Header Ads

Breaking News

Don’t let the coronavirus make you a home office security risk


Welcome to life working at home, where the only one standing between you and all kinds of malware, ransomware and other security foul ups is, well, you.

Sure, the tech support desk will try to help you, but it’s not like they can stop by your desk and install a patch for you anymore. It’s a brave new scary world and we’re all trying to do the best we can. So, here, are six tips on how to keep your computer safe.

We hate to say it but all too many computer problems are, as they say in tech support land,  “Problem exists between chair and keyboard (or PEBCAK).” That is, little old you. No one’s asking you to become a security guru and win the next Pwn2Own competition. But you must learn a little bit about how to keep your computer safe and you must be warier of potential threats.

You see, there really are people out there who want to grab your password, steal your data and your company’s data, and infect your computer with ransomware while they’re at it. Or, to be more precise, there are automatic botnet systems out there spending every second of the day pounding on your virtual door.

It’s nothing personal. Just like the coronavirus, though, these really are out to get you. So, you need to act accordingly.

Enable automatic updates (usually)

If you, or your corporate IT staff, haven’t done it before, turn on automatic software updates for your operating system and programs.

Everyone says that, but let me add a caveat: If you use Windows for your desktop operating system, learn what your business’s recommendations are for Windows update. You may not want to update Windows at all.

You see lately Windows 10 has a truly lousy patching record.  This included machines not booting properly; your desktop vanishing into the ether; and the File Explorer Search box went haywire for a while. Microsoft has even delayed retiring Windows 10 1709, known to you as the 2017 Fall Creators Update by six months. That’s just so people don’t have to update their older Windows 10 systems and possibly run into problems.

Given all this, do you really want to update, run into a problem, and then try to troubleshoot it on your own? No, I didn’t think so.

Instead, I suggest you pause Windows 10 updates for now. To do that with a business edition of Windows 10, you do this by going to Settings > Update & Security > Windows Update > Advanced Options. Once there, under the “Choose when updates are installed” heading, select Semi-Annual Channel. This delays major feature updates by about four months, when all the bugs should be worked out. Under the quality update heading, change the deferral period to 30 days from its default of zero. These are the Patch Tuesday patches.

If you’re running a Windows 10 Home and it’s Windows 10 1903 (aka the May 2019 Update, or newer) you can also delay patches. To do this go to Settings > Update & Security > Windows Update, and look for the “Pause updates for 7 days” button. With this, you can keep delaying it in 7 day chunks for up to 35 days.

Everything else, just go ahead and update. There may even be programs you rely on hiding in your system that need patching but do a poor job of alerting you. For these, you can use SUMo or  PatchMyPC or to track other programs software on your PC that may need an update..

Finally, if you go to a random website and it tells you must update Adobe Flash or some other program before you can use it and you can download it from a link they provide, DON’T DO IT. Often this is a corrupted website trying to put malware on your computer.

Anti-viral software: Who needs it?

You wouldn’t know if from all the ads, but viruses are among the least of your security worries these days. There are all kinds of malware out there, but the traditional virus or worm? Not so much.

That said, while you can use one of the latest and best antivirus programs for most of us Microsoft’s own free Windows Defender Security Center is all you’ll need. If you want more check out, Norton Security Premium or AVG Internet Security,

If you use a Mac, you may think you’re safe. Nope. While you’re far less likely to run into malware than your Windows-using colleagues, there are viruses out there with your Mac’s name on them. For overall protection, we recommend Sophos Home Premium. If you just want good free antivirus protection give AVG Antivirus for Mac‘s free tier a try.

Desktop Linux user? You don’t really need an antivirus program. It’s not that Linux’s security is perfect — nothing is in this world — but it’s better than the rest. There’s never really been an effective Linux desktop virus.

Password management

We all hate passwords and want to move on. Well, maybe someday two-factor authentication (2FA) will be perfected. But, we’re not there yet. In the meantime, here are some simple suggestions on how to use passwords safely and efficiently.

First, use passphrases, like “I-Hate-Coronavirus!!,” which you can remember instead of easy to guess passwords like “abcdef,” the ever popular “password,” or your birthday. Nor, should you use memory unfriendly passwords such as “Gog$^Yack4.” Your memory and your security will thank you.

