The information in this post is a follow up to the recent events of BusinessForHome.org getting hacked … plus a lot more to protect yourself from the evil forces that lure around the Internet.
• password strength
• Forgot your password?
• 2-step verification <– that alone would have prevented all BusinessForHome.org's problems
• Keep Your computer / website up-to-date
• Virus and malware protection
• WiFi password protection
I tried to keep it compact, but once Ernst Kasteleijn starts writing … he won't stop. This article has been written in such a way that you don't have to be a 'techy' or computer wizzard to understand or perform the necessary steps, to prevent yourself from a whole lot of stress, headaches … or even tears. It's a collection of his best practices and products he recommends.
1) Password Strength
Program / software / websites creators & administrations are doing a lot to keep your data safe. However, even with using military strength 256-bit AES protection — a phrase you hear a lot when storing data on the internet / the cloud — the security of a system stands or fails with your password. There are basically 3 ways for a hacker to 'guess' your login: trial & error, keyword combination list, or brute force hacking. Most people I come in contact with still use a combination of birthdates and names of their family and pets, in their passwords. It's better than having no password protection, but you're making it extremely easy for hackers to get to your precious data. As most of this data is publically available on FaceBook.
Brute force hacking can be compared to what you see in sci-fi or action movies. I'm sure we can all remember the part where the action hero stands in front of the vault or high security door, gets out his blackbox puts it at the door … you see a red LED clock counting down a few times and *beep beep* … the code is 49242 (for example) … and the door opens. That's a brute force password hacker. Passwords that consist of only numbers or letters are easy to hack. So the next step is using a combination of letters and words. That used to keep you safe in the 90s … but it doesn't in the 21st century. The comic below is both funny and accurate:
2) Forgot your password?
Ever forgot your password? I know I have. Some sites (and even operating systems like Windows) offer a memory jogger to help you remember the password. Worst thing you can do, is having a 'memory jogger' that discloses the full password. Why go through all the trouble of making up a great password? When you give it away with zero effort? Second worst thing is to give answers to security questions that are retrievable (again) from your publically accessable social media profiles. I know banks or insurance companies still use birthdates on the phone to verify if you are who you say you are (at least they do in Holland), but you're smarter … right? You just have to be when you're an avid user of the Internet.
3) … 2-step verification
Having great passwords keep you safer, but it doesn't prevent you from using the same password at multiple sites. Security system administrators are therefore putting in extra effort at their end to keep your data even safer by providing extra layers of security. 2-step verification has been used for many years already by e-wallets and banks, to finalise your online transactions (for example). But it's now also rolled out to other services. The challenge being? It's entirely optional and most users aren't even aware it's being offered. Google (for example):
Better passwords and 2-step verification. Are you safe now? No …
4) Keep your computer / website up-to-date
The most common method to get your website / computer hacked is lazyness. Creators of software make mistakes (cause they are human too). To correct these mistakes they regurarly release updates. These updates can either fix present features, add functionality, but also close backdoors and fix security threats. The most common mistake is ignoring Windows updates. You usually don't know what they are, but they are time consuming to install, right? Microsoft isn't releasing them to pester you, but to make sure your system doesn't turn into a cheese with big holes. It's similar to ignoring the warning lights on your car's dashboard. You wouldn't do that, so whenever you receive an update notification from either Windows or a specific application? Update!
Same goes for WordPress (most commonly used CMS to setup websites) and it's plugin system, but also the servers they run on. Most hackers don't possess a lot of skill. Whenever a websoftware update is released, it comes with a 'document' called a changelog. Within the changelog is being described what the problems were, and that they most likely will be fixed after updating. You'll be surprised how easy it is, to fire a request to a website what software versions it uses. A hacker then only has to exploit the known bugs in your software. On a website level this usually means inserting malware, copying the entire member directory or defacing it (replacing it by something else). This is what you hear about in the news all the time, and could all have been prevented. Why aren't most sites running the latest WordPress version? Cause updating the core files, might affect certain plugins. Resulting in anything minor (like seeing strange characters or a malformed theme), to receiving a HTTP 500 error (which results in a blank page). Need help in updating your blog? Consult an expert. Don't consult webdesigners! Web designers make your site look pretty. What you need is somebody with technical skills in WordPress configuration/migration, PHP, FTP, etc. Somebody who's prepared for worst case scenario's, and can fix them as easily as simple problems.
