Computer security tactics aren't often thought about until a problem arises—and at that point, a break in security can cause harmful and potentially major issues. Because we all want to keep our computers and information safe, we have answers to some frequently asked questions about potential security issues and how you can prevent them from happening to you.
Why is computer security important?
Computer security is important because it keeps your information protected. It’s also important for your computer’s overall health; proper computer security helps prevent viruses and malware, which allows programs to run quicker and smoother.
What are the most common computer security threats?
Installing Sketchy Freeware
When people don't understand the ramifications of installing unverified freeware, they open their computer to a slough of attacks. For example, they might download a free desktop application and unknowingly install spyware or a browser toolbar along with the application.
Typically, these free applications will have a checkbox installation that some people might miss, which allows the spyware or toolbars to be installed. This spyware, in many cases, can track everything you do in your web browser—and these toolbars can potentially slow your entire system down.
When you install untrusted freeware, you open yourself up to:
- Trojan Horses
- and much more
Verify that you're getting your freeware, including Internet browsers (Firefox, Chrome, etc.), programs (Skype, Adobe, etc.), and anti-virus software (Avast Free Antivirus, AVG AntiVirus, etc.) from credible sources before you install it.
Man-in-the-middle attacks are somewhat similar to someone secretly and directly listening to a phone conversation through wire tapping or picking up another landline in the house. The information shared between two people that should be private is now in the hands of a hacker. This is what happens:
- To ensure that only the appropriate person sees some information, the sender sends the recipient a private email, chat, or something similar. Only the recipient can open this public key encrypted message with their private key.
- The attacker intercepts the message and sends the recipient a fake message that imitates the original message.
- The recipient falls for the fake message and encrypts the attacker's message with his/her public key.
- The recipient sends the message back to the original sender.
- The attacker intercepts the return message.
- The attacker opens the message with private key and alters it.
- The attacker re-encrypts the message with the public key that was originally provided by the sender.
- The original sender is tricked into thinking that their intended recipient has returned their message.
Here's an example of sensitive information that can get intercepted:
For the common person: Don't connect to public Wi-Fi networks that are not password protected when conducting business, sending personal emails, or communication in any other way. DO NOT make purchases on unprotected public Wi-Fi networks. When you're done using a website, program, or an app, log out of it. Make sure the websites you access have SSL Certificates (read on to learn more).
For web developers: Use SSL Certificates (read on to learn more).
Phishing & Spear Phishing
These aren't fun activities you can do with a beer in hand. Phishing attacks are notorious for trying to trick you into opening unknown attachments and links in emails. These attachments and links have the potential to add viruses and other malware to your system, so why do people still fall for them?
Phishing and spear-phishing attacks can happen though email, SMS messages, voice calls, and a couple other less common avenues, but email attacks are most common. In both instances, attackers disguise themselves as people or organizations that you trust and/or already engage with; however, phishing attacks are not personalized while spear-phishing attacks are. Spear phishing messages personally address the recipient and contain personal information, which they hope will make you act.
Here's a real example of a phishing attack that some Onsharp staff have received:
The message is short, (poorly) mimics a request from someone within Onsharp (a trusted source), and asks you to give them your information.
When you get a questionable email, call, or text from someone or a business you communicate with, do not respond to it. If you're unsure if the request is legitimate, create a new line of contact with that person/business and ask them if they still need that information and/or if their request is real.
Leaving Your Computer or Device Unattended
When you leave your laptop or phone unattended at the office, your remote workplace, or a public space, you're foolishly inviting someone to breach your computer security through your own device.
When you have to walk away from your workstation, lock your electronics. Have password protection enabled on your phone, laptop, and other devices—especially if you have access to sensitive information through that device. With modern devices, you can easily enable a fingerprint access as well.
What are some computer security threats I wouldn’t necessarily know about?
Visiting Websites Without SSL Certificates
When you visit a website, you're information is automatically safe, right? Wrong. When you're on the internet, sometimes website admins don't take the necessary precautions to protect their information or yours.
SSL Certificates are a good indication for whether you should trust a website. It looks different depending on what browser you use, but you can typically tell when a website is secure when a locked padlock appears to the left of a URL in the search bar. When a website doesn't have an SSL Certificate or one that's improperly installed, your search bar will not contain a HTTP or HTTPS heading or a locked padlock icon.
What can I do to protect my computer from these threats?
When it comes to protecting your computer, our biggest piece of advice is to be aware of:
- what you’re downloading,
- what websites you visit,
- where your emails are coming from,
- what links you’re clicking on,
- and what you’re entering your information into.
Are there any helpful programs you recommend installing?Most PCs come equipped with an antivirus program already installed. For example, Windows 8 and 10 have Windows Defender built into the operating system, which is sufficient for most users. If you have an older version of Windows, don’t have an antivirus program, or would rather use something besides Windows Defender, we recommend using Avast. Avast has been one of the highest-praised antivirus programs available over the years because it doesn’t slow down your system, and it's free.
At Onsharp, we scan our customers' websites every 90 days as part of our Website Essentials Package, and we rescan until the websites receive a passing score. We do this to address any new vulnerabilities that are found. We also offer a free one-time vulnerability scan to help those who aren't yet leveraging our Website Essentials Package to find out how vulnerable their website might be.