Third book in the “Small Biz Success Tips” series
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
2 http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
4 Things You MUST Know About Computer Security Cornell D. Green
Free Edition from communit.us/helpdesk  Copyright 2010 Cornell D. Green Published by the author.
3 http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
4 http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
4 Things You MUST Know about Computer Security
CommunIT's Small Biz Success Tips - volume 1, number 3 Here it is – the third and, perhaps, most important book in the “Small Biz Success Tips” series. The very convenience that makes modern PCs so easy to use unfortunately also makes them easy to attack and compromise. Just as you wouldn’t leave a brand new car parked in a bad neighborhood without at least locking the doors, there are basic procedures that you should apply to make using your computer safe and reasonably secure. Note that I said “reasonably” secure. Just as no one has invented a lock that can’t be picked or a safe that can’t be cracked, complete computer security is only possible if you leave your brand new computer in the box, don’t ever turn it on and never connect it to any other machines, not even those on your simple home network.
Of course, you actually need to use your computer, so we’ll cover four basic concepts to help you determine the practices and procedures to make your computer use as safe as is reasonably possible: 1. 2. 3. 4.
There’s no such thing as perfectly secure True security is more about behavior than software Your software must stay updated to keep up with the threats The worst badguys will try to stay hidden
5 http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
There’s no such thing as perfectly secure: Quite often, I’ll have a client ask me something like “how did my computer get infected – I have an antivirus program???”. The simple answer is that ALL security measures are a best-effort measure. Just as banks are robbed despite alarms, guards and close-circuit cameras, even computers running an antivirus program AND a software firewall can still be infected. How is this possible, you might ask? Simply put, computer security is an arms race. The bad guys attack, the good guys figure out how they did it, and apply countermeasures. The bad guys then either find holes in the countermeasures, or invent completely new attacks. The bad guys count on you being both lazy and trusting. They send you email pretending to be from your bank, asking you to verify your login ID and password. You go to this site, type in the requested information… and they’ve just stolen access to all your money, without threats, weapons, or ever meeting face-to-face. You download a “cracked” version of some expensive program, because you’re too cheap to pay. Guess what? Do you think they cracked Photoshop just to be nice people? NO – this “free” gift has just infected your PC with a hidden program that records your every keystroke, and emails the badguys everything: every website you visit, every password you type, contact information for your family and friends… You let your babysitter have unrestricted access to your computer. She (or he) goes to a website of… questionable integrity. They thinks it’s a cool gaming site – in fact, it’s a honeytrap designed to tempt them to stop by and stay for a while. And infect your computer. YES – without downloading or installing any program1… just by loading certain web pages, your computer can be compromised! You get the point. It’s not the open, friendly Internet of the 1990’s. There’s online banking, credit card sales and Internet stock trading. Whenever there is money involved, you can be sure that deception and greed will come into play. Count on it… Security is a state of mind, not a state of being. Your don’t “secure your computer”; you operate your computer in as secure manner as possible – and stay ready and alert… 1
This is known as a “drive-by” infection
6
http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
True security is more about behavior than software: You may not always lock your car doors, but you surely lock them in a bad or unfamiliar neighborhood. You’re cautious of being followed late at night, and guard your PIN number2 when withdrawing cash from the ATM. We told you that there is no perfect security. More to the point, optimum security is more than simply having a good anti-virus and strong firewall running. That’s just the beginning. The strongest door locks do no good if you don’t actually lock the door. Locked or unlocked, if you let just anyone at all have a copy of the key, even people you do not know or trust… the effectiveness of the lock as a security device is severely diminished. Understandably, most of us want a “set it, and forget it” solution to security. Let me tell you right now, in no uncertain terms – there is no such solution. If you live in a major city, like New York, Detroit, Los Angeles, D.C., etc., you know there are basic behaviors that can keep you safer, if not absolutely safe: • • • • • •
Don’t flash your cash Keep your purse tucked tightly under your arm, to avoid tempting purse-snatchers Lock your car doors Have your car keys in hand before you get to your car, to prevent being jumped by a carjacker as you fumble to get in Travel with a group of people – the more the better Don’t talk to strangers: “innocent” questions are often a distraction tactic to make you let your guard down, so you can be mugged
