Start 2014 Safe with a Security Checkup

by | Dec 31, 2013 | News, Security

New Year’s annual reboot provides an excellent opportunity to review your overall security situation online. Though many people faced with recent revelations of government and corporate tracking and surveillance may despair of doing anything at all, Internet security is more vital than ever – as every one of the Target customers caught in this year’s massive holiday hack would surely agree.

Security v. Privacy

It may well be impossible to block surveillance and still conduct business and social activities normally online. But it is possible to survive online with a relative degree of safety. However, these days, security and privacy are not the same. Some steps you could take to enhance one could actually be counter-productive for the other. For instance, many people, concerned with the fact that email is as private as a postcard, urge encryption. Yet at this point, it is by no means certain which (if any) means of encryption really are secure, and evidence suggests that it may simply raise suspicions from the authorities, who are said to store encrypted communications indefinitely, “just in case.”

It’s not just government surveillance either. The big tech corporations such as Google, Facebook, Yahoo, Amazon, and Microsoft, while supplying information to the feds, are skimming vast amounts of data from their customers for their own commercial purposes. Since much of this is done through cookies – those little files they put on your computer – which are also necessary to shop, browse, and do other things, there’s not much you can do to eliminate it completely.

Good Privacy Practices

  • To avoid being followed around the Web by ads when browsing, use search engines that don’t track such as DuckDuckGo or StartPage. Or at least don’t use Google for everything, but use others, such as Bing.
  • Don’t depend on Gmail or other “free” email accounts for anything important. Since those providers may scan your email to send you ads, for sensitive subjects you might want to set up a secondary account here at SWCP (just $2.50/month), or use one of our free temporary email addresses made for just such a purpose.
  • When downloading free software, make sure what you’re getting. Many websites that offer such enticements, even some very reputable ones, will often bundle the software with offerings of  search engine toolbars that are little more than malware, or dubious security scans and other “services.”
  • Use “open-source” programs, like Thunderbird and Firefox, as much as possible. If you’re geeky enough, you can even install operating systems like Linux. Not only are these programs often free and being constantly improved just like premium programs for sale, the open coding makes sure they don’t contain any unpleasant surprises.

Basic Security

Southwest Cyberport constantly strives to protect our users with user-customizable spam filters. We also employ email blacklists, network performance monitoring, virus trapping, disabling malignant links and other means to keep our systems safe. But you can do a lot to keep you and your family safe online. In fact, the security of the entire worldwide network largely depends on everybody taking simple precautions and using common sense. We’re all in this together. Taking care of your online safety also helps everyone else stay safe, too.

  • Never email your password or sensitive information to anyone. Remember that no legitimate institution such as your bank, SWCP and other providers, or the government will ever ask for personal information in an email.
  • Never reply to spam or try to unsubscribe from a list you didn’t ask to be on. Instead, just use your message filters to send those straight to your spamfile and ignore them.
  • Be careful opening attachments, especially from strangers, and be even more cautious opening links in emails, especially those concerned with your accounts.
  • Never click on a link to a log-in page in an email, especially one concerned with an online account. You could wind up visiting a fake page virtually indistinguishable from the real thing that could be bristling with traps. Instead, look up the website online to make sure it’s legitimate and go through the front door.
  • Trust your feelings, but take your time and above all, don’t panic. Phishing attacks depend on goading the victim into acting without thinking by fear or promises of wish fulfillment. If it seems too good, like you won something big – or too bad, like some account has been hacked, or child porn was discovered on your computer – to be true, it probably is. There have been cases also of “ransomware”, where a downloaded program blocks all access until a fee has been paid (and usually not even then). But in any case, if it seems at all suspicious, feel free to contact SWCP Tech Support to check it out.
  • Pay attention to your computer’s performance. If it’s unusually sluggish or you notice a lot of network activity when there shouldn’t be any or strange icons show up in your Taskbar, your computer is probably infected. Be alert to pop-up windows appearing at odd times. If a dialog box shows up claiming your computer is already infected, beware. It will be only if you press the handy “Install now” button for free scanning or removal. Instead, hit “Alt” and “F4” at the same time to safely close the pane.
  • Do use SWCP’s spam filters at the highest settings you feel comfortable with. Many email clients have trainable junk mail filters too. They can not only filter out the spam, but separate your email into useful categories and specialized directories. But do check out your spamfile via our webmail clients such as Roundcube occasionally to make sure important messages have not been blocked.
  • Avail yourself of other SWCP services, such as our single-use email address through our Members Portal, that can help keep you from being targeted. And don’t forget: we offer one free cleaning of each customer’s personal computer each year.

Password Protection

Passwords may now be outdated, but they’re still the main means of authenticating users. Therefore coming up with good passwords and managing them effectively is essential to your online security. Here are the rules for SWCP’s system passwords, and tips for using passwords anywhere.

  • SWCP passwords can be up to 12 characters long. They must start with a letter and consist only of letters and numbers. Capitalization matters. They cannot contain blank spaces or any of these special characters: .,!@$%\?/ and so on. If you simply must have a break in it, use an underscore: _ or a hyphen: .
  • Avoid common password mistakes of using any word that can be found in any dictionary in any language anywhere including names, or any common number combination, including birthdates.
  • Brute-force attacks can always succeed given enough time. But the more characters there are in a password, the longer it takes to break, so use as many as you can.
  • Good passwords are easy to remember but hard to guess. One method is to take a memorable but absurd image or a nonsense phrase. Thinking of memory, for instance, the common images of a key, a brain, and a lightbulb comes to mind: so “keybrainbulb” is uncommon enough to make guessing difficult yet an unusual enough image to recall easily.
  • Another simple way of generating passwords is to switch out similar characters, such as “3” for “E” or “8” for “s”. Don’t forget capitals. You can also use this technique to make your password even harder to crack, like when “keybrainbulb” becomes “K376ra!NbU1B”.
  • Or you can use the automatic password generators on our website on our Members Portal page. Just don’t forget them.
  • Do not use the same password for everything. Change your online passwords every six months to a year or so. Online password managers, such as Firefox Sync, can help keep track of them. Only let your computer remember your passwords if you’re certain the machine can’t be accessed by anyone else.

Software defenses

  • All computers connected online must have a firewall. Most recent models have them built in; check to see if they are activated. Installing an additional software firewall is not a bad idea, either. Many are available free online, and professional versions are available, often bundled with antivirus and antispyware packages.
  • Many modems come with built-in firewalls. Set the port controls to grant only the services you want permission to enter, and also set them to prevent unauthorized messages going out, too. That way, even if it is infected, it might not be able to function.
  • The best way to avoid viruses is to avoid Windows, as Microsoft operating systems are the chief targets of virus makers simply because so many use them. There have been a few viruses targeted at Macs or Linux, but rarely. If you must rely on Windows, avoid Internet Explorer and Outlook if possible for the same reason.
  • SWCP recommends Mozilla’s free open-source Thunderbird email client, and the Firefox browser, but there too, one must be careful: recently, a new plug-in for the browser was found to be a spyware installer.
  • For Windows machines, an antivirus program is absolutely essential. SWCP also does not recommend the popular Norton or McAffee packages due to their widespread use and vulnerability. Instead, we prefer AVG or avast, both in free and pay versions.
  • Be sure to keep all your security programs up to date. Many can update automatically so set your antivirus program to do so, or at least alert you when one is available, and do the same for Windows security updates, too.
  • Scan your computer regularly for viruses and spyware. Some malware can be very tricky to detect and remove, so it’s best to use several different programs. One user recently reported that it took 2 different programs to identify and remove one particularly virulent trojan, which several other more widely used clients couldn’t even detect.

Special situations

  • Think before you post, and reconsider anything aggressive, accusative, emotional, or revealing. This includes pictures as well as text. Remember that it is impossible to “unsee” something and that once posted, like a bird set free, it’s out of your control.
  • Remember that text doesn’t convey subtle emotions so explain or learn to use emoticons. Posting anything online, from email to commenting on a blog to creating a Facebook page requires some knowledge of online etiquette or “Netiquette.” You should understand the rules of the forum as to what should or should not be posted, the use of online nicknames and emoticons, how to recognize and deal with online hostility (even “flame wars”), and above all, that things never go away once they get online.
  • WiFi presents a special challenge. When setting up a wireless home network, strong encryption must be engaged to keep any nearby would-be intruders out. Call Tech Support for advice and access code number generation. Using public WiFi access at a coffee shop or elsewhere raises additional security issues, especially as hackers can set up fraudulent access points that mimic the shop’s legitimate one.
  • Children also bring their own unique set of challenges. Access should be limited and carefully monitored, and the kids should be taught about stranger dangers and Netiquette. Don’t rely too much on software blocks, especially for teens. Parents should keep up with current developments. For instance, they need to be aware that many gaming systems now allow Internet access or local networking and thus may require special rules, like smartphones do.
  • Physical security is important. Coming up with a great password might not help if it’s written on your monitor or on a sticky note under your keyboard. If you must use an insecure or computer belonging to someone else to access your accounts, never save passwords on the machine. It’s not a bad idea to clear out the browser cache when done either.
  • Online shopping can save a lot of time, trouble, and money, but requires precautions just like going to the mall or ordering through a catalog. Avoid spammers, unknown sites, or being sent to an unfamiliar address to process your order. Only buy from known merchants with secure pages (with “https” in the URL and a lock or security icon visible in the corner or bottom of the browser window) and print out your receipt. It’s also a sensible idea, if somewhat inconvenient, not to allow merchants to store your credit card information in their databases.
  • Backing up your files is very important. Viruses and hackers are not the only hazards they face – data can corrupt, hard drives can die, thieves can rip you off, fire and floods can happen. SWCP offers an inexpensive, automatic Online Backup Service, SWCP BUS, but we strongly advise that however you choose to back up, do so regularly and as securely as possible – and to keep a back-up off-site “just in case.”

Be careful online – and never forget that SWCP Tech Support is here to answer questions and get you the help you need. Working together, we can help keep our part of the Internet safe in 2014.