Hello,
In my 25 years as a Macintosh, iPhone and Networking consultant, I’ve used many tips and solutions I’ve found on the internet. In an attempt at repaying my debt to those who have taken the time to post their expertise and advice for the greater good, the items below offer some suggestions from my experiences in the trenches of Apple IT and support. Hopefully you’ll find something helpful among these tips.
Common Sense Security & Computing Suggestions:
1. Never open an email attachment from someone you don’t know or weren’t expecting an attachment from. This is how the most recent “WannaCry” ransomware was distributed. While this iteration only affected Windows computers, the advice still stands; be VERY careful with email attachments.
2. Never click a link or button in an email, without checking the destination URL first. In Apple Mail, hover your cursor over [but don’t click] the button or link to see the URL where you will be taken. On an iPhone/iPad, lightly tap and hold the link. If you don’t recognize the address or site, don’t click.
3. Ignore any/all notifications of software updates, required plug-in’s, Flash updates, media components or any software download which automatically prompts you while you’re in a browser (Safari, Firefox, Chrome, IE, etc.).
4. If you *want* to update software