by We are taught, early on in our lives, to be cautious and to watch our backs and to look out for each other. We obediently lock our doors. We psychologically brand our children. We learn to buckle up. We are a nation of Safety First. Are you as safe in securing your online life?
If your computer crashed right now, do you have a full backup? If so, how old is the backup? If your computer were stolen — could a person with bad intent easily read the details of your life?
If Google/MSN/Yahoo! gave up the ghost in the cloud and lost every single email and search and service they provide for free — how would you recover what was lost? What sort of protection can you expect for free? What routine schemes do you employ to preserve your virtual work and enhance your online safety? Do you use a VPN client?
Do you force your online email service to always use HTTPS? Do you use WEP or WPA? Have you ever been the subject of a DDOS attack? Do you use MAC address filtering? Do you have any idea what any of this means? If not, why not? You’re reading this online so you have some sense of savvy and safety about you.
Do you use an online version of your brick and mortar bank? Are you concerned about anyone stealing your online identity? In the last five years — do you have more of your everyday documents saved on a computer somewhere in virtual form only — or do you have more hardcopy printouts of those documents?
Hi David,
I have a limited sense of savvy. 😀
Last year I was into gaming and disabled McAfee in order to install a game. I never re-enabled it, because it was always scanning and I got tired of it. I know, how stupid was that?
Very stupid. I contracted an end-of-year worm or trojan or something horrible that slowed my OS down to a crawl. Eventually, I could not load my desktop and had to do a complete system recovery.
Luckily, I do not have a business online. I just use my computer for fun and information and to email my friends.
I replaced my tower this year because my system was 3-4 years old and I needed a new one anyway. Now I have Symantec.
Regarding e-mail, you know the story as I have told it several times. I changed residences a couple of months ago and lost all my email addresses due to AT&T not offering DSL in my area and not bothering to tell me ahead of time so I could plan. In fact, they told me it would be no problem. I had to find out after the fact. Now I have Comcast.
Moral of the story: back up. If you have a business, you are playing with fire if you don’t.
Donna
Hi Donna!
Virus and firewall products are interesting beasts. They tamp down your online experience so much that some people just turn them off because they need to get some work done.
How do you know a worm got you if you weren’t running Virus software? Did you open something unfortunate? Were you on an unprotected network?
I still don’t understand why AT&T cut you off from your email. Why couldn’t you just download it all to your new account?
Hi David,
I use WPA2 for my wireless network at home. I did have it set up to use MAC filtering, but took it off because I was thinking about using another computer with the network and never got back to reactivating the feature.
We use online banking and bill pay and as long as the sites are secured, I’m fairly confident that everything is okay. I always use Firefox with those services, so the security is at its highest level (256 bit SSL encryption).
I need to figure out how to set up a VPN client so if I use the computer on a wi-fi network at some place like Panera my information is safe. Right now, I would never check anything dealing with confidential information — I don’t even check email since I worry the passwords could be compromised — while using a public access system like that since you never know who is watching. Ideally, I’d like to set up a secure proxy using one of my own servers so that data coming and going out would be encrypted, but I haven’t spent the time to do that yet.
I had to “wipe” a computer — reformat and reinstall the operating system to keep it working at optimal levels — so I know it is important to keep a backup of word processing files, photos and other content that one creates while using the computer. Keeping those backed up is as easy as copying the directory where those files are stored onto a thumb drive and dropping into a locked file cabinet. I’m less concerned about backing up individual programs since I always have the installation CDs. I also need to start routinely backing up my documents — just in case the hard drive dies or something else happens.
I need to force gmail to use HTTPS all the time. I know there is a way to do this, but I need to implement the idea. (I think I saw a Firefox plug-in that does that).
Hi David,
Do you know anything about iPig?
http://www.iopus.com/iPig/
Hi David,
I don’t know for sure if it was a worm, but I suspect it was. I think it came from an email of a joke I opened.
Regarding AT&T, I still do not know why they would not let me access my account. I talked to several reps, including a supervisor, but to no avail. They told me I could no longer access my account, period.
Donna
Hi Chris!
I haven’t heard of iPig. Is it free? If so — beware! 😀
Donna —
Hmm… most email clients/services will root out those worms and viruses before they even touch you. Was it sent to your AT&T account?
Did you close your AT&T account before they told you all your mail was gone? Have you tried to login anyway to see what you can find?
Hi David,
Our bank’s computer won’t let me log in from a new computer (or another account on the same computer) without having us approve that particular computer. It’s a nice security feature.
Hi Chris —
Isn’t that banking feature required by law now?
Hi David,
Since the VPN clients aren’t that expensive, I might check them out to provide that secure feeling while using the computer at a strange place.