5) Virus and malware protection
Two decades ago everybody's worst nightmare was a computer virus. It was most commonly known & feared for corrupting the data on your harddrive. To prevents these issues from happening you had to install an Anti-Virus program, that would scan your computer regurarly for 'intruders' and remove them before doing their damage. These virusses are still around at large. Windows — by default — comes with Windows Defender (and lately with Windows Secury essentials). Again, it's better than no protection, but there are far better (and free) anti-virus software products around. AVG is a popular one, but my personal favorite is Avast! Antivirus. It's extremely easy to install by visiting this website: http://ninite.com/avast/ and start the downloaded file. It will then configure itself with the most common settings … and done. It will blocks most threats, but not all of them. Anti-Virus software are filters, but ain't bullet proof. Especially because there's a shift going on for many years now from from virusses to Malware.
Where virusses are meant to corrupt your data, Malware is (basically) designed to hand out your important data to somebody on the Internet without you knowing about it. It can be anything from opening a backdoor in your computer to gain remote access, to 'giving' away passwords or creditcard information, or seemingly 'uninteresting' data like which shops you visit at. Your online behaviour is worth fortunes to marketing companies. Google and FaceBook for example collect massive amounts of data how you browse their sites, to offer better advertisements. Just imagine what your other data is worth to criminals? We all know the legend of the 'Horse of Troy'. Malware works in similar ways. It sneaks onto your harddrive when you're just browsing the web. It activates itself straightaway or remotely, and usually has done it's damage before you find out about it. And what makes this 'buggers' annoying is the level of intelligence they are programmed with. They usually bypass Anti-Virus scanners. You need a second line of defense; an anti-malware scanner. The best for years has been http://www.malwarebytes.org (in short it's called 'MBAM'). The free version doesn't included a pro-active scanner, but is good enough! I recommend to run a 'quick scan' every 2-4 weeks to keep your computer clean.
Windows comes with default firewall software. For most users it's good enough. A firewall basically controls all in- and outgoing network/internet traffic on your computer. So even in the event of having been infected with malware, a good firewall could filter good from bad content, and block the traffic generated by the malware. BUT … it takes a considerable amount of time and knowledge to setup and maintain a firewall … especially when your operating system is Windows. Before making great firewall recommendations, I first like to touch base upon what might happen if you go about this the wrong way. Anyone who remembers Windows Vista, might recognise this. Ever since Windows Vista there's something called UAC (User Account Control). Read more at http://en.wikipedia.org/wiki/User_Account_Control
It was released with all the right intentions. However what ended up happening is that whenever your screen went dark grey and you received the annoying popup? You just answered it with yes without reading it, or knowing what it stood for. Sames goes with using Firewall software. No matter how intelligent it is, you will get popups with interesting questions. When you don't understand what you are seeing and answer it with no? It will block access and you might get a non-desirable outcome. For example: blocking access to your online banking account. When you answer it with yes, without knowing what it does, just for the sake of not losing internet features? Then you don't need a better firewall than Windows.
Think you do need better protection? Buy a Mac! In my personal opinion every entrepreneur and network marketeer should work with Mac OS X. Not just because it's safer, but also increases productivity at least threefold. With a Mac you can focus on the task at hand, you can focus on building your business. And because everybody is making a ton of money in our amazing home based business industry YOU can afford a Mac, right?
7) WiFi password protection
If you bought an Access Point or WiFi Router in the past (5-10 years ago), it didn't have WiFi protection enabled by default. Why is it important to have WiFi protection? The most common answer I get: to prevent other people from using my Internet. And while that's true, it's also the least of your worries. Without protection, a hacker can park his car in front of your home, and with so called 'sniffer' network tool, literally capture your unencrypted data from the air. And with a second tool reconstruct the bits & bytes from the datastream, to really 'listen' into what you are doing. Plus any files / documents / pictures you have shared on your network, can be accessed and copied as well … with the click of a button. So make sure your local network at home is as secure as how you browse the Internet by configuring WPA/WPA2 password encryption on your WiFi Network. Ask help from your ISP (Internet Service Provider) or a local techy to check/configure this properly, as it's not something that's configured on your computer, but at the Access Point / Router (the lunchbox sized 'thing' with the antenna and blinking lights).
And please use caution on public WiFi networks. Most international airports, 4&5-star hotels or McDonalds use either WiFi encryption or have a guest network with a per computer additional security setup. But … not all of them. Better to exercise caution than to be sorry.
About the author
Ernst Rhyker Kasteleijn was born into a generation that grew up with computers, self-taught expert relying on 24 years of experience & networking, multiple IT certifications, next to a degree in Computer Science engineering.
He's fluent in Dutch, English, as well as bits & bytes. What makes Ernst a pleasure to work with, is he literally takes anyone's computer and/or website problems as serious as his own. I'm not even sure he ever sleeps, but my ComputerNerdInside.com gets the job done!