your system while allowing outward communication to take place. Your browser, for example, can access the internet, but someone or something trying to take control of your webcam will – in theory – be blocked.

You can install something a little more customisable if you’re an advanced user – Comodo, Avast, Bitdefender, and Intego are highly recommended, but there are many good ones out there for personal and business use.

Just use one.

Use an Anti-Virus

We used to believe an anti-virus program would keep us safe from all the scary stuff on the net. It won’t, but it will help defend against viruses, trojans, worms, and more.

Find one that fits your OS, needs, and budget, and get it working to keep the bad guys out of your system. Full-stop.

For those using a PC, you don’t need to look any further than the latest iteration of Windows Defender. Built-in to Windows 10, it offers Advanced Threat Protection (ATP), preventative protection, detects attacks and zero-day exploits, and gives you a centralized management dashboard. Most importantly, it includes EDR to quickly notice abnormalities, behavior monitoring to alert you of suspicious behavior, and cloud-powered protection from its up-to-date database of known threats.

Disable Tracking

Your online activities are being tracked. When you visit a website, many will leave a cookie – a tiny bit of text-only data – on your browser. When you return to that site, the cookie helps it identify you and remember what pages you visited and other session information.

A tracking cookie or pixel goes a little further. It’s used by advertisers and marketers to collect information about your computer and online browsing. The tracking cookie helps them deliver relevant ads and suggestions for you.

Ever noticed that an ad for something you were looking at earlier shows up later that day on your Facebook feed? You’ve been tracked.

You’re tracked on virtually every website, and usually by multiple means and companies. If nothing else, it’s most definitely an invasion of your online privacy.

To disable or at least slow it down, you’ve got a few options:

  • You could browse in InPrivate Mode on Edge, or the similar settings on other browsers.
  • You can use a search engine like DuckDuckGo for truly anonymous searching or the Brave Browser to block most ads and trackers by default.
  • Finally, you could install a browser extension like Ghostery, Disconnect, or Privacy Badger to block trackers and keep your browsing and search history private.

Consider a VPN

A virtual private network is increasingly becoming a necessity for our digital existence. If you spend any time on public wifi signals – coffee shops, hotels, airports, department stores, and so on – you should be using one.

But even at home or at work, a VPN provides an extra layer of security. It’s better to use one and not need it than the other way around.

A virtual private network essentially creates a secure and private connection – or tunnel – between your computer and another point like a website, or even the networks at your company or business.

When using it, your browsing activity, identity, and location are – in theory – completely shielded from prying eyes, whether that’s the government, your employer, a hacker, your ISP, or cybercriminal. In the unlikely event that someone did intercept your data, it’s encrypted and indecipherable.

Is it 100% foolproof? No. Nothing is. But it takes a lot of focus, attention, and know-how to get around it. If you’re using one, and the next person isn’t, cybercriminals will move on to the easier target.

While there are free options available, a good VPN will cost some money. Expect to pay between $80 and $120 per year. And do your research. Each VPN has its pros and cons depending on exactly what you want it for…you can even use it to spoof your geographic location (shhh, don’t tell anyone).

Options include ExpressVPN, VyprVPN, TunnelBear, and NordVPN. Install one, click it on whenever you’re doing anything online, and it’ll re-route your internet traffic so that you go through an encrypted VPN server instead of your normal ISP. Better privacy, better security.

Passwords, Passwords, Passwords

The average person has dozens of login credentials: usernames and passwords for every website, service, and platform they use online.

One of the easiest ways “in” for a hacker or cybercriminal is cracking or guessing a weak password. And the general public as a whole is very, very bad at following password best practices.

  • 87% of those 18-30 and 81% of those 30+ in a recent survey admit to reusing passwords on multiple sites. That’s a big no-no. Security experts strongly recommend using a unique password for each login credential we create. Reuse one, and anyone who cracks or guesses it has access to multiple sites.
  • Using a common and easily guessed password like ‘password’ or ‘123456’, both of which appear regularly on the annual list of worst passwords. Hackers will turn to these reports first, so anything you use that appears on them is basically no password at all.
  • Using an actual word. Bad idea. Horrible. Even a random word can be cracked by what’s known as a “dictionary attack”. A computer can try the entire dictionary in three minutes or less.
  • Using names, birthdays, or other significant dates that can be found on social media. Let’s say you use ‘sarah042102’ as a password because your daughter was born on April 21, 2002. Anyone with access to your Facebook page might be able to gather those details: post a picture of her cake with a message that says “Sarah is X years old today!”, and a hacker has everything he needs to guess. This is called social engineering, and it can involve collecting details from your social media profiles and/or gathering additional information be means of a phishing The takeaway? Be aware of the personal details you voluntarily reveal online, don’t reveal personal details by email, and avoid using anything as a password that could be guessed or discovered with a little digital digging.