You should also use a password manager. With most of us having to deal with dozens of sites and services requiring passwords, no one can remember all of them. The answer’s a password management program.

Password managers enable you to manage your login credentials across all your devices while keeping your passwords secure. They can also automatically fill in web forms for you. Many web browsers, such as Edge, Firefox, and Google Chrome include this functionality

If you don’t trust Microsoft, Mozilla or Google with your data, or you want non-internet password management, you need a standalone password manager. The best of these are LastPass and 1Password.

Of course, if 2FA is available on services you use all the time. Use It. Yes, it can be a nuisance entering in a PIN from a text message or the like, but it makes them orders of magnitude more secure.

Bad guys gone phishing

The single biggest security problem you’re most likely to run into is phishing. There are two kinds of phishing. In the older type, scammers use email or text messages to trick you into giving them your personal information. Once they have your passwords, account numbers, or Social Security number, you can kiss your privacy, credit score and possibly your job good-bye. In the other, you’re encouraged to download or open a file or click on a link, which will infect your computer with malware.

In either case, they often look like they’re from someone or a company you trust.  They often tell you a story to trick you into making a fatal mistake. This can include the following: Saying they’ve noticed some suspicious activity or problem, there’s a problem with your account, you’re eligible for a refund or you need to pay a (fake) invoice. 

There’s already been a significant rise in coronavirus phishing messages. You can be sure they’ll be many more proclaiming a cure, an urgent message from the CDC, and the like.

Phishing messages also disguise themselves with personal information. They’ll include your home address, your pets’ names and so on. Don’t buy it. It’s easy to find your personal information on the internet. Just consider for a moment how much to tell people about yourself on Facebook and the other social networks.

You can spot phishing messages with several tell-tale signs. If you look closely at the address instead of being from a real address, say sales@amazon.com it will be from amazonsales@whoknowswhere.com. They also often open with a generic solution such as “Hi Dear” instead of your real name.

When you get a phishing message, delete it. Never reply to it or open any link or attachment within it.

Finally, another phishing variant is the Microsoft support call scam.  In this one, you’ll get a call from someone claiming to be from Microsoft or a partner and that an automatic scan of your PC has shown a problem and they’re here to help all for one low price No, no they’re not. Microsoft will never call you out of the blue. At the very least, you’ll lose a few bucks and the worst you may find your computer and all your company’s files locked up with ransomware,

Virtual private networks: VPNs still a necessity

These days a lot of our front-line business programs, such as Office 365, Google Docs, and QuickBooks Online use a software-as-a-service (SaaS) cloud model. For these, you don’t need a VPN. But, a lot of our in-house applications still are humming away in our data centers and server rooms. That means, you’ll need a VPN to safely get to them.

If your company hasn’t set up a VPN for you, tell them to set one up right now. Otherwise anything you send between your home and your office is vulnerable to be spied on.

Picking a VPN isn’t your job — you may be acting as a chief security officer, but you aren’t paid like one nor do you have the technical expertise.

If you’re running a small business, you need to pick a small-office/home-office (SOHO) VPN now, Some of the best, easy-to-deploy choices are ExpressVPN, StrongVPN, or TunnelBear

Backups: Your last chance for survival

Last, but never least, you may not think of backups as part of security, but they are. They’re the last safety belt to save you from disaster when everything else has gone wrong. As long as you have a good backup, even if your files are frozen by ransomware and your machines are working more for a botnet than they are for you, you can still wipe everything and start fresh.

Again, this is something your IT department should be handling for you. But, in the rush to get you out the door and working from home. it may have been neglected.

The quickest, easiest way to back up your business PC from home is to use a cloud backup service. Once your company’s sysadmins catches up they’ll also find it easier to get at your backups if they’re on the cloud rather than if you’re using an old-style DVD or even tape backup system. Ones to consider are Acronis, Carbonite, and IDrive. A more home Mac and Windows friendly solution is Google’s Backup and Sync.

Secure at home

Keeping your work safe from home isn’t easy. Butit’s not rocket science either. Just follow these tips and you should be OK.

After all, I’ve been following them for more than 30 years of working from home without a single security incident. If I can do it, you can, too.