I’ve set up my laptop computer to only use fixed point WiFi access points and not ad-hoc access points (computer-to-computer) since people can name their computer the same name as the WiFi access point and trick you into using their computer, instead of the store’s.
I also forgot to mention that I use anti-virus software that updates daily and a firewall. I also turn off my computer and disconnect it from the internet (and from transmitting on WiFi frequencies) when not needed.
Hi David,
I don’t know enough about banking laws, but I suspect that is probably the case. It makes sense for the requirement.
Chris!
I was surprised to find these for-pay VPN sites. I have a lot of friends who ask for advice on setting up networks and using VPN and a year ago there wasn’t much out there. Now we have some really effective choices.
Your Wifi security policy is good! There are bad people who camp outside public Wifi areas just to leech your private information onto their machines.
I’m glad you also have good virus protection in place. That’s important!
Hi David,
If it was the joke that caused the crash, yes, it was sent to my AT&T account.
I did not close the account. They closed it for me. I moved and waited for AT&T to re-connect my phone lines. After the tech left, I tried to go online, but kept getting an error message that I could not connect.
I called AT&T and, after many conversations, was informed that DSL was not offered in my area and I could no longer access my account. I was very upset and talked with a supervisor/manager who informed me that I could not longer access my account, period.
I have tried to logon to the AT&T website using my old account password. It always comes back “invalid entry.”
Luckily, I do not have a business online. I rebuilt my address file, since it was not that extensive to begin with. 😀
Donna
Chris —
Many banks want to have changing key logins — but that requires a dongle on the consumer end that would plug in to a computer and then sync with the bank’s site. Many businesses use that secure method.
That would have been a nightmare to troubleshoot and use on the consumer level, though, and so these longer, more oppressive, login schemes are the new heyday. Approving individual computers is also another way to try to add specific, but unchanging, key security to mobile machines.
Donna —
What a totally rotten experience!
Stay away from AT&T!
Hi Donna,
It’s probably a good idea to keep email separated from your ISP so that you have freedom to move without your email being held hostage. (It’s cheap to get a domain name, then set it up to use Googles Apps for Domains — Mr. Boles has written a book all about that subject). That was how AOL kept people locked into to expensive dial-up (besides not letting them leave). People were worried they’d lose email if they switched to high-speed internet.
Hi David,
I almost forgot some extra security tips when I was writing about my home wifi network.
It’s always a good idea to set the network to not broadcast your network’s name to keep casual explorers from trying to get into it. Also, it’s a good idea to name it something generic so that people don’t know whose system it is. Sometimes the default name is the name of the router company which could allow someone to figure out how to attack it. Or, people name their network by their family name — making it easy for someone to pinpoint where the network is located.
I’m always surprised to see them, but when I turn on my computer I occasionally see people in my neighborhood running unsecured wifi networks with identification that makes it easy to figure where the network is located. (If this is the case, someone could point a cheaply made wifi “cantenna” toward the house and leech).
Hi Chris,
Thanks for the tip. After reading David’s book, I might try that, since I have no idea what you are talking about. 😀
I used to have AOL dial-up before I switched to BellSouth high-speed (now the new AT&T). What junk! However, I will say this for AOL. They allow indefinite access to your old email account. I could go to AOL online’s webpage today and still access my account. That’s why I could not believe AT&T treated me the way they did. You would think they would keep up with the competition.
Donna
Donna —
I am remembering now that I used to have an AT&T email account way back when and it was really good but VERY secure. You had to be on their IP network and logged into to read, send, create or receive email. If you were off their network, you were locked out. Sounds like that’s what happened to you.
David,
Since I do not know what most of the things you list in your article even are…I assume that I am securely screwed. 😀
Regarding online banking security…my bank has a new security feature for our site that is both good and horrible. The feature is a set of security questions (determined by the customer) that are prompted should the customer’s account be accessed from an unusual computer. That way, a customer that travels a lot can login to their account from any computer in the world without having to alert us first; they’ll just have to answer the questions correctly when they do. This brings me to why this security feature is horrible: most (and I mean most ) customers are not internet savvy. At all . They either try to avoid answering the questions when they are prompted and lock their account, or forget what the answers to the questions are and lock their account, or there is more than one person using a single online login (such as two spouses or a few people at a business) and one of them sets questions that no one else knows the answers to and lock their account. It is…um…annoying.
Hi Emily —
Gosh, I hope you have some sort of active internet protection at home and you just aren’t aware of it.
Yes, one of our banks had those “identity checks via questions” and they are mind-numbing. I understand the banking system is under a lot of regulation pressure to deter identity theft but there has to be a better way. Triple ID verification is always time-consuming and tedious even when you just want to get technical help on your DSL service!