Hints and tips - security


Overview of security

As you might have gathered from the news, the internet has become a hunting ground for amateur and professional criminals.

One approach is to disconnect from the internet (not complete protection in itself) but then you miss out on all the benefits of being online.

Or you can act as in normal life: fit good locks, an alarm system, keep the keys safe, take care when out and about and be careful who you invite into your home.

Here are some hints and tips on how to enjoy the internet while protecting your data and therefore yourself.

Free PC Antivirus from Microsoft

Microsoft wants to protect your PC without upsetting its industry partners. So if you have not installed a commercial antivirus product like AVG or McAfee, Microsoft Update will eventually install and activate the free Microsoft Security Essentials on Windows Vista and Windows 7, and the new enhanced Microsoft Defender on Windows 8 and 8.1 and Windows 10.
Ransomware
Ransomware is malicious software that encrypts your data and ransoms it back to you. The Wannacry/Wannacrypt worm virus of May 2017 affected Microsoft Windows systems worldwide. With the help of leaked NSA spy tools, Wannacry easily overshadowed the impact of CryptoLocker in September 2013. Keep your antivirus protection updated and backup your data as follows...
Backup your data
The existence of ransomware means you need to take precautions against criminals as well as accidents. Take backups and store them offsite, somewhere safe where ransomware cannot touch them. Depending on how much data and how often it changes, you can use: CD, DVD, USB memory stick, portable disk drive, cloud storage, automated online backup.

Be aware that the lifetime of optical discs and flash memory is in the region of 10 years. Compare that to paper which can survive hundreds of years.

For cloud storage, look for a reliable company with a good reputation. Secure transmission and secure storage help to protect valuable data. If your data contains personal information about living individuals, check the legal data protection requirements at the Information Commissioner's Office.

After taking a backup of your data, verify the backup to make sure it is readable and complete. Place backups out of reach of your PC, because CryptoLocker, Wannacry and variants will search all attached drives and the local network for data to encrypt and hold to ransom.

Finally don't discard or overwrite an old backup until you are sure that more recent backups are complete and readable.

Hidden file extensions

By default Microsoft hides common file extensions like .pdf and .docx so as not to confuse you, the poor user. Unfortunately this also hides file extensions in email attachments. As a result you can be deliberately misled into activating a virus. What you see as Receipt.PDF might actually be Receipt.PDF.exe which is a program, and probably malicious.

To arm yourself with the necessary information, follow the link above to the View option and reveal (un-hide) file extensions by unticking and applying this setting:
    [ ] Hide extensions for known file types

Now when someone you want to trust sends you an email attachment, hover over it with the mouse and check the file extension, the set of characters after the last dot in the file name. Watch out for underlines before the last dot (Receipt.PDF_____.exe) and if you don't recognise the file extension as safe, then don't click it!

Windows XP end of life
If you are using Windows XP, your PC is no longer supported and it is increasingly vulnerable. Microsoft websites do not respond to older versions of Internet Explorer.

What can you do? First, backup your data as mentioned above. Then consider your choices:
  • Carry on, fingers crossed, nothing important in there - someone might get in, steal passwords and act as you online (identity theft).
  • Change over to an Apple product - safer, easier to use, more expensive, you might need to grow a ponytail.
  • Use an Android tablet or a Google Chromebook - cheap, flexible, needs a good wifi connection to the internet.
  • Install Linux Mint 17 LTS and LibreOffice 5 to replace Windows and MS Office - safer, free with free updates, reads and writes Microsoft documents.
  • Buy a refurbished PC with Windows 7 or 8.1 or 10 - cheap old PC, modern operating system, see current offers.
  • Buy a new PC with Windows 10 and take care when setting it up - see www.mineofinnovation.com/windows-10

Website security - Wordpress
http://www.wordfence.com
 
Wordpress - the software not the blog - is one of the most popular content management systems for websites. It is free software and relatively easy to use. It is also a popular target for criminals. A few steps will enhance website security and avoid most of the problems:
  • Set up a new user in administrator role, test to make sure it works, delete the default 'admin' user name - it is a prime target.
  • Avoid simple user names like Admin1, User1, Jane, Paul and avoid names that can be found on the website.
  • Use long passwords not found in the dictionary, at least 9 characters long.
  • Download, install and activate the Wordfence plugin.
  • Set the Wordfence option to lock out, for an hour or so, anyone who tries to login with an incorrect user name - such as 'admin'.
  • Add Google Recaptcha to Wordpress login, for example with this plugin https://wordpress.org/plugins/wp-login-recaptcha/.