Secure Your Personal Files
In the last article you learned about the dangers of keyloggers that can affect even the most casual user. The next thing to think about are your personal files. Computers obviously provide an incredible convenience by supplying one central location where all of your information can be stored. A big open field is also a convenient place to store a bunch of things, but that doesn't mean that we should just place everything there without considering access.
Who has access to your files? What happens if your computer is lost or stolen? If someone breaks into your office or home, do you think it's far-fetched that they would search your computer for files that say "password" or files from Quicken, etc.? Are you absolutely certain that your firewalls are properly configured and that your wireless network is truly secure, not just password protected? Do you think that your computer is configured to prevent unauthorized access? Did you know that the startup passwords that are part of a basic computer configuration don't protect your files at all?
One of the first things to understand is how files can be accessed. There are many ways, but we'll limit it to the most common: malicious software, loss/theft, and insecure wireless networks.
How many people regularly have access to the computer that contains your personal information? Even if those users are innocent in their intent, they may unknowingly allow the installation of malicious software. This can be done in any number of ways. If various content is being downloaded regularly, it can be easy to forget to be careful and inadvertently download malicious software. In addition, it's not uncommon for a web site to trick you into clicking something that will prompt something to discretely download in the background. This is generally done via a dialog that entices you to click somewhere on the window. One of the more common tricks is for a dialog to indicate that you have a virus. Even if you recognize that this is a scam and click the close button, that close button may be fake and clicking on it starts the download. Once the software is downloaded, your personal files could be available to a third party. One of the best ways to protect yourself from this type of attack is to use the keyboard to close strange windows. With most computer configurations, any window can be closed by pressing alt+f4 on the keyboard. By using the keyboard to close the window, you have avoided any chance of an accidental download. In addition, encrypting files can greatly decrease the chance of remote file access.
If your computer is ever lost or stolen, the first thing an attacker goes after is personal files. These can be found relatively quickly by looking for accounting files and files with certain names and performing automatic searches that include the contents of files, etc. Protecting your personal files from this type of attack is relatively easily done by encrypting them. Encrypting files scrambles all of the information and, if a good encryption program is used, the data cannot be interpreted.
Wireless networks are becoming more attractive targets as the information to exploit these networks is now readily available and does not require any real technical knowledge; it only requires that one have enough time to read the instructions. A quick drive around Sanibel showed me that most wireless networks are "password" protected, but almost none are actually secure. With many, I could actually see the passwords, as your computers sent them without even trying to connect. A malicious person could easily park a vehicle within proximity and take a few minutes to break into your wireless network. Once they are on your network, any unencrypted file is available to them. If you have network cameras in your house or office, those are accessible too. Once into your network the attacker can make quick changes to enable his remote access and then continue his attacks from anywhere. So, of course, you could remove your wireless network, step back in time, and go wired, but there is another option. A wireless standard, called EAP, offers complete wireless protection. It's a bit complex to get into at the end of an article, but the result is that properly configured EAP (with the exception of EAP-LEAP) wireless networks are completely secure (not including such methods as social engineering that prompt you to provide your password to an attacker directly).
Computers offer exceptional convenience, but do not assume that your information is locked and safe. Your house only locks when you lock it and your computer functions in the same way. If you are not specifically securing your personal information, it is available to others.