Keeping your new (and old) electronics safe & secure this Christmas
As Christmas quickly approaches, many of us will receive new electronic devices as gifts from family and friends.
Before you start using those fun new toys, though, take a few moments to make sure your devices are as secure as possible to protect your data and personal information. Even if you haven’t received new devices, take a few moments to make sure your current devices are secure.
Thomas F. Duffy, Chair of the Multi-State Information Sharing & Analysis Center™, offered several useful tips in this month’s Security Tips Newsletter.
- Configure your device with security in mind. The “out-of-the-box” configurations of many devices and software are default settings often geared more toward ease-of-use and extra features rather than securing your device to protect your information. Enable security settings, paying particular attention to those that control information sharing.
- Remember to secure your Internet of Things (IoT) devices. Internet of Things devices include smart home thermostats, home surveillance cameras, smart refrigerators, lights, and many other examples. These need to be secured just like your phones, tablets, and laptops. One way to do this is to change the default password that comes pre-configured on the device to a strong password of your own choosing. This makes it much harder for cyber criminals to compromise your household devices.
- Turn on your firewall. Firewalls provide an essential function of protecting your computer or device from potentially malicious actors. Without a firewall, you might be exposing your personal information to any computer on the internet.
- Lock the device. Locking your device with a strong PIN or password makes unauthorized access to your information more difficult. Passwords are more secure than PINs and should be at least 8 characters long combining upper and lower case letters, numbers, and symbols.If you have an Android device and want to use a lock screen pattern, make sure the pattern includes at least 7 points and doubles back over itself (e.g. at least 2 turns). Additionally, make sure that your device automatically locks after a brief period of inactivity, preferably between 30 seconds and two minutes. This way, if you misplace your device, you minimize the opportunity for someone to access your personal information.
- Regularly apply updates. Manufacturers and application developers update their code to fix weaknesses and push out the updates. Enable settings to automatically apply these updates to ensure that you’re fixing the identified weaknesses in the applications.
- Install antivirus software.Install antivirus software if it is available for your device and enable automatic updating of the antivirus software to incorporate the most recently identified threats.
- Disable unwanted and unneeded services. Capabilities such as Bluetooth, network connections, mobile wallets, and Near Field Communications provide ease and convenience in using your smartphone. They can also provide an easy way for a nearby, unauthorized user to gain access to your data. Turn these features off when they are not needed. Also consider disabling or uninstalling other features or apps that you no longer use.
- Be careful when downloading apps. Apps provide a lot of wonderful capabilities for your device, but they are a common way that malicious actors disseminate malware or gather information about you. Always make sure you trust the app provider and download the app from the Google Play Store, Apple’s App Store, or other trusted source, as they proactively remove known malicious apps to protect users. Be proactive and make sure that you read the privacy statement, review permissions, check the app reviews, and look online to see if any security company has identified the app as malicious.
- Set up a non-privileged account for general web use. Privileged (such as Administrator or Root) accounts allow you to make changes in how your device operates, but a compromised administrator account provides attackers with the authority to access anything on your device. Use a non-privileged account when browsing websites and checking emails.
- Maintain your device’s security. Remember that setting your device to be secure is great, but you have to keep those settings, as well. It may be tempting to do away with some of the security, such as a lock screen password, or allowing the settings to change when you get an app update, but that puts your device and information at risk.
By using caution and following these tips, you can help secure your new device and protect your information. Have a safe, secure, and joyous holiday season!
- How to create a strong password:
http://msisac.cisecurity.org/whitepaper/documents/Security%20Primer%20-%20Securing%20Login%20Credentials.pdf
- Advice for connecting a new computer to the Internet:
https://www.us-cert.gov/ncas/tips/ST15-003 - Safe online shopping tips, as featured in our previous newsletter:
https://msisac.cisecurity.org/newsletters/2016-11.cfm
The original article can be found here.