Just about everyone in the security industry has written a set of “rules for online safety” – so I thought it was about time to do the same. There’s plenty of good reasons to think that any quick fix is snake-oil (especially when written by a vendor) and that any article less than 100 pages that has “golden rules” for online safety is just another-silver-bullet, but there are a few simple tried-and-tested approaches that, if following consistently, will take the heat out of most serious security threats across the business.
By first ‘golden rule’ for staying safe online is ‘If you aren’t sure you need it, don’t install it’. What I mean is that when we surf the net, there’s a myriad of ads for shiny new software solutions that aim to trick the user into adding junk into the browser, purportedly to improve a PC’s performance or just doing something ‘cute’. Far too many of these toys are trying to get you to click on a link, open an attachment or install something into your browser or client-side application. These creatively packaged threats getting really common, mostly because they will convince the bulk of users to allow an untrusted piece of code to run with privileges they don’t need. The little apps might shower you with ads, try and convince you that you have a fake virus or even force you to install a fake video codec which is, in itself another piece of spyware or malware. So, if you don’t really know what you’re installing – and you didn’t set out to find it in the first place, don’t install it! If you simply can’t resist, do a search for the application’s reputation and do a little research before installing – then only install it from the developer’s site – not a download aggregator like download.com. Don’t be tempted to click on social media popups claiming to offer you fantastic super-powers within your social media platform. Many of these alerts, appearing on Facebook, LinkedIn and Twitter aim to steal access to your private posts and other personal information. Some even install banking Trojans to gain access to your accounts. Just stick to the old-school bookmarks! If it looks too good to be true – it probably is!
My second rule for keeping the nasties at bay is ‘if you’re going to install it, keep it up-to-date’. Everyone knows that Microsoft patches can be a pain to install in Windows – especially when Microsoft doesn’t want to give you a choice – but we know that we need to accept the pain to stay safe. Even the latest Windows 10, MacOS and Linux systems are under attack these days with patches required for mainstream vulnerabilities being released all the time. Corporate upgrades to Windows 10 aren’t a luxury, they’re a necessity to keep the business safe. That said, regular application maintenance is all-too-often overlooked and introduces a raft of massive vulnerabilities to many networks. Maintaining a safe work environment includes both operating systems and your application stack – especially the common applications like MS Office, Java, PDF readers, etc. The majority of vendors are constantly addressing security issues in their products and by ensuring that your versions are kept up-to-date is a great way to mitigate the threats coming from endpoints. Fortunately, the vulnerability announcements from most of the vendors come sometime after the patch releases – allowing you time to get the patches in before exploits surface. However, malware manufacturers also have time to exploit the threats when patching is delayed. Updating desktop applications rapidly keeps you one-step ahead of the curve – So update as fast and as often as is possible.
My third rule for staying safe is ‘If it’s not being used, it’s time to remove’. Application bloat on your PC makes it harder to keep on top of the patching update workload and bloated machines are slower machines – It’s a bit like trying to go for a run after Christmas Dinner! It even makes your security scanner slower and less efficient and tends to mask the performance issues caused by malware. The mainstream PC vendors are particularly guilty of loading your new machine down with garbage – from applications that help you call a service team to bloated apps that make connecting to WiFi hotspots more “seamless”. Most of these are frankly unnecessary and slow your computing experience down. Most users access less than 10 apps in a day, yet over the course of a PC’s life, a user can install a hundred applications. Each application can have start-up services that slow down reboot, often before your anti-virus software services get out of bed. This caravan of boot-time services can make your PC’s start-up experience look like watching grass grow – but will often discourage users from doing necessary security updates.
In summary, keep your PC lean, up-to-date and if you don’t need it – don’t install it!