Welcome to life working at home, where the only one standing between you and all kinds of malware, ransomware and other security threats  is, well, you.

Sure, the tech support desk will try to help you, but it’s not like they can stop by your desk and install a patch for you anymore. It’s a brave new scary world and we’re all trying to do the best we can. So, here, are six tips on how to keep your computer safe.

We hate to say it but all too many computer problems are, as they say in tech support land,  “Problem exists between chair and keyboard (or PEBCAK).” That is, little old you. No one’s asking you to become a security guru and win the next Pwn2Own competition. But you must learn a little bit about how to keep your computer safe and you must be warier of potential threats.

You see, there really are people out there who want to grab your password, steal your data and your company’s data, and infect your computer with ransomware while they’re at it. Or, to be more precise, there are automatic botnet systems out there spending every second of the day pounding on your virtual door.

It’s nothing personal. Just like the coronavirus, though, these really are out to get you. So, you need to act accordingly.

Enable automatic updates (usually)

If you, or your corporate IT staff, haven’t done it before, turn on automatic software updates for your operating system and programs.

Everyone says that, but let me add a caveat: If you use Windows for your desktop operating system, learn what your business’s recommendations are for Windows update. You may not want to update Windows at all.

You see lately Windows 10 has a truly lousy patching record.  This included machines not booting properly; your desktop vanishing into the ether; and the File Explorer Search box went haywire for a while. Microsoft has even delayed retiring Windows 10 1709, known to you as the 2017 Fall Creators Update by six months. That’s just so people don’t have to update their older Windows 10 systems and possibly run into problems.

Given all this, do you really want to update, run into a problem, and then try to troubleshoot it on your own? No, I didn’t think so.

Instead, I suggest you pause Windows 10 updates for now. To do that with a business edition of Windows 10, you do this by going to Settings > Update & Security > Windows Update > Advanced Options. Once there, under the “Choose when updates are installed” heading, select Semi-Annual Channel. This delays major feature updates by about four months, when all the bugs should be worked out. Under the quality update heading, change the deferral period to 30 days from its default of zero. These are the Patch Tuesday patches.

If you’re running a Windows 10 Home and it’s Windows 10 1903 (aka the May 2019 Update, or newer) you can also delay patches. To do this go to Settings > Update & Security > Windows Update, and look for the “Pause updates for 7 days” button. With this, you can keep delaying it in 7 day chunks for up to 35 days.

Everything else, just go ahead and update. There may even be programs you rely on hiding in your system that need patching but do a poor job of alerting you. For these, you can use SUMo or  PatchMyPC or to track other programs software on your PC that may need an update..

Finally, if you go to a random website and it tells you must update Adobe Flash or some other program before you can use it and you can download it from a link they provide, DON’T DO IT. Often this is a corrupted website trying to put malware on your computer.

Anti-viral software: Who needs it?

You wouldn’t know if from all the ads, but viruses are among the least of your security worries these days. There are all kinds of malware out there, but the traditional virus or worm? Not so much.

That said, while you can use one of the latest and best antivirus programs for most of us Microsoft’s own free Windows Defender Security Center is all you’ll need. If you want more check out, Norton Security Premium or AVG Internet Security,

If you use a Mac, you may think you’re safe. Nope. While you’re far less likely to run into malware than your Windows-using colleagues, there are viruses out there with your Mac’s name on them. For overall protection, we recommend Sophos Home Premium. If you just want good free antivirus protection give AVG Antivirus for Mac‘s free tier a try.

Desktop Linux user? You don’t really need an antivirus program. It’s not that Linux’s security is perfect — nothing is in this world — but it’s better than the rest. There’s never really been an effective Linux desktop virus.

Password management

We all hate passwords and want to move on. Well, maybe someday two-factor authentication (2FA) will be perfected. But, we’re not there yet. In the meantime, here are some simple suggestions on how to use passwords safely and efficiently.

First, use passphrases, like “I-Hate-Coronavirus!!,” which you can remember instead of easy to guess passwords like “abcdef,” the ever popular “password,” or your birthday. Nor, should you use memory unfriendly passwords such as “Gog$^Yack4.” Your memory and your security will thank you.