Ideally, you need a unique password for every website or app you use. It should be random, include letters, numbers, and symbols, and the longer, the better.

You’ll be more secure, but you won’t be able to remember and keep those long strings of random text straight in your head.

Enter the password manager. A tool like Dashlane (free and premium accounts for $3-4/month) or LastPass (free and premium accounts for $2-4/month) can generate strong, random passwords and keep them stored in an encrypted database that automatically logs you in whenever you go to a website or open an app. All you need do is create and remember one main password for your vault. The rest is remembered for you.

Use one. Create a super strong master password for your chosen manager.

Finally, enable 2-factor authorisation (2FA) on all websites, apps, and platforms like Office 365 that allow it. 2FA requires a second step when logging in the first time on a new device, so even if a hacker knows your password, he still wouldn’t be able to get access.

The second step is typically an additional PIN or a time-sensitive code sent to your phone via SMS. Without it, no access is allowed to anyone with “just” the password.

Last but not least, create an expiration cycle for your passwords. Using one for too long increases the chances that someone may find, guess, or crack it. As a general rule, you shouldn’t be using the same one for longer than a year or so, and shorter periods are even better.

Some services let you automatically create and enforce an expiration policy amongst users. If the option exists, use it.

Want simple security?

You Need Microsoft 365 Business

Encrypt Your Communication

Whether email or messaging apps, we communicate digitally in the 21st century. While most major providers are quite secure, for extra sensitive data you can opt for a dedicated secure solution that utilises cutting edge encryption to keep your confidential data safe and locked tight.

Signal app by Open Whisper Systems may provide the protection you are after.

Backup Your Files

Ransomware attacks are becoming all-too-common. Symantec conservatively estimates that it costs its victims at least $5 million annually. Once it finds its way into your system, it locks your keyboard or entire computer, preventing you from accessing your files and documents until a ransom is paid to the hackers.

The best defense is, of course, avoiding it in the first place. Never, ever download a file or click a link unless you are 100% certain it’s safe. Paranoia will protect you much more than blindly trusting everyone and everything.

To prepare for the worst, make sure you backup your files on a regular basis. Or if you’re using a cloud-based productivity suite like Microsoft 365, you can create a workflow that does this for you:

  • Create a policy that forces users to save documents to OneDrive by default from the admin dashboard.
  • Synchronize all devices and computers to OneDrive.
  • Use SharePoint to save data to relevant collections.
  • Backup your OneDrive, SharePoint and Exchange data

If everything is already backed up and synced, you don’t need to worry about loss, theft, ransomware, or accidental deletion.

It’s so important in modern business that you may want to consider an additional level of protection beyond that. Better Online offers unlimited additional backup of both OneDrive and Sharepoint. Think of it as a backup of your backup with the ability to quickly search for and restore deleted or overwritten files. You may never need it, but you’ll be glad you have it if you do.

Protect the Internet of Things

Your home has a great deal more than just connected computers and mobile phones. The Internet of Things (IoT) has given us smart TVs, smart thermostats, smart lights, Amazon Echo, Google Home, even kitchen appliances and door locks connected to the internet.

Unfortunately, if something is connected and unprotected, it’s vulnerable to attack. IoT attacks increased by 280% in the first 6 months of 2017.

Thankfully, there is something you can do. A solution like Cujo can protect every connected device in your home with enterprise-level security. Simply connect it to your home network, and it automatically monitors and protects everything with an internet connection in real-time. It even gets smarter the longer you use it.

There’s a lot of potential risk out “there”. Enough to be proactive, but not enough that you should be losing sleep over it…provided you take a few – or ideally all – of these precautions. It’s easy enough for anyone to do, and shouldn’t cost more than $200 or so each year. Your digital security and privacy is worth at least that much.

Let “better safe than sorry” rule the day. And the next one. And the day after that.

An ounce of prevention is worth a pound of cure.” ~Benjamin Franklin

Be safe out there.

Find out how Microsoft 365 Business makes security simple

Got Questions?

Get Your FREE consultation

Image Sources: Pixabay, Pexels, Pexels