Know your enemy. There are two basic types of threatening individuals who are after your information. Most only have to worry about one but is equally important to prepare yourself in case the second strikes. The first type of threat is the hacker you hear about on the news. The kind of criminal who does not care who you are and targets businesses where they can steal massive amounts of information or phishes internet users to obtain their passwords.
The second is an individual who has specifically targeted you for one reason or another. This person may appear as a troll when they post random rude comments or pick arguments with you online. They are often trying to bait you into providing information. Sometimes this person never reveals themselves to you and only follows you on social networking sites gleaning information that you post until they have what they are looking for. This type of attacker has many of the same qualities as a stalker and will be as patient as necessary to obtain the information they seek. You can protect yourself from both of these individuals using a few techniques and remembering some of the stranger danger tips your mother gave you.
1. Keep your virus, anti-malware and any other protective software you have on the computer up-to-date. There are very good free versions of each type of security software available online and though no software is perfect they will significantly reduce the number of threats you face. Set them up to scan at a time when you won’t be using the computer and you will never need to feel like your performance suffers or that the software is in your way.
2. Never give full trust to anyone when it comes to your computer or online accounts. This means that in addition to keeping your passwords protected, if a friend wants to use your computer then you should set up a guest account for them to login to. Do not give the account administrative privileges or the rights to install software. It’s your computer, they do not need to download and store their information on it, nor do they need access to your account.
3. Don’t use pirated software. Pirated software is “cracked” and that means someone put in some information to make it work without the legal password. So the software has been altered. That means they could have put in any kind of other malware or spy software that they wanted to and could be using it as a backdoor to gain access to your information or your computer. Only purchase software from trusted vendors. If you really need it, it is worth paying for.
4. Use separate accounts for your personal life and professional life. Each should have its own email address and different social networks. Your personal social networking has no place in your professional life. All of your coworkers should not be on your social networking sites with your family. This could cause problems for your work life as well as make it easy for an attacker to find people who are willing to share more information about you without you ever knowing about it.
5. Always include some random character in your passwords. Numbers are good, but characters are used less often and make it even harder to figure out. It’s best not to use any real words at all in your passwords but if you must use them, then try something like this: “cr!baby” instead of crybaby or “cr&zy” instead of crazy. Just that one character will throw off a random troll and make it more difficult for a password cracker program to figure out as well. For even more protection, don’t use the same symbol in all of your passwords. If you have a secure location to store passwords, use a password generator website to create something completely unique.
6. Use the privacy settings available to you in every account you have online. Professional institutions such as banks will likely have protection measures and extra security in place. When visiting these sites the address bar should always say “https” at the beginning. Never enter your banking, PayPal or bill passwords into a site that does not start with “https.” On other sites, especially social sites, you will need to set up your privacy levels on your own. Use the settings to limit the information you share as much as possible. Set up limits so that your birthday, address, email or phone number is not shared publicly. If it’s not necessary to put that information into the site, then don’t add it to the account at all.
7. Never click a random link from an email saying you need to login to your account. If your bank or other business needs you to fix something on your account (except for password resets that you requested) then the information will be inside of your account no matter how you login. Visit the site by typing it in yourself or from the bookmark you saved earlier, or you can call them if you prefer. This eliminates any doubt as to where you are logging in to. Just like mom always said – if you don’t initiate the contact, don’t give out the secure information.
8. Don’t add strangers to your social networking sites. Even though it seems innocent and harmless, you are going to give out information to these strangers about your personal life at some point in time without even realizing it. Even the smallest information, including “Yay! The Wildcat’s won the playoff!” can be too much information to share with the wrong person. That statement lets others know what type of sport and what team you like but could lead them to your personal attachment to an education institution or the fact you are unavailable or occupied during games. Just like mom always said – Don’t talk to strangers!
9. Never feed a troll. A troll is an individual who makes rude comments to you repeatedly just for the purpose of upsetting you in some way. No good will ever come from it and you may wind up revealing seemingly harmless information that they, or someone else, could use against you. It is unlikely you will remember to go back and delete these conversations later if posted publicly and over email you are allowing them to have some level of control over you and your life which feeds into their addiction. If you don’t interact, they will become bored and move on.
10. Do not open unexpected attachments from strangers in your email account. Software can be installed on your computer without you ever knowing it was included with the attachment. This software can then be used to gain access to your computer, copy down every letter you type on the keyboard (which gives someone you usernames and passwords) and record other information. It has even been used to locate pictures on your computer that the attacker may want to use.
Schneier on Security: Advanced Persistent Threat (APT)