Wednesday 12 May 2021

12 Security Tips (revisited for 2021)

How much has computer security changed in the last six years?

In 2015, six years ago to the day, I published a 12-point security tips list. The goal was to advise on the most effective ways to improve your computer security, starting from the most important and working down.

How well does that list stand up today?

Do the original tips still stand? Are there any missing?

Basically, most of the tips are still valid and very important. There is one new, critical tip. A couple are still OK but not as important.

Here's the original list, with comments:

1. Update applications and operating system (yes)

2. Use different usernames and passwords for different services (yes, but even more importantly use multi-factor authentication to protect your email and file storage accounts as a minimum)

3. Maintain on-board anti-malware and firewall software (yes, but you probably already have it included in your operating system these days)

4. Use a VPN with public WiFi (no, because so many services use in-built encryption (e.g. SSL) it's not worth the trouble)

5. Secure your broadband's router - enable firewall; disable remote administration (yes, worth checking, but probably default now)

6. Install anti-exploit software like Microsoft EMET (no, this is in-built to Windows now, and third-party anti-malware software often includes similar technology too) 

7. Use a guest WiFi network for visitors (yes)

8. Back up your data (yes, yes, yes! Ransomware is more prevalent today than in 2015!)

9. Check mobile app publisher reputation (yes)

10. Avoid clicking on email links (yes)

11. Don't run updates sent as email attachments (yes, but this isn't happening much these days)

12. Avoid pirated content (yes)

What has changed?

Not much, as it turns out. There have been some significant improvements in security, particularly for Windows, since then. So tips like installing anti-exploit software and using VPNs with public WiFi are less important than they were.

Also, attackers change their tactics and no longer send fake updates by email. But they send more ransomware than before. The threat landscape changes. The general security principles do not.

The short version is, do everything I said before, but include multi-factor authentication with your most important accounts - specifically your email and file storage accounts. And maybe don't stress too much about VPNs anymore.

No comments:

Post a Comment