Phishing

Three simple Security Tips to Pass Along to relatives or Friends

Anti-Phishing

Arguably the most critical security tip anyone can pass on: don’t click on links sent via email unless you  are expecting  the sender to send it to you. It doesn’t matter if you know the sender, you must be specifically expecting the link and topic. If you are sending someone a link, IM the recipient and inform him or her that you are sending a link to a  given site. If you receive an email from someone you know with links: IM or call them prior to clicking and verify that they intentionally sent and vouch for the link. The definition of Spear-Phishing is a targeted attack against someone (e.g. you) using  an email that you have some reason to trust or be interested in.  You can lose a lot of money in a hurry by clicking on links that are unverified.

If you receive a link in what is by appearances a legitimate email such as from your bank telling you need to view a secure message or from a site you subscribe to  that is of interest, then assume the link is an attack until you can prove  otherwise. With links in emails, assume they are guilty until demonstrated innocent. Minimally you need to “hover over” links to verify the actual destination URL, and to carefully inspect any addresses.  That’s not enough, however.  If you are interested in information contained in an email, it’s typically a matter of just a few seconds to use Google to find the information linked to rather than clicking. Alternatively, simply type the website in and navigate to it yourself versus relying on links.

Guarding Financial Accounts

If you have an appreciable amount of assets in an account-using your own definition of appreciable-strongly consider requesting  a two-factor authentication mechanism for access. Many financial institutions will be able to offer this.  Consider E-trade,  they provide a simple mobile app for your phone that generates a random number every half-minute that must be used to login, this in addition to the account password (hence two factors: something you know and something you have)

Protect your sensitive data from easily being observed

This isn’t going to stop the hard core code breaker, but it serves as at least moderate deterrence. To add some security to sensitive MS Office files, use the simple encryption mechanism contained in Office. For Excel, a quick and easy password-based encryption can be placed on a file by simply using:

File->Info->Protect Workbook
image.png
If you use Office older than 2013, consider upgrading. Office 2013 uses a fairly robust SHA-512 hashing algorithm. A complex password on your part would require an extensive brute-force attack to crack the document.  Note that the encryption on Office versions prior to 2007 stand little chance of surviving even a half-hearted  crack attempt.
More robust volume or full drive encryption is available with products such as  Symantec PGP. If you were to  lose your laptop, would it contain information, documents, photos that you don’t want the world to have? Keep in mind how easy is it to have a laptop, or even desktop, stolen. Chances are good that any data you have left unencrypted on a stolen laptop will be perused.