Ten little things to secure your online presence

Ten little things to secure your online presence

Summary: Here's some basic advice on the tools and tricks you can implement immediately to secure your identity and online presence.

SHARE:

Life online can be a bit of a minefield, especially when it comes to avoiding malicious hacker attacks.

follow Ryan Naraine on twitter

You've all heard the basic advice -- use a fully updated anti-malware product, apply all patches for operating system and desktop software, avoid surfing to darker parts of the Web, etc. etc.

Those are all important but there are a few additional things you can do to secure your online presence and keep hackers at bay.  Here are 10 little things that can provide big value:

    1. Use a Password Manager

Password managers have emerged as an important utility to manage the mess of creating strong, unique passwords for multiple online accounts. This helps you get around password-reuse (a basic weakness in the identity theft ecosystem) and because they integrate directly with Web browsers, password managers will automatically save and fill website login forms and securely organize your life online.

Some of the better ones include LastPass, KeePass, 1Password, Stenagos and Kaspersky Password Manager (disclosure: my employer).  Trust me, once you invest in a Password Manager, your life online will be a complete breeze and the security benefits will be immeasurable.

    2. Turn on GMail two-step verification

Google's two-step verification for GMail accounts is an invaluable tool to make sure no one is logging into your e-mail account without your knowledge.  It basically works like the two-factor authentication you see at banking sites and use text-messages sent to your phone to verify that you are indeed trying to log into your GMail.  It takes a about 10-minutes to set up and can be found at the top of your Google Accounts Settings page.  Turn it on and set it up now.

While you're there, you might want to check the forwarding and delegation settings in your account to make sure your email is being directed properly.  It's also important to periodically check for unusual access or activity in your account. You can see the last account activity recorded at the bottom of GMail page, including the most recent IP addresses accessing the account.

Next -- Google Chrome and using VPN

    3. Switch to Google Chrome and install KB SSL Enforcer

In my judgment, the most secure web browser available today is Google Chrome.   With sandboxing, safe browsing and the silent patching (auto-updates), Google Chrome's security features make it the best option when compared to the other main browsers.  I'd also like to emphasize Google's security team's speed at fixing known issues, a scenario that puts it way ahead of rivals.

Once you've switched to Chrome, your next move is to install the KB SSL Enforcer extension, which forces encrypted browsing wherever possible.  The extension automatically detects if a site supports SSL (TLS) and redirects the browser session to that encrypted session.  Very, very valuable.

    4. Use a VPN everywhere

If you're in the habit of checking e-mails or Facebook status updates in coffee shops or on public WiFi networks, it's important that you user a virtual private network (VPN) to encrypt your activity and keep private data out of the hands of malicious hackers.

The video above explains all you need to know about the value of VPNs and how to set it up to authenticate and encrypt your web sessions.  If you use public computers, consider using a portable VPN application that can run off a USB drive.

Next -- Full disk encryption and the importance of back-ups

    5. Full Disk Encryption

The Electronic Frontier Foundation (EFF) has made this a resolution for 2012 and I'd like to echo this call for computer users to adopt full disk encryption to protect your private data.  Full disk encryption uses mathematical techniques to scramble data so it is unintelligible without the right key. This works independently of the policies configured in the operating system software. A different operating system or computer cannot just decide to allow access, because no computer or software can make any sense of the data without access to the right key. Without encryption, forensic software can easily be used to bypass an account password and read all the files on your computer.

Here's a useful primer on disk encryption and why it might be the most important investment you can make in your data. Windows users have access to Microsoft BitLocker while TrueCrypt provides the most cross-platform compatibility.

    6. Routine Backups

If you ever went through the sudden death of a computer or the loss of a laptop while travelling, then you know the pain of losing all your data.   Get into the habit of automatically saving the contents of your machine to an external hard drive or to a secure online service.

Services like Mozy, Carbonite or iDrive can be used to back up everyone -- from files to music to photos -- or you can simply invest in an external hard drive and routinely back up all the stuff you can't afford to lose.  For Windows users, here's an awesome cheat sheet from Microsoft.

Next -- Killing Java and Adobe Reader X

    7. Kill Java

Oracle Sun's Java has bypassed Adobe software as the most targeted by hackers using exploit kits.  There's a very simple workaround for this: Immediately uninstall Java from your machine.  Chances are you don't need it and you probably won't miss it unless you're using a very specific application.   Removing Java will significantly reduce the attack surface and save you from all these annoying checked-by-default bundles that Sun tries to sneak onto your computer.

