Your IT Doesn't Want to Hurt You: But Others Using It Might be Thinking Otherwise
In the current world we have four areas that we need to protect our personal lives in the digital age; our accounts, on our computers, on our networks, and on our phones.
IT Systems Were Built by Those with Vision
The invention of the computer was not developed out of the desire to dominate someone’s political opponent, it was developed with the intent to make life easier for human beings. Significant technological advantages such as the use of the computer chip by MIT was not inspired by the school’s desire to become the top education institution in the world (even if it already had a reputation for being pretty stellar in the 1960s), but to advance an innovative dream of putting men on the moon. As we have just celebrated the 50thanniversary for landing a man on the moon, that feat was made possible due to technological advances inspired by men with vision.
The invention of the internet by DARPA in the early 1970’s was another development based on the inspiration of very intelligent people with a desire to be able to share information with one another across large distances. In the mid 1990’s when America Online, EarthLink, Prodigy, and CompuServe were taking the next generation of the ARPANet to the next level by sharing the internet experience via Microsoft’s Windows 95. We were amazed with our 28.8Kbps to 56Kbps dial-up connections to access such web browsers as Internet Explorer, Netscape, Alta Vista, and Ask Jeeve’s. It truly seemed to be the real “information age” was upon us.
When Google became the “next big thing” after starring in 1998 and hitting the prime time in the early 2000’s, we all became fascinated with the free internet concept where we only pay for a connection point to endless information. Google became the focus point of where finding all types of information was a simple search and click away. Other browsers offered a search function, but again we find an enhancement on our available technology that is in alignment with expanding the bounds of the human capability. This was in accordance with the capitalist goals of starting a successful business but not nefariously motivated. Today, there are so many variations of making everything internet capable that we have more options than some people have the imagination of what to do with all this technology yet people continue to find ways to use and enhance the technology at our disposal.
Because we have these options, those with those nefarious intentions can exploit the numerous capabilities technology provides us. If you are a simple smartphone only user or a technology professional powerhouse, you need to keep aware of the strengths and weaknesses of the tools we use on a daily basis. **PERSONAL BIAS** I am an Apple fan who is writing this article on my iPad Pro but have accepted certain limitations being so ingrained in the Apple ecosystem present. To me, the Pro’s of using a less modifiable set of computer systems outweigh the Cons of consistently reported vulnerabilities of the Windows and Android marketplaces. I don’t think this makes me smart, actually to the contrary, I think it makes me lazy. A Windows, Linux, or Android power user can adjust most of their settings if the have the technological know-how and dedicate the time and energy to learn those tweeks. Microsoft Windows 10 requires significant adjustments to limit the extent of telemetry data collected by Microsoft by default, but again, this can be mitigated with knowledge and effort.
These systems all have “zero-day” vulnerabilities that can be identified. Apple is not immune to this as several issues have been identified ranging from the latest MacOS releases to some softwares with “features” that allow for installation of software that the computer owner has already attempted to delete because of unauthorized leftover software that did not auto-delete when directed by the owner. Windows computers have become so known to have vulnerabilities needing to be updated or mitigated that “patch Tuesday” has become an expected experience of all Windows users for decades.
To find more information about these vulnerabilities, you can subscribe to Ars Technica (arstechnica.com) , Krebs on Security (krebsonsecurity.com), Kaspersky (Kaspersky.com), Akamai Techologies (Akamai.com), or CVE Details (cvedetails.com) to get the latest issues showing up on the web for your computer. If you are an administrator for a network, you know what to test in your next systems patch updates and if you are just a home user you can know why staying informed can keep you out of trouble. This is just for the latest list of viruses, malware, and other exploitable vulnerabilities that your computer can succumb to if you are not paying attention.
How to Be on the Lookout
All of this information is great, but it doesn’t tell you, the reader, what to do besides read other websites. Well, there are a few things that are constantly recommended by Cybersecurity professionals: 1) use a password manager to keep your accounts and passwords better protected; 2) always patch and allow updates to install on your computer as soon as possible to protect from known vulnerabilities; 3) beware of emails from people you don’t know and don’t click on links in emails; and 4) only download apps from approved stores (iTunes, Google Play, etc).
Password Managers
Password managers can be a bit difficult to set up because of the vast number of accounts that most people have online. Although this might be a tedius process that I accomplished by adding sites to my Password Manager at the time (LastPass) each time I visited a site. I have since shifted to 1Password (1password.com) but other password managers such as LastPass (lastpass.com), Dashlane (dashlane.com), Keeper (keepersecurity.com), Sticky Password (stickypassword.com), Zoho Vault (zoho.com), and EnPass (enpass.io) will all support keeping your logon experience simple. They will allow you to set your own passwords or recommend more secure passwords and make it easier to for the user to never have to remember more than 1 complicated password.
Patches and Updates
Sometimes updates will not be 100% compatible with the software you have running on your computers, so as soon as you can verify that all the patches/updates from your Operating System (OS) will keep you safe and the updates from the software you need to keep running will work with these patches, a time needs to be scheduled to apply these updates.
Email Security
Email awareness is very important for personal security. Going back to the 2016 United States presidential election, the Democratic Party fell victim to what are called “phishing” emails. A person with bad intentions for the Democratic Party sent an email to one of the senior party officials and upon responding to the malicious email, divulged key login information that was used to exploit multiple accounts. This was also attempted on the Republican Party, but the result was not as significant. The observations isn’t that the Democrats were inattentive and the Republicans were not, the key takeaway is that “bad guys” are going to exploit you via email. This is done because we normally check email on our smart phones and just “click” whatever comes on our screen. I recommend going to the app on your phone instead because the majority of organizations will send you a message if it’s important via the app and not just a clickbait email.
If they are applying the latest technological capabilities to keep the system safe, many system administrators have a belief that the system users are the”weakest link” in keeping the network safe because all too often do personnel not pay attention, open an email from an unknown source, and then click on an embedded link in the email to take them to an official looking webpage to login and “fix” some error that the email asks for the user to address. If you are the recipient of an email from someone you don’t know, you can address these in several best practices. Do not EVER click on a link in an email. Open a separate web browser and then login to prevent this type of deception. Turn on 2-factor authentication (sometimes called multi-factor authentication). In a recent study, this simple action whether an authentication application or a text message (not recommended) thwarts over 90% of unauthorized login attempts.
The App Store is a Better Friend than a Random Website Download
Sometimes some programs are not offered in the service stores but multiple reviews can allow for a user to do enough homework to determine if it is still a worthwhile download. Usually by exception of novelty applications, it is STRONGLY recommended that users ONLY download applications and programs from associated stores. This includes the iTunes store, Google Play store, Microsoft Store and others from specific organizations. On too many times via Cybersecurity reports does malicious code come from websites that claim to provide “free” versions of software that is in high demand. The problem with “free” is that it either comes with additional advertisement software (adware), a virus that can seriously degrade your computer systems, or an installation package that enables a Remote Access Trojan (RAT) enabling hackers to have override control of your entire computer (similar to a system administrator).
IT is Your Friend but You Still Have to Protect Yourself
Information Technology systems are developed to enhance our lives and make things easier. Because of the speed of development and number of different ways technology provides people access to ease of use, access to our personal lives, data and experiences leaves us vulnerable. We need to apply a minimum amount of awareness and protection over ourselves because exploitive motivated individuals are out there looking to get our information and use it against our will. We need to take simple precautions to apply at least the minimum level of personal security to keep ourselves and our technology safe from those people looking to do us harm.