These practices don’t keep you completely safe, but they do up the odds in your favor. Similarly, adopt a set of basic computer safety behaviors: • • • • •
Use passwords, even at home. They’re the front-door keys to your computer If you’re not sure about a website, DON’T GO THERE. Better paranoid than infected Your bank will NEVER ASK FOR YOUR ONLINE PASSWORD. Never! If you didn’t buy that software from a legitimate source, DON’T INSTALL IT. Ever! Pretty much avoid all forwarded jokes, funny animations and such in emails. If they’re not infected, they’ll just waste your time anyway
Security is what you do, where you go, and who has access to your computer. The Internet is no friendlier (or riskier) than a big city – have fun, but watch you back at all times…
2
I know that ends up being Personal Identification Number… number, but most folks say “PIN number”, even if it is redundant. I’m not the grammar police…
7
http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
Your software must stay updated to keep up with the threats: Keeping your computer updated is no longer optional. Operating system updates, antivirus signatures and firewall attack definitions (or however the updates are referred to) MUST be applied as frequently as possible. Not all Windows upgrades need be applied, but every security-related update (as opposed to feature enhancements, or non-security related bugs fixes) should be downloaded and installed at least once a week. Full disclosure: frequent updating may affect performance. Most information you may read about security fails to mention this, but you may have already experience this, and opted to ignore updates when they arrive. Trust me; if so, that’s a habit you’ll want to break, and soon! A smoothly operating computer is indeed a joy, but identity theft could ruin your life, and is too high a price to pay just to avoid a few hiccups, or an occasional spontaneous reboot (A.K.A. system crash). Better your computer crash because a recent security patch conflicts with your latest browser update, than to have a smooth functioning PC become infected with a trojan that records your every keystroke, captures the passwords to your online bank account, and siphons off your life savings before you realize what’s happening. Your antivirus and firewall should be set to automatically update. For Windows, our advice is to set Windows update to “download updates, but let me choose when to install them”. This will, of course, require that you become familiar with the settings of your firewall, your anti-virus software (and anti-malware, and anti-spyware, for the truly paranoid) and your operating system. Yes: this is adding more work to your already busy day. But when install an actual, physical alarm system, don’t you take the time to learn how to operate it? Security is a trade-off between comfort and safety – choose wisely…
8 http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212
4 Things You MUST Know About Computer Security
Small Biz Success Tips vol. 1, number 3
The worst badguys will try to stay hidden: These days, most of the times a client calls me with a report of “my computer is slow… I think it’s infected”, they’re mistaken. Not about their computer being infected – about their being able to detect the infection based on the performance of their computer. We’re well beyond the days of the “virus of the week”, where degraded performance made it clear a computer was compromised. Viruses and worms, the digital graffiti of the ‘Net, are no longer the primary threat. Today, it’s trojans and rootkits that pose the greatest threat. Trojans, named for the mythical “trojan horse”, are seemingly innocent, useful programs that hide malicious functions inside. Most “cracked” versions of expensive commercial software, like Photoshop or Dreamweaver, are trojans. Rootkits are even more devious – they replace legitimate functions of your operating system, burrowing deep into your computer, and hiding from anti-virus scans. Their goal is to run programs in the background, send email without your knowledge, and have your PC join thousands of other in a “bot-net” to attack high-visibility websites, store and distribute stolen software and other general nastiness. The best way to prevent both digital & physical infection is, of course, to practice healthy living, and avoid as many sources of infection as you can identify. These basic principles will help you maintain computer health: •
Run a complete anti-virus scan often – every day, whenever possible (Make it so, Number One3…!)
•
Run a software firewall on every computer, that will control traffic entering and leaving your computer Don’t visit suspicious websites, or install questionable software Don’t allow unauthorized use of your computer
• •
21st Century CommunIT Solutions conducts comprehensive security audits of individual computers, and entire networks. We specialize in working with solo entrepreneurs and Small Businesses to keep their computers and networks healthy, secure and functioning properly. Call us today at 646-727-0212 for a free telephone consultation. Or click here to visit our website contact form. Start Success TODAY! 3
That’s a Star Trek, The Next Generation reference, for all the sci-fi geeks out there…
9
http://communit.us/helpdesk | cgreen@communit.us | 646-727-0212