    8. Upgrade to Adobe Reader X

Adobe's PDF Reader is still a high-value target for skilled, organized hacking groups so it's important to make sure you are running the latest and greatest version of the software.  Adobe Reader and Acrobat X contains Protected Mode, a sandbox technology that serves as a major deterrent to malicious exploits.

According to Adobe security chief Brad Arkin says the company has not yet been a single piece of malware identified that is effective against a version X install.  This is significant.  Update immediately.  If you still distrust Adobe's software, you may consider switching to an alternative product.

Next -- Common sense on social networks

    9. Common sense on social networks

Facebook and Twitter have become online utilities and, as expected, the popular social networks are a happy hunting ground for cyber-criminals.  I strongly recommend against using Facebook because the company has no respect or regard for user privacy but, if you can't afford to opt out of the social narrative, it's important to always use common sense on social networks.

Do not post anything sensitive or overly revealing because your privacy is never guaranteed.  Pay special attention to the rudimentary security features and try to avoid clicking on strange video or links to news items that can lead to social engineering attacks.  Again, common sense please.

    10. Don't forget the basics

None of the tips above would be meaningful if you forget the basics.  For starters, enable Windows Automatic Updates to ensure operating system patches are applied in a timely manner.  Use a reputable anti-malware product and make sure it's always fully updated.  Don't forget about security patches for third-party software products (Secunia CSI can help with this).  When installing software, go slowly and look carefully at pre-checked boxes that may add unwanted crap to your machine.  One last thing:  Go through your control panel and uninstall software that you don't or won't use.

Topics: Collaboration, Apps, Browser, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

61 comments
Log in or register to join the discussion
  • Secunia PSI

    Secunia PSI is awesome to keep your PC with the latest updates for non-MS programs. Highly recommended.
    markbn
    • RE: Ten little things to secure your online presence

      @markbn
      Yeah but you need Java to run Secunia PSI. Isn't that a no-no on Ryan's list?

      Number 7?

      [i]PS: and no I didn't flag you.[/i]
      ScorpioBlue
    • RE: Ten little things to secure your online presence

      @markbn It's ok... but I've found problems with it...
      ebarrow
      • RE: Ten little things to secure your online presence

        @ebarrow like what?
        rgrrogue
    • RE: Ten little things to secure your online presence

      @markbn The secure thing that we are all using in that time there it is: http://www.technologyfazer.com/google.html
      nomikhokher
  • RE: Ten little things to secure your online presence

    Its quite interesting and well we can be secured when we are online.......
    johnhein7
  • RE: Ten little things to secure your online presence

    Thanks Ryan:) it was very helpful. i use comodo antivirus software.Comodo secures and authenticates online transactions and communications for over 2,000,000 businesses and consumers.From client member areas to online transactions, its crucial that customers have confidence that their data is encrypted.they offers a number of solutions in this area which are quick to setup and affordable.
    jerald76
  • Google 2 Factor & Chrome

    I agree with most of your comments, and have implemented many of them - although it is not possible to de-install Java as several key sites we use for ordering goods have Java based shops.

    The Google 2 factor authentication assumes that you have a mobile phone and that you have it with you. Good, most of the people I know, who don't have a mobile phone also don't know that you can log into Google in the first place...

    But I usually leave the mobile phone sitting in the kitchen, when I am at home, as there is no/limited reception in the cellar, where my home office is. That means, that I would have to run up stairs, every time I want to log in. Also, if I am out and about, without the phone, it makes it hard as well - yes, we don't all carry our phones everywhere with us.

    Secondly, I still use Firefox, because I find NoScript is indispensible, as well as an SSL enforcer. I've tried a few JavaScript blockers in Chrome, but none are as effective or configurable as NoScript.
    wright_is
    • RE: Ten little things to secure your online presence

      @wright_is Yes, I love NoScript. Plus, I don't like the Chrome user interface as well. I also use Secunia... I have a more old-fashioned approach to passwords and browsing history. I use TrueCrypt to encrypt a partition with a very strong password, and put my brower information, passwords, Outlook, and other sensitive information on that partition. That way, I don't need an Internet connection in any way to get to my passwords. One thing I DON'T like about Chrome is that I can't change where it's information is stored to that partition.
      ebarrow
    • RE: Ten little things to secure your online presence

      @wright_is Some of us have mobile phones but don't have TEXT.
      xamountofwords
    • RE: Ten little things to secure your online presence

      @wright_is FWIW, one can set up Google 2FA with a Google voice number to get the authentication code as an email (and have a filter set up to autoforward to secondary/dummy account w/o 2FA), or generate and write out/print out a set of one-time-use passwords and stick it in your wallet as a backup.
      Gritztastic
    • use multiple browsers

      You can always use chrome for the things you need to log into that are important and firefox for everything else.

