Posted on: February 1, 2015
Posted by: Ron Merrifield, Security Analyst/Systems Administrator, SilverBirch Hotels & Resorts
It’s becoming a common occurrence to hear about companies who have been hacked and had confidential information leaked. Companies who have been trusted with our information; Information which could wind up stolen and sold to the highest online bidder. Inevitably it is used to leverage some sort of financial or informational blackmail, or used to commit identity theft. Much to the detriment of the original owner of that information. Sound scary? Darn right it is.
Because we live in such an interconnected world where we send and store sensitive information on our phones, laptops and tablets as a means to do business, we can be left quite vulnerable. And unless you happen to be an IT pro or a tech savvy individual, protecting your data from these online predators can be quite a daunting task. Which is why for the majority of us, we have come to rely on either the family IT pro, the guy at the local computer shop, or even Google to help us navigate this perilous information highway safely and to ultimately protect ourselves from those that wish to do us harm.
Think Coffee Shop, Airport, or even Hotel Lobby… What do they have in common? Free Wi-Fi of course! It’s great that these services are offered, but they are also the prime hunting ground for those who would love to get their hands on your information. How many of us actually read the ULA that is presented, prior to logging onto that guest network? Do we really pay attention to the warnings that we must use these networks at our own risk, and that the providers of this services are not responsible for the security, or loss, of our personal data? I don’t think very many of us do, or we would have a lot less information being taken. Regardless, you login anyway, not really knowing whether your data is truly safe or if you have adequately protected yourself from the potential user on the other end trying to exploit your device.
To give you some peace of mind in ensuring your device is secure when working on a public network, we’ve come up with some simple tips and tricks to get you started on your path to safety.
1. Always have your PC, Tablet of Phone Firewall software turned on.
If your device comes equipped with a firewalling feature, make sure it is turned on. This applies primarily to Windows (7 & 8) and Android devices as Apple’s iOS incorporates an operating system design that uses a methodology known as sandboxing. Sandboxing is where applications are logically separated from each other during installation and only by explicit permission are they allowed to access files, preferences, network resources, hardware, and so on.
2. Make sure your Antivirus software is turned on and up to date.
Make sure you have an Antivirus (AV) solution installed that is running and up to date. In many cases when people buy a new PC it will come pre-loaded with a free-trial of an AV software. The user will typically use this free trial until expiry, but then never bother to renew the subscription. If you can’t afford to buy the subscription from a vendor like McAfee, Symantec, or TrendMicro, then there are free options you can also consider such as Malwarebytes, AVG, or Sophos. A lot of the big AV vendors put out scanning tools free of charge, but very few put out free full AV solutions that when installed are always on and protecting. On a related note, Windows does come with an AV solution called Security Essentials… Not bad, but that is a matter of opinion. To see some AV solutions for Android, click here.
3. If you’re an Android user, learn how to harden your device.
Android unfortunately has made a name for itself when it comes to the ease of their devices being susceptible to attacks. Although the world of Android has come a long way, the ability to find, compromise and leverage weaknesses in order to obtain confidential information is a lot easier on Android than on a proprietary system, such as Apple. But not to worry, there are ways in which Android users can increase their security posture and reduce the scope with which an attacker can compromise their device.
4. When connecting to a Public network, choose the most secure system settings on your device & turn your file sharing OFF.
For Windows machines, when you join a new public network you will be prompted to specify what level of network access you wish to grant. By default you are given 3 choices: Private, Work, or Public. In the case of an unfamiliar or unfrequented network (ie. an airport terminal), always choose ‘Public’. By design, Public is the most secure setting of the three as it disables file sharing by default.
5. If possible, turn off your Administrative shares.
If you are on a Windows machine, having your Administrative shares disabled can reduce the scope of attack for the bad guy. This however should be done with caution as it has the potential to cause issues, especially if your Windows machine is a corporate company issued device. To find out more about this please click here, or talk with your IT Administrator.
6. Make sure your user account is not an Administrator level account.
This is one of the biggest errors that Windows users make; you should never have yourself set-up as the Administrator. Although it makes it slightly less efficient to manage the PC, it’s recommended that you always set yourself up as the user with the least amount of privilege. Administrator access should only be given as needed for things like software installation and system configuration changes.
If you run on a Linux box, don’t log in as root and should you need to have elevated privileges, use sudo to achieve that end.
7. If available, use a Virtual Private Network (VPN) when working on a Public network.
A VPN is a method of network communication that hides your otherwise visible ‘plaintext’ data from predators by encrypting it. If you are working on a company PC, phone, or tablet, and you need to access company data; you should do so through your company’s VPN. If this is your personal PC or Tablet then there are a number of consumer level products available for a small monthly or annual fee that allow you to achieve the same ends while protecting your data as it travels the network.
8. Use your Phone’s Hotspot capability to avoid connecting to a Public Network.
If your phone’s data plan allows for it, connect to your phone for web browsing capabilities using your phone provider’s network, rather than connecting to the public Wi-Fi. This can get pricey, so following the first 7 steps to better secure yourself on a ‘Public’ network would definitely be more cost effective.
9. Don’t Root or Jailbreak your phone.
For Android and iPhone users (and who isn’t? Sorry Blackberry!), do not root or Jailbreak your phone. It may give you a feeling of empowerment from the “the man”, but it also makes it a lot easier for the bad guys to compromise your device. So just don’t do it!
Even though you now have a better idea of some different methods of protecting your devices, we still encourage you to do further research as there is more information out there on the ‘net’ than could ever be covered in just 9 bullet points. This is just one man’s opinion on how you can help protect yourself from losing your valuable personal information when connected to this very much interconnected world. And just remember if you are unsure, it’s best not to connect… but if you do, be aware of the possible hazards.