If there’s one cybersecurity practice that absolutely everybody can do, that absolutely everybody should do, that should be as much a part of your day as brushing your teeth, making the first cup of coffee and correcting people who are wrong on Reddit, it’s this:
Keep your software up to date.
There’s an army of criminal hackers out there using computer programs to scour the internet for devices with out of date software. When they find a bug they’re looking for they can use it like a crowbar to prize open your electronic life.
They can steal your photos; spy on you through your camera; sniff out your banking password; exhaust your battery by mining cryptocoins; sell access to your Facebook account or wrap up all your stuff with encryption and demand a ransom.
Regularly updating your software is the single best, most efficient, most easy-as-falling-off-a-log thing you can do to shut them out.
That’s why we were delighted to hear about the UK government’s new Cyber Aware campaign.
Cyber Aware is encouraging you to take time to update your software with the inducement of giving yourself 15 minutes away from your screen while your tech feeds and waters itself (a #techfree15 minutes, if you will).
Just think what you can do with an extra 15 minutes.
Wait… what? 15 minutes?
Clearly these guys haven’t done a major Windows or MacOS update recently. To be fair to them I guess #techfreeForAnythingUpToAnHourMaybeEvenLongerIt’sHardToSay is a hard sell.
Cyber Aware suggest you spend your 15ish minutes doing sensible things like taking a walk in your local park, talking to other humans or having a 15 minute tech-free rest before bed.
A rest.
Don’t they know you’ve got other people’s computers to protect too? Moreover, don’t they know you’ve already drunk seven cans of Monster today.
Rest. Meh. There’s no rest for the wicked and not having a computer is no excuse for giving up the cyberfight. Here’s five things you can do without a computer to make everyone else’s computers more secure while you’re taking your #techfree15:
1. Make friends with your IT team
- Duration: 5 mins
- Difficulty: 3/5
If you already work in IT, skip to #3. Actually don’t. Go and speak to a colleague you don’t know. If you work with Windows go and speak to somebody wearing a heavy metal t-shirt. If you work with *nix go and speak to somebody wearing a shirt.
If you don’t work in IT, go and say hi. You’re going to need them one day so don’t wait for a crisis before you introduce yourself.
Not only is “Hello” a better greeting than “is the network down?”, but if the network is down then they’ll be too busy to talk to you anyway because the network’s down and it isn’t going to fix itself.
And while we’re on the subject, there is nothing more annoying than trying to fix a network and being constantly interrupted by people who want to tell you the thing they’ve just stopped you from fixing isn’t working. If the network isn’t down and they still don’t want to talk to you, well, let’s just say it’s not them, it’s you, and it’s time to brush up on what you sound like to a sysadmin.
2. Put up some posters
- Duration: 15 mins
- Difficulty: 1/5
Get some security posters and stick them up around your office to remind other people who’ve torn themselves away from their computers to go back to them. They need to stop making coffee and sort out those awful passwords.
If you don’t want to make your own posters, you can find some snazzy posters in the Sophos Anti-Ransomware toolkit (you’ll have to do a little data capture tap dance to get it).
Pro tip: don’t put posters where people can walk past them. Put them at eye height where people don’t move much and don’t have anything to read. Yes, that’s right, I’m telling you to put them above the urinals and on the back of the toilet stall doors. Seriously.
3. Write a risk register
- Duration: never ending
- Difficulty: 162/5
Risk registers: everybody needs one, nobody wants to write it. Well, guess what, you’ve got at least 15 minutes to spare so get writing. Be careful though, risk registers can get quite long and you’ll have to write it by hand so don’t forget to add writer’s cramp and carpal tunnel syndrome to the register. Oh and if it’s as lengthy and comprehensive as your project manager’s PRINCE2 trainer would like it to be, be careful not to break your foot if you drop it.
4. Clean, wipe, shred
- Duration: 15
- Difficulty: 1/5
Lift your head up from your computer and look around you: you’re leaking data. The pay slip in the unlocked drawer; the password on a post-it stuck to your monitor; the bound conference notes you’re never going to read; the work of art on the whiteboard behind you.
Everyone can see them. They’ve got to go.
For your confidential paper waste that means a trip to Mordor the shredder. Unfortunately shredders, like their stablemates photocopiers and faxes, aren’t governed by the normal rules of physics nor any kind of recognisable logic. They are emotional, moody and vindictive machines that hate the taste of paper and hate you for feeding it to them. Luckily for you, you only have 15 minutes so there’s only have enough time to jam the shredder twenty seven times.
5. Make a tinfoil hat
- Duration: 2 minutes
- Difficulty: 2/5
If you don’t have a tinfoil hat already you clearly don’t understand the seriousness of the situation. You live in a surveillance state, your identity is toast, your phone is lying to you about being off and in a few years time you’ll consider yourself lucky if you’re kept around as a pet by some post-singularity AI.
You’re going to need a tinfoil hat.
I said it takes two minutes to make a tinfoil hat at the top of this section, but that’s not quite right. It takes a second to Google “how to make a tinfoil hat” and (bizarrely) 2:45 to watch the the YouTube video How to make a tin foil hat in less than two minutes. But you can’t use them because you’re having a tech free 15ish minutes, remember?
You don’t have Google, YouTube, iFixit, WikiHow or Stack Overflow. You’re on your own with some scissors and a roll of aluminium foil.
You’ll be lucky if you get out of this with ten fingers…
Best check if your updates have finished.
from Naked Security http://ift.tt/2xcnxD9
0 comments:
Post a Comment