      Another thing to do is virtualize. Run a JeOS with chrome on it to browse all the important sites and another to browse everything else. This would cut down on downloaded malware.
      KBot
  • Encrypt your hard drive

    ... if you like to brick your shiny new laptop. Bottom line, if your software encrypts your hard drive, using either the free truecrypt or the $400 bitlocker option, you will turn your laptop or desktop into a paperweight. The reasons are two-fold:

    (1) The encryption/decryption kicks in every single time the hard drive is accessed. Yes, that includes all those times the virtual ram is read/written to. It'll turn the simple act of installing an update to your system into an exercise in sainthood. That brand new laptop you bought and spent way too much money for that shiny I7 and a zillion GB of RAM now runs about as fast as an Pentium II with 128 Mb of Ram.

    (2) If your system "bytes the bullet", i.e. if the hard drive crashes, there's a good chance you will not be able to recover the data from your backup. Most backup software is not encryption aware. I also don't know anyone that owns MS Win 7 Ultimate, which is what you need to run bitlocker on your system - for obvious $$ reasons. You can run backup software from inside the OS if you don't mind spending 6 hours a day backing up your system, rather than 20-30 minutes if it's not encrypted. If you do a drive-level backup from outside of the OS I have to tell you that most backup software does a poor job of restoring the data to another drive,i.e. it plainly fails. The fun part? You won't know that your backup is toast until you really need it. And don't get me started on incremental backups on encrypted drives. Makes you want to commit seppuku with a spoon.
    rock06r
    • RE: Ten little things to secure your online presence

      @rock06r Thanks ! makes you wonder how good the rest of 'advises' are. You might want to encrypt your hd if your system resides on a separate hd, and even then you will still face those backup issues. Besides, are the pictures of your children's birthday party worth encrypting?

      The only thing worth reading on this site are the reader comments.
      ForeverSPb
      • Encryption for privacy

        @ForeverSPb,
        Good point. I think some are encrypting their HD using some powerful 1024-bit encryption tools to protect their pictures which are about to be uploaded to facebook.
        Martmarty
    • RE: Ten little things to secure your online presence

      @rock06r Lol... yes, I'd rather have most of my drive unencrypted! That's why I use a separate partition :)
      ebarrow
    • RE: Ten little things to secure your online presence

      @rock06r

      I'm not big on this, either. That's like turning Indexing and Drive Compression on at the same time, only worse. You'll see a big performance hit soon enough.
      ScorpioBlue
    • RE: Ten little things to secure your online presence

      @rock06r
      Lot's of FUD here, I'm afraid.

      I've had software drive encryption running on laptops for a a few years now, and mind you these are IT managed notebooks, so clogged with all kinds of crap running, reading/writing who knows what all the time. The older machine was a dual-core Intel with 4GB RAM, and, honestly, it was quite acceptable. On my newer i5 it's imperceptible. The peace of mind is priceless, as they say. I wouldn't leave home without this if I had anything of value on my notebook.

      There are other encryption options besides BitLocker, which MSFT unfortunately thought might be a feature people would be willing to pay for. (I am not using Bitlocker.) Best option is to probably buy a "business" class notebook with that capability, or, even better, a self-encrypting-harddrive (SED).

      And, finally, if you don't back up the harddrive *image* with some offline software, but use any file-based backup, it's totally oblivious to the encryption. With incremental backups, you won't see any performance problem. You do need a recovery disk to get you loaded to the original, unecrypted volume if you have a catastrophic failure, of course, but after re-encrypting, your backups will work just fine.
      still fiddlin
    • Solution

      @rock06r

      There's an easy solution for the 2 points you've pointed out.

      First Backup your key, both private key and public key and secure it in an unencrypted media (i.e. flash drive, alternate harddrive, cloud or online email). I'm sure there will always be an option to save/backup your keys which was used for encryption of your data.

      Then, make sure you have a backup CD/DVD of the encrypting software. It would be painful if you have the keys yet don't have the programs where you can use your keys. Different software has different proprietary header in their encrypted container. May it be McAfee, Kaspersky, TrueCrypt or MS BitLocker can encrypt/decrypt AES 256-bit but their container header format/ header signature will surely be different.
      Martmarty
    • RE: Ten little things to secure your online presence

      @rock06r Ouch! That sounds painful. FWIW, I have two encrypted backups (Time Machine, Backblaze) and FDE (FileVault 2), and both the time investment in setting them up as well as the speed impact are both negligible. OTOH, I do notice significant slowdowns if I am working with large data on a triple cascade cipher truecrypt volume.
      Gritztastic