A lot of people are working from home today. With the pandemic causing all of us to isolate and being forced to work remotely, we bring new challenges to IT security. Most people are not IT security analysts but are required to know what is safe when working remotely. The bad guys are switching gears and attacking public endpoints more regularly. The use of VPNs is at an all-time high creating bandwidth limitations for internet service providers. What can we do to aid this transition? Today we will be going over basic steps that every PC should have installed and set up to ensure our name is off the list of the next breach.
Personal PC security is not only for the working class. Everyone can use these techniques to ensure that your PII data is safe. Let’s fight identity theft and ensure that the bad guys will need to get their fix somewhere else.
What we will cover in this Coffee Minute Video!
- Ensure your anti-virus is installed and up to date
- Ensure you are not logged in via an administrator account
- Never fall for phishing scams
- Always use 2 form factor authentication when available
- If in doubt don’t click it
- Never mix work and personal traffic
- UAC needs to be enabled (I know a big bummer)
- Windows firewall should be enabled
- Change passwords regularly
Ensure your anti-virus is installed and up to date
A lot of us are running our personal PCs with no or outdated anti-virus. While there are paid solutions out there there are plenty of free solutions that you can use at home. If you are not running anti-virus here are a couple you can choose from.
- Avira (http://www.avira.com) – I really like this one as its a free all in one solution. It can do so many more things than just a virus scan.
- Avast (http://wwww.avast.com) – This one is one that’s been around for a long time. It has paid versions as most do but the free is everything you need it to be.
- Panda (http://www.pandasecurity.com) – This one is my least favorite. It doesn’t have many bells and whistles but it’s very lightweight and the price is right.
Pick one of these and install it. For ease of use ensure auto updating is enabled during install.
Ensure you are not logged in via an administrator account
Most of us run on a computer as an administrator! This is not good practice as it allows our user account free reign of the computer. This allows malicious software to install without intervention. Here is how to ensure your account is NOT an administrator by default on Windows 10. This is for users that use the LIVE attachments. TO change local accounts you will need a different procedure.
- Go to Settings
3. Ensure your account is set to USER, not an administrator. This will ensure that your account can not launch or install anything without privilege escalation.
Never fall for phishing scams
Phishing. Glorious phishing. Tuna, Bass, Scallops, and who could forget a side of your credit card numbers… The oldest trick in the book. The bad guys are always looking into your glass house searching for their next target.
Always be cautious clicking links sent to you in emails. These links if you were not expecting them could be an attempt to gather valuable information like your banking usernames or passwords. So today’s tip is to always be on the alert. If something looks fishy or too good to be true, verify the source. If you suspicious never click the link. If you need to call the bank or sender of the information or enter the website directly. This will ensure you end up in the right place.
Always use 2 form factor authentication when available
Today there is a username and password for everything! You expect me to have a different username and password for everything I log into, you have to be joking! I am in the same boat as you having proper security on every account I use today is near impossible.
Security professionals like to tell you this is the most secure way to protect your accounts. I would have to agree but putting it into motion is hard! So what are we going to do about it? EASY! Multi-factor authentication. Adding a layer to our security onion will protect us while allowing us to have an easier way to create like-like passwords. I do recommend that we do have unique passwords on the more volatile accounts such as banking, email, or credit cards but do you really need a unique password for every site that requires you to sign up? If multi-factor authentication is available the answer is no. Just ensure to use it!
If in doubt don’t click it
That phone call letting you know you won a free cruise… It’s a scam. Oh, you knew that? Well I guess I guess stop here… Did you know that this is called a Vishing scam? Do you know what they are after? These scams are classic phishing scams looking to collect your personal data and make a quick buck! So what are they after?
These scams are looking to collect credit cards, social security information, personal information such as address history, family history, and so much more. These scams can lead to identity theft or loss of money. So if you are called out of the blue and the call seems to be too good to be true. It is.
So if it looks “ph”ishy don’t click it! Trust but verify. Always.
Never mix work and personal traffic
Be careful what you do while connected via the VPN at work. Although you are on your own PC you could still be liable for introducing malware or breeching the acceptable use policy. Many larger organizations capture the traffic that flows through their network. This allows them to audit for naughty employees and to ensure that if there is a breach they can catch the person responsible. Want to check your email? Use your phone, tablet, or any other computer NOT attached to the work VPN.
Welcome to WFH to ensuring you disconnect from the VPN when you are done with your workday can protect you from some embarrassing moments. Some can forget and continue using the VPN while on your personal time. DISCONNECT. Again don’t forget!
UAC needs to be enabled (I know a big bummer)
UAC needs to be enabled. A lot of us disable it. Not a good move. Think of UAC as a second chance to change your mind. If you are installing an application and it is requesting the launcher to install a piece of software approve away. Although, if you are writing an email and all of sudden the UAC is asking for something to run this is your opportunity to deny access to your machine. These actions could be malicious! To ensure UAC is set properly look here:
Start > Control Panel > User Account Control Settings
Ensure it is on the second to top tic and you will be good!
Windows firewall should be enabled
Although many of us disable this just like UAC we should keep it enabled. The firewall is there to protect unknown connections to and from our machine. This firewall is easy to maintain and most installations of software will modify the settings automatically (with UAC permission of course!). To check if your firewall is on go to:
Start > Control Panel > System and Security > Windows Defender Firewall
Ensure it is on for Private, Guest, and Domain (If available) networks.
Change passwords regularly
Passwords are the keys to our digital world. Ensuring that our passwords follow best practice is for our safety as well as the companies we work for. Follow these practices when it comes to your passwords:
- Enforce Password History – Do not use any of your last 10 passwords
- Change your passwords within 90 days of Use
- Minimum password should be 14 Characters
- Don’t use a word for a password but rather a phrase: “welcometothejunglefred” is more secure than We7c0me$
- Always pay attention when you receive password reset requests. They could be a phishing scam!
- All passwords should be stored in a password vault. NEVER on a sticky note or a word document on your PC. Also NEVER use the save password features on your browser. They can be compromised.
Wow, we made it. These nine steps will help us stay safe at work and could be used in our personal lives as well. Following safe habits will ensure the safety and security of our PII data and confidential information from our workplace.
Stay Smart, Secure, and Safe! Can you hack it?