In the last of Robert’s series we look at his top 10 tips for staying safe at home on the computer.
Home users have become scapegoats for security lapses, such as the spreading of viruses, and for allowing the construction of botnets. As I mentioned in earlier posts, home users can find it difficult to secure their PCs and this can lead to problems for business.So do they deserve censure? No, they deserve our help.
There is now synergy between the security needs of home users and the needs of business that could be exploited to raise security levels across the board. Security professionals can have a bigger role in keeping this important constituency secure. One lesson we have learnt in the security profession is that there is little point having a huge policy document if no one reads it. Digesting and communicating the key messages is a priority.
In this light I have attempted to condense security for home users into 9 tips, with rationales:
1. Install, run and keep up-to-date, anti-virus software – malicious software is a frequent source of security incidents Ensure you are running a firewall – to block unwanted internet traffic
2. Ensure you are running a firewall – to block unwanted internet traffic
3. Choose, and keep confidential, good passwords – to stop someone gaining access to data and accounts
4. Back-up files you don’t want to lose – in case you have a security incident or your computer fails
5. Keep software up to date, especially the operating system, internet browser and anti-virus tool – out-of-date software may have weaknesses that allow attackers in
6. Keep up to date and aware of possible risks, and alert for new threats – the security environment evolves and the main risks change
7. If something seems odd check it out, if something seems too good to be true, it probably is – be suspicious and you will spot threats and avoid risky behaviours
8. Don’t click on links, or attachments in emails that you weren’t expecting – you may go to a fake site or catch a virus
9. Set up users with ‘standard’ user accounts and limit the use of administrator accounts – to make it harder for users, or imposters, to have complete control of your PC
10. If selling, or otherwise disposing of, your PC make sure the hard drive is properly erased – it is not sufficient to just delete files
There it is in a nutshell. Of course to be of practical help these tips need to be supported by additional information and advice for home users. As I argued in previous posts, enterprise security and home security are increasingly intertwined. As security professionals we need to pitch our messages at both sectors.
Dr Robert Rowlingson is a principal R&D consultant in cyber security in BT Research and Innovation, and the author of the BCS book The Essential Guide to Home Computer Security.
Read his blog at www.homeinfosec.blogspot.com.