We have spent decades helping businesses and governments reduce risk and raise their security posture and keep a continuously updated list of cybersecurity best practices that captures lessons we have learned through the years. We also capture lessons and best practices to help home users raise their defenses. We do this because we are human beings too and like all of us learn lessons the hard way at home. We also share these best practices with companies we serve so they can help their workforce be more secure at home. Doing so helps those companies reduce risk and can help their employees avoid fraud.
These are tips designed to help anyone raise their defenses at home:
Cybersecurity At Home
- Think of your nightmare scenarios. What if ransomware locks all your data up, or what if malware destroys photos? What if hackers get to your financial data and log into your bank and steal money from you? This will help you prioritize your defenses and keep you motivated and thinking about continuous protection.
- Encrypt your data. And back it up! This will help mitigate the risks of your nightmare scenarios. The easy way to use encryption for the Mac is FileVault, which you can find in your settings. Windows users can turn on BitLocker in the System and Security section of the Control Panel. For a cross-platform solution with more versatility consider VeraCrypt. For your backup system, we recommend that you don’t rely on common cloud file systems like Google Drive, OneDrive or Box for this, since they are focused on storage of files in preselected folders. Look into a comprehensive solution. For a list of potentials see this PC Magazine review on Best Online Backup Systems.
- Ensure you and are patching operating systems and applications. This sounds so basic, and it is so basic. But it is too frequently overlooked and it gets people and companies hacked, again and again. So make sure you are doing this at home. Don’t just assume it is going on. Check it.
- Go to the cloud! Recall the point we just made above, you have to keep your systems patched. Using cloud services shifts more of that patching and updating to highly qualified engineering teams. They bring many other security functions too. You still need to pay attention to how you configure your cloud services, including access control and encryption and monitoring. But overall you will reduce risk with smartly configured cloud services.
- Put multi-factor authentication in place for every cloud services you use. This is very important for a good defense. Every cloud provider that consumers use should have an easy way to put this in place. If you have a cloud provider that does not have this, drop them! For a good overview of how to use multi-factor authentication on the major cloud service systems see this Verge article on How to set up two-factor authentication.
- Everyone uses WiFi. But every WiFi is vulnerable to attack. Use caution when you on are public WiFi. Attackers can very easily set up WiFi networks that look like a reputable one but really bring you under their control and capture all your communications and steal logins. Attackers can also break into any WiFi in use anywhere, it is really not hard at all. It would be best if you always use your own data (like a hot spot from your comms provider, or tethering from your smartphone). But if you are going to use WiFi use a VPN (see next recommendation).
- Pick the VPN that is right for you. Two to pick from are PIA and NordVPN.
- Upgrade your home WiFi router. We like the Google WiFi because it provides an easy management interface and easy way to make sure you are using DNS correctly (see below). We also like using the FingBox to help ensure we know who, and what, is on our network and who might be trying to connect (these devices may also be of use in some larger organizations but most large firms will have access to far more capable systems).
- Configure your DNS to make it harder on the bad guys. There are simple configuration changes you can put in place that will greatly reduce the risk of malicious code and privacy attacks. There are many options for the changes to make to your DNS, but for most we recommend changing your DNS server to 220.127.116.11 (learn more at Quad9.net and see more options and info at: DNS Configuration Tips).
- Configure your email to make it harder to be spoofed/phished. By using widely used configurations called DMARC you can significantly reduce the chance that your email will be spoofed and your partners or employees tricked because of you. Learn more about DMARC here.
- Use a password manager, at work and at home. Our recommendation: Dashlane.
- Block malicious code. This is easier said than done, but work to put a strategy in place that ensures only approved applications can be installed in your computers, and, even though anti-virus solutions are not comprehensive, ensure you have them in place and keep them up to date. We like Sophos or Norton/Symantec. Both have versions for Mac and Windows. There are many other options, to research others see test results and reviews at av-test.org.
- Ensure you are able to communicate with others in a way that cannot be monitored by criminals/hackers. Our recommendation: Wickr, which will allow secure messaging, secure audio and secure video as well as document exchange.
- Check everything. You need to get in the habit of checking things yourself, but it is also important to have independent assessments done (we would love to help with that!). For your self checks you can leverage these tools.
Do you have favorite security tips? We would love to hear them. Contact Us Here.