You should also use a password manager. With most of us having to deal with dozens of sites and services requiring passwords, no one can remember all of them. The answer’s a password management program.

Password managers enable you to manage your login credentials across all your devices while keeping your passwords secure. They can also automatically fill in web forms for you. Many web browsers, such as Edge, Firefox, and Google Chrome include this functionality

If you don’t trust Microsoft, Mozilla or Google with your data, or you want non-internet password management, you need a standalone password manager. The best of these are LastPass and 1Password.

Of course, if 2FA is available on services you use all the time. Use It. Yes, it can be a nuisance entering in a PIN from a text message or the like, but it makes them orders of magnitude more secure.

Bad guys gone phishing

The single biggest security problem you’re most likely to run into is phishing. There are two kinds of phishing. In the older type, scammers use email or text messages to trick you into giving them your personal information. Once they have your passwords, account numbers, or Social Security number, you can kiss your privacy, credit score and possibly your job good-bye. In the other, you’re encouraged to download or open a file or click on a link, which will infect your computer with malware.

In either case, they often look like they’re from someone or a company you trust.  They often tell you a story to trick you into making a fatal mistake. This can include the following: Saying they’ve noticed some suspicious activity or problem, there’s a problem with your account, you’re eligible for a refund or you need to pay a (fake) invoice. 

There’s already been a significant rise in coronavirus phishing messages. You can be sure they’ll be many more proclaiming a cure, an urgent message from the CDC, and the like.

Phishing messages also disguise themselves with personal information. They’ll include your home address, your pets’ names and so on. Don’t buy it. It’s easy to find your personal information on the internet. Just consider for a moment how much to tell people about yourself on Facebook and the other social networks.

You can spot phishing messages with several tell-tale signs. If you look closely at the address instead of being from a real address, say sales@amazon.com it will be from amazonsales@whoknowswhere.com. They also often open with a generic solution such as “Hi Dear” instead of your real name.

When you get a phishing message, delete it. Never reply to it or open any link or attachment within it.

Finally, another phishing variant is the Microsoft support call scam.  In this one, you’ll get a call from someone claiming to be from Microsoft or a partner and that an automatic scan of your PC has shown a problem and they’re here to help all for one low price No, no they’re not. Microsoft will never call you out of the blue. At the very least, you’ll lose a few bucks and the worst you may find your computer and all your company’s files locked up with ransomware,

Virtual private networks: VPNs still a necessity

These days a lot of our front-line business programs, such as Office 365, Google Docs, and QuickBooks Online use a software-as-a-service (SaaS) cloud model. For these, you don’t need a VPN. But, a lot of our in-house applications still are humming away in our data centers and server rooms. That means, you’ll need a VPN to safely get to them.

If your company hasn’t set up a VPN for you, tell them to set one up right now. Otherwise anything you send between your home and your office is vulnerable to be spied on.

Picking a VPN isn’t your job — you may be acting as a chief security officer, but you aren’t paid like one nor do you have the technical expertise.

If you’re running a small business, you need to pick a small-office/home-office (SOHO) VPN now, Some of the best, easy-to-deploy choices are ExpressVPN, StrongVPN, or TunnelBear

Backups: Your last chance for survival

Last, but never least, you may not think of backups as part of security, but they are. They’re the last safety belt to save you from disaster when everything else has gone wrong. As long as you have a good backup, even if your files are frozen by ransomware and your machines are working more for a botnet than they are for you, you can still wipe everything and start fresh.

Again, this is something your IT department should be handling for you. But, in the rush to get you out the door and working from home. it may have been neglected.

The quickest, easiest way to back up your business PC from home is to use a cloud backup service. Once your company’s sysadmins catches up they’ll also find it easier to get at your backups if they’re on the cloud rather than if you’re using an old-style DVD or even tape backup system. Ones to consider are Acronis, Carbonite, and IDrive. A more home Mac and Windows friendly solution is Google’s Backup and Sync.

Secure at home

Keeping your work safe from home isn’t easy. But it’s not rocket science either. Just follow these tips and you should be OK.

After all, I’ve been following them for more than 30 years of working from home without a single security incident. If I can do it, you can, too.

Source link

No comments