Our security online has a lot to do with our own behaviors.

We can’t passively relax and think that we are safe because we have a virus protection program. Managing your security online doesn’t need to be technical. We can start with things we can do now. No matter how strong our firewall and malware software is, they can do nothing if we figuratively open the front door for the bad guys.

First, if you have not done so already. walk over to your router and unplug it. Do the same at your office. You can come back to this when your router reboots.
Your virus protection software does nothing to stop VPNFilter. The malware can allow the collection of information, or even render the device inoperable. Shutting down the router does stop VPNfilter. Does shutting down the router really work? Yes. Most devices today have some information that stays when the device is turned off. They “remember” things when they are off so they can return when restarted. Part of VPNFilter does this as well but, a part of it is lost when the router is shut down. So yes, shutting off your router stops it. Did you do it yet?

Department of Homeland Security and FBI

The Department of Homeland Security, The FBI and the United States Computer Emergency Readiness Team have issued alerts in the last week warning of vicious malware coming out of North Korea. You risk loss of data, loss of operation of your device, or financial loss and you should take precautions asap.

Being safe starts with us and our own habits.

Old or simple passwords, using the same passwords on multiple sites, neglecting to update operating systems when they updates are released and failing to keep other software, especially websites software/platforms/ plugins and security software up to date all make us vulnerable. Other things to watch are downloads and links in email or on malicious sites.

Here are the steps you can take to protect yourself online, and it starts with strong passwords that you change periodically.

In order to keep them safe and in case you forget them, there are a few password “safes” that you can use to store them. The safes are encrypted so they are secure. It is a terrible idea to keep them in a document or spreadsheet. It is also a really bad idea to email them. I use two, one is called Keepass https://://keepass.info/ and it is an open-source program. It is not much to look at but it is very secure. I also use one called LastPass. httpsss://www.lastpass.com/ I enjoy using LastPass for a couple of reasons. First, It can generate any password with any weird combinations web developers can ask for. Letters, upper case, lower case, numbers, and any special characters in any quantity. LastPass also can create strong passwords that are easy to use. That makes them easier to remember. LastPass has a free version that is more than enough for most people.

Updating software is pretty easy today.

Sometimes you are offered the chance to have the software updated automatically. It is a good idea to set that up. Software developers often alert you when new updates are ready. Usually updating is a one-click operation. One thing I would add is to remember to back up your device regularly. There are plenty of ways to back up your computer whether you use a Mac or a Windows computer.

Malware in email is very sneaky today.

It is often difficult to tell the difference between a real company email and an email that is doctored to look real. In the past, you could sometimes tell a malicious email from a foreign company. With misspelled and misused used words they were often easy to spot.
Today, malicious emails can look exactly like an email from a reputable company they are pretending to be. Spam filters can catch a lot, but not all bad emails. If you see a spam email, something you have not signed up for, go ahead and report it as spam. Your email client usually will dump future emails like it into your spam box.
To spot bogus email, a giveaway is the email address it comes from. If the domain or subdomain is not the real company’s domain, there is a good chance the email is fake. It is important not to click on links in an email if it looks even a little fishy. Your best bet is to leave your email type the company’s email in your browser and visit your account. Also, reputable companies will not ask you for any personal information in an email.
For emails that are not from the company’s domain or sub-domain. Off the top of my head, Apple.com and App|e.com can look very similar in certain fonts. ( the second uses the pipe command “|” instead of an “L” ) Watch for it in the email as well. It is very easy to click on a link that takes you to a site and infects your device. Just as bad, it is really easy to inadvertently give permissions to apps – that’s like giving the bad guys the key to your front door. Also, watch for file downloads that may install malware on your device(s)
It is a good idea to unsubscribe from email lists that you no longer use. The same goes for accounts at dormant sites. That political site that you signed up for and no longer read, unsubscribe from it. Although it is not required by the  CAN-SPAM Act, most reputable companies include an unsubscribe link at the bottom of every email. Some sites that you signed up for require a little work. That Myspace account you haven’t used in years, delete that account.
Antivirus software is a must for under $50 you can get some good protection. Personally, I am a fan of Malwarebytes. For around $50 you can cover your computer and your phone. https://www.malwarebytes.com/

Shut your computer down when you are not using it.

Makes sense right? the less time you are connected the less opportunity the bad guys have to hack it.  Although your computer is inactive when it is sleeping, it can be awakened. That can’t happen when it is off.
Do you know of other things we can do? Do you have any questions that we might answer? Leave us some comments.