4 Things even n00bs can do to stay safe online

We’re obsessed…

You know what we love where I work? Security. Seriously, it’s our favorite thing to talk about around NSS Labs Headquarters that’s not the finale of West World (yes, we’re still stuck on it).

We dream about security threats while analyzing what a breach really means. We obsess about keeping things secure, we argue about strategy, and plenty of times, we wax poetic on ways teams can make their systems more secure.

As the NSS Labs crew heads into this year’s RSA conference, we’ll be surrounded by some of the brightest minds in security.

On the other hand, we’ll also be around those looking to hack those bright minds. Security culture is complex like that.

But, we figured this was a good time to share some tips that any team could use to make their systems stronger, the basic stuff everyone can do. A few might seem obvious, but it never hurts to remind folks that simple measures could keep their systems secure.

1. Make sure your plug-ins are up to date

There are a lot of people who hit “remind me later” when it’s time to download that plug-in update. But, what folks don’t realize is that those updates typically provide patch fixes for known bugs, or errors working as backdoors to all kinds of viruses.

It’s a hacker’s job to try their damnedest to get into your computer, and by not updating your Java, you’re giving them that much more firepower.

Plug-ins like Java or Flash need to be updated on the regular.

If you want an alternative to checking for updates manually, both Firefox and Chrome offer plug-ins of their own, which tell you when updates are available for practically everything on your machine. All you need to do is click a button, and you’re off to the update races – your browser does all of the work for you. By doing so, you’re giving  shady characters one less avenue to potentially get your information.

2. Get proactive in the fight against ransomware

If you haven’t heard of ransomware, here’s the easy definition: it sucks. Some variants of ransomware  live in your spam folder and can turn your computer into a brick with a simple click. If you’re unlucky enough to open that email from the Nigerian Prince, and next thing you know, you’re locked out of your machine – it’s likely you’ve been hit with ransomware.

Ransomware is a threat that scrambles your data and then makes you pay a ransom to decode it.  Over 4,000 ransomware attacks happen every day. Go ahead, Google it. Every. Day. It’s the second most scary thing next to self-diagnosing on WebMd.

Staying vigilant in today’s ever-evolving tech landscape is imperative. Hackers don’t sleep – they’re always looking for a way to get paid. Not everyone falls victim to this plague, but there are a few steps your team can take to ensure no one is opening an email they shouldn’t.

If you’re running an IT team, or are in charge of your company’s security, there are a few easy best practices you should keep in mind when dealing with your not so technical co-workers:

• Get an incident management plan together with your IT team
• Remind coworkers to not open shady-looking emails from unknown addresses
• Simulate an attack and put your system to the test
• BACK UP YOUR STUFF – Get a Dropbox account for your important documents and work in Google Docs or Confluence
• Set up automated system alerts when code looks compromised
• Adjust your computer’s security settings to alert staff in case of suspicious activity

3. Keep your password complicated

Look, this seems easy enough, but there are a lot of people who use 1234 as their password. Really.

By making your password complicated with a series of numbers and symbols, you’re protecting yourself and your information.

Cyber awareness is crucial – it’s important you don’t give hackers the edge. By making the password complicated, it’s harder for password jugglers to crack your accounts.

Or, you could go one step further and register all accounts through a service like OneLogin or 1Password and get all of your accounts connected through an encrypted, and secure portal.

4. Wipe that drive

Just because you delete something from your computer doesn’t mean it’s gone.

Computers have hard drives like the raptors in Jurassic Park: they remember.  

When it’s time to get a new laptop, make sure your drive is wiped clean and you give it a factory reset. If you don’t, those files you thought you’d deleted could fall into the wrong hands.

And there you have it – four simple tips to get your team more secure in 2017.

#Cybersecurity