How to not be an idiot on the InternetAlex Fields
There was a really funny security article circulated a few years ago after the crypto-variant viruses first started becoming a widespread problem; I wish I could remember who had written it, and if I could find it again I would link to it here and give them due credit. I tried searching for just a few minutes–I haven’t found it yet–but let me know if you come across it and I’ll update this. The linchpin of the commentary was great: “only about 3% of security is about having the right tools in place, while 97% is about not being an idiot on the Internet“–or something to that effect.
Now I don’t know if this person was being 100% serious with that comment–probably they were just being cheeky. And of course, third parties are hacked all the time–so whenever you entrust your digital information to a provider, there are always going to be things outside of your control along with that. But, there might also be at least some truth in this otherwise absurd-sounding statement.
I have been a small business employee, as well as a small business owner, for many years now. I’ve been using computers and the Internet heavily for almost two decades in my work & personal life, and somehow, to the best of my knowledge at least, I’ve never been infected or had my information stolen. Not once.
The strategy is: do not be an Internet idiot
It doesn’t mean that it couldn’t happen tomorrow—it totally could. The attackers are getting smarter and more persistent all the time. Otherwise legitimate seeming websites and portals can become compromised or “go dark.” So yes, I recognize that in some respects, I’ve just been lucky.
But my long-running track record is not purely accident, either. And it has very little to do with which security products and appliances I’ve used over the years. It has more to do with avoiding dark corners of the Internet, ignoring every banner, ad link and unsolicited email, never downloading/installing any application that is not strictly work-related and approved, and not sharing any personal information except through very trustworthy outlets and merchants.
I know what you’re thinking—“Nothing that is non-work related?! But… what about games? What about hilarious memes and social media and cats?! What about… adult… sites!?!?!” These are all fair questions, since I know that many of the online activities I just listed are widespread addictions and common practices among the general population.
Well, I am not sure how to break this to you, but… here it goes: Most of these habits are a complete waste of your time, and of course, they do not contribute to your safety on the Internet.
I can’t tell you how many messes I’ve cleaned up for other people which were completely preventable if they would have just followed my simple advice. So if you are ready to stop being an idiot on the Internet, then from now on, observe the following rules:
1. Authentication & passwords: Change them regularly (45-90 days). Use complex passwords with many character types that do not resemble real/meaningful words too much–certainly not your own name, address, phone numbers, etc. If you have the ability to set up multi-factor authentication for any of your web/cloud-based apps, then do so.
2. Search engines: Be smart about your search terms, and discerning in which search results you choose to visit. If you can’t identify reputable from disreputable sites based on the search results page alone, then maybe try a security app or browser extension that could help you with reputability. You might be able to enable this on your firewall also—WatchGuard offers Reputation-Enabled Defense, for example, with its UTM bundle.
3. Advertisements: Avoid them. Spending precious hours of your day on websites or apps littered with ads (including Facebook and otherwise reputable social media/news outlets) is also a questionable use of your time.* I recommend blocking ads of all kinds. I personally use my WatchGuard firewall to filter out & strip ads right at the perimeter—removing that content from webpages before it can even have a chance to touch my browser and its extensions. In general, it is becoming more and more necessary to utilize perimeter-based filtering and other “Advanced Threat” management software (usually a subscription is required).
4. Games: Downloading games, or playing “free” games online is also not allowed. Ad-supported games on your mobile device are not on the approved list either, sorry. It isn’t that they are all inherently dangerous (some are) but mostly you are wasting your time and attention, and not being discerning enough about your consumption of digital products in general.
5. Sharing: This is about more than being careful with attachments and links shared from other people. It certainly includes these things, but beyond this: just never mindlessly open anything, including your mouth. The firewall can’t do it all for you—you need a filter too. Both inbound and outbound—to protect you from phishing and social engineering attacks. Do not, under any circumstance, accept or share sensitive information with anyone you do not personally know, period. If you do know them, then still practice being overzealous. Ask:
- Why do they need this information?
- Are they entitled to it for any reason?
As well, do not, under any circumstance, open attachments or links from anyone you do not personally know, period. If you do know them, then again: still practice being overzealous. Make this kind of questioning a habit before you choose to open attachments or other shared links/files. If this sounds hard, it’s really not—just don’t go around compulsively clicking on stuff.
- Did it come from the correct email address, including spelling and domain name?
- Did you request this file? If not, can you confirm they intended to send it, and ask why?
- Has it been scanned by antivirus/antimalware yet?
Oh and one more thing about sharing: regardless of the source, never share files with others using USB sticks or USB media of any kind if you can avoid it–USB is broken.
6. Dark corners: You know the kind I’m talking about. Avoid them. They just aren’t allowed. Ever. Grow up and find something better to do with your time.
It’s not a complete strategy
Like I said, it doesn’t mean the worst couldn’t still happen tomorrow. It could. You still need a next-generation firewall and a secure perimeter. You still want to stay up-to-date with security patches. You still want to be using ATP and other security software, anti-malware and so forth. However, I can honestly say that these habits have kept me safer on the Internet than many of my peers (and clients). I have just never made exceptions to these rules options for myself, and I don’t regret it at all. Truly, you don’t have to feel bad for me—somehow the Internet still manages to provide loads of entertainment and distraction. Every. Single. Day.
Do you have other tips for staying safe on the Internet? Let us know in the comments below!