With growing dependency on e-commerce, virtually any transaction can be made from literally anywhere. From the quick purchase and delivery of a much sought-after book from a buyer on the other side of the World, to bank transactions, bill payment and tax returns – computers provide an interface for almost any deal necessary these days, and create vital records of such transactions. Though there is a dark side to this financial enlightenment – banking malware and identity theft. Here are a few tips to keep a user’s technological capabilities brightly lit, capable and most importantly – private.
Passwords – Words of Power
Passwords are required for many operations and access and should never be underestimated. A password also physically protects from access while a machine is left unattended and also safeguards many applications. Online, when confronted with passwords, often a hacker will be discouraged and seek a victim elsewhere. Passwords also help to keep profiles safe in social media that could possibly provide a malware author with information to launch a personal attack. NEVER leave passwords set at the factory default (routers, for example – many of which are set as such : User ID: Admin; Password: password). Always change your log-in credentials regularly. Use longer phrases, and alter the format; for example, a favorite song title: NeverOnASunday would be greatly hardened by writing as N3v3r0nA5und@y. If more than one person uses the machine, set up a guest account for each user, and only use the Administrator account (HAVE YOU CHANGED THAT ROUTER DEFAULT YET??) for finance and safety critical stuff. Password safety can be compromised by keylogging spyware; good security scanning software will detect such infections, and if a key-logger does manage to enter, a little scrambling of password characters will make the task much greater for the hacker and possibly save the password before compromise.
Security begins at the perimeter of your system and is controlled by a firewall. This should be hardened and set to the least privilege level needed in its menu. Deny communication with anonymous networks such as I2P and TOR, this can stop some malware running if it does manage to bypass the firewall. Configure it to disallow unauthorized/unprompted port traffic. Company networks should combine a double firewall – one that is outside the server and gives guarded connection to the internet; this includes a Trusted Location for examining content that is questionable. A second firewall separates this outer perimeter from the internal network. All firewall software should be kept current and in the case of networks should have regular penetration testing.
Internal Software for Security
This relates to anti-malware/virus scanning software that should be as robust and effective as possible. AV programs need to use a combination of detective methods as the solely signature-based software has trouble detecting some modern hacker technology (some that hide in places that are not scanned, or others that mutate coding). So, the software chosen should incorporate heuristic detection that alerts to known malware processes as they run, or detects and quarantines processes that are suspicious. It is important that there are regular updates available from the developer.
It is important that ALL software is kept up-to-date. Some of the most devastating ransomware has been delivered by Exploit Kits (EK). These target vulnerabilities in either the operating system, or apps when a user is visiting a ‘site compromised by hackers. Two of the most notable examples have been flaws exploited in outdated Adobe apps and one found in Internet Explorer. It is vital to update apps regularly, check that browsers are the latest versions and to apply any O/S patches available. Of course, ensure that updates are only downloaded directly from the developer’s website. Another important aspect is to DELETE old versions of software and apps, and anything that is no longer used. Rename
Creating a wireless network for a home may seem a wonderful idea with cheaper plug-and-play routers on the market. Though when it comes to using this setup for financial and banking applications, it should be noted that wireless networks are virtually impossible to totally defend against intrusion. To initially setup and update the router, it must be plugged into a computer’s LAN (local are network) connection. DO NOT leave everything at default settings. The router will also need to be set for encryption (this must be WPA2). Rename the SSID (the name of the network) as something that will not identify a person or location, and check settings to see if this can be hidden from being detectable. Many higher-end wireless routers have built-in firewalls – makes such as Cisco and SonicWALL. As an added precaution, turn off the network when not in use.
Many kinds of malware are delivered by downloads – ransomware posing as freeware updates, or trojans hiding in freeware or pay-per-instal bundles. The moral here is to visit the developer’s website to download directly from there. And always use the Advance/Custom install option, disregarding a bundle with any unwanted programs accompanying the desired software. Be careful to check/uncheck the right boxes during this process. Sometimes, a trick is to use one instal-client for a bundle, only giving the user the option to install everything, or nothing – DON’T do it – delete everything and search for the software elsewhere. The old warning about spam e-mail should be reiterated here – malicious macros in ‘mail are little things that can cripple a system in the time it takes to read a little spam. To be even safer, ActiveX should be disabled for all Microsoft Office formats (see above link).
Using a laptop on a public wireless network is a risk. Here the user is dependent on a third party’s security. If hardware is used (for instance, in an internet cafe), there is also a risk that monitoring may be taking place. It is far better to wait until back on a home network to undertake any commerce, or to use a machine carrying any important data. For matters that will not wait, then ZeusGard make a wireless hardware browser that is highly rated, though read-only.
Smart With Phones
Using smart ‘phones can be hazardous. In 2015, the first mobile ransomware Simplocker was released. This has become an expanding field with most malware targeting operating system or app vulnerabilities that are perhaps caused by companies over-eager to introduce new models. Such a vulnerability in the Google system let in the Certif-igate trojan, while one in the Android system opened a door to Stagefright – this infected millions and only needed the ‘phone number of the device to infiltrate. The main thing to remember is to get apps only from the developer, and make sure that the ‘site a download is coming from is legitimate. Hackers find it very difficult to compromise these ‘sites, so they try to redirect unwary users to legitimate looking ones for a malicious download; a domain may be called something like google.xyz rather than .com – so be wary.
Old files and old versions of programs should be routinely house-cleaned. When taking an old PC for recycling, it is best to remove the hard drive and physically smash it – mere deletion will not render the information unreadable. Alternatively, there are programs called disk scrubbers that will also do this job.