The US Department of Homeland Security has released an update to their ST15-003: Before You Connect a New Computer to the Internet documentation. With the holiday season approaching (along with all of the new IT systems to unwrap), it’s a good time to review some cybersecurity best practices to help avoid hacking of your credit cards, bank account, personal information, and help support smooth operations. I have outlined the document below:
- Secure your router. A popular method of harvesting all data on your network is for a criminal hacker to infect your router. This security process should include:
- Power-cycle to remove any RAM-resident malware
- Update router firmware.
- Eliminate any unwanted DMZ settings.
- Eliminate any unwanted port forwarding.
- Enable and configure your firewall. Older-style firewalls rely on configuring ports and what type of traffic is allowed. This is quite complex and time-consuming. If you have this type of firewall built into your router, time to upgrade to a new router with Stateful Packet Inspection. These require little more than turning on.
- Install and use antivirus software. I currently recommend using Bitdefender antivirus for every macOS and Windows computer.
- Remove unnecessary software. Every piece of software has some vulnerability. If you don’t use it, remove it.
- Operate under the principle of least privilege. Most malware and criminal hackers take on the power of the currently logged-in user. If your user account is an administrator, they have full control over your computer. Always log in with a non-administrator account. Better yet, log in with a Parental Control (macOS) or Child (Windows) user account to further restrict the damage a criminal can do. I’m hard-pressed to come up with a reason that a computer user ever needs to log in as an administrator.
- Secure your web browser. By default, most browsers have insecure settings. Before surfing the web, verify that all settings and preferences are configured for security.
- NOTE: Better yet, check out the Brave browser. It is built for security.
- Apply software updates and enable automatic updates. The #1 reason for updates are as security patches. It is vital to ensure the timely installation of system and application updates.
- Use caution with email attachments and untrusted links. Criminal hackers commonly use email to infect computers and to harvest information. If you don’t know who sent you an email, don’t open any of its attachments. Before clicking on a link, hover the cursor over it to view the full URL.
- Use strong passwords. The Department of Homeland Security is in charge of all things cybersecurity within the US. Their current guidelines for strong passwords is “Use the strongest, longest password or passphrase permitted”. The NIST 800-171 is a Federal cybersecurity best practices document which most organizations should follow. The current minimum recommended password length is 15 or more characters. I suspect this number will soon be increased to 24 or more. Use a password manager such as LastPass to create, remember, and automatically enter passwords. Your memory is best used for other things.
Whew! That is what needs to be done before connecting to the Internet. For everything that needs to be done after connecting, we have some great books.