Tuesday, August 26, 2014

11 cyber security tips for back to school

The end of summer is here. That means the end of swimming, watermelon, ice cream ... wait a minute, this is Texas. We still have 8 more weeks of warm weather! What is does mean though is the end of summer vacation and a return to the school-year routine for millions of students. Some students that 3 months ago were graduating seniors are now adjusting to life on their own as either newly-inducted members of the adult workforce or as beginning college or vocational school students. For others this may be their first taste of primary education. They share one thing in common though: they are growing up (or have grown up) in a world where connectedness is a given.

My generation rented video tapes from Blockbuster (remember them?), used telephones with a cord (gasp!), and drove, rode a bike, or walked to see our friends. Today's youth stream movies, share video and pictures, IM or text, and communicate through social media, all on a device that fits in a pocket or purse.  Connectedness - instant connectedness - is ubiquitous, and with it come both fantastic conveniences as well as new risks. Today's youth can make a decision in a half second that could affect self esteem, future relationships, their wallet, or job prospects. Of course every generation has it's favorite bad decisions, but the consequences of today's bad decisions have the potential to come around much faster, and last much longer, than in my generation. As a parent it is my responsibility to give my children both the technical controls and the technological intelligence to stay safe in the world they are growing up in.


Most of what follows are common-sense steps I take in my home and with my children, but that are in my opinion the foundation of a safe and secure connected environment. There's nothing earth-shattering here - and in fact most of these are things I have written about many times before, but back-to-school time seems a sensible time for a reminder.

  1. Set up the router securely. Home network security begins with a simple device that separates the home from the "big bad Internet." If your first line of defense is weak, it's practically an invitation to be hacked. In fact, there is a search engine known as Shodan specifically for vulnerable computers and routers. If your firewall has the default admin password, chances are your router is in Shodan. Creepy, eh?
  2. Be smart about passwords. If your device or program comes with a built-in password, change it. The default password is no doubt readily available on the Internet (you read my comment about Shodan, right? For accounts that matter to you, use different passwords so if one account is compromised, only one account is compromised. If you have more accounts than you can count on one hand, consider using a password manager to remember the passwords for you. Take advantage of two-factor authentication for more critical accounts.
  3. Think before you click. Phishing scams as well as malware rely on our tendency to click first, think later. Phishing scams in particular can be incredibly believable - they are designed to imitate something legitimate to abuse your trust. Oh, and they can disguise themselves quite cleverly.
  4. Keep programs up-to-date. Android OS, Apple iOS, Windows, Mac, and many software products have automated update features. Turn them on. Software developers make mistakes - that's what the updates fix. If your car had a factory defect that might leave you stranded on the side of the road, and offered a free fix, you'd take them up on it, right? This is the same thing.
  5. Change the phone book. DNS, or Domain Name Resolution, is how your computer knows that www.google.com is actually “74.125.224.242.” It happens silently in the background and is usually ignored unless it stops working. OpenDNS and Norton among others offer free services that simply don’t resolve website addresses that go to known “adult” or malicious content (more accurately, they resolves such websites to a benign address that says “you can’t go there.”) In my opinion this is one of the strongest additions you can make to the security of your home network.
  6. Think before you connect. The old adage that on the Internet no one knows you are a dog is absolutely true: with social media you only know who someone claims to be. So think about what you share, and think before taking a comment or request at face value.
  7. Mind app permissions. Mobile device apps can (mostly) only do what you allow them to do. So read the permissions an app requests before blindly installing Fuzzy Kitten 97. Also, stick to the major app stores. While the major app markets (Apple's App Store, Google's Play Store, Amazon App Store for Android, Windows Phone Store) can be compromised, they are still far safer than sources off the beaten path.
  8. Credit cards, not debit cards. I use only credit cards for online transactions (which in many cases have a $0 liability fraud guarantee, and which by virtue of being "buy now, pay at the end of the month" completely separates the purchase from my actual cash) versus debit or PayPal (which have much looser consumer protection laws, and from which fraud may immediately empty the bank account, with some delay before the bank can restore my money).
  9. Think before you click
  10. Don't Panic. Security is about understanding and managing risk, not running from it.
  11. In case you missed it, Think before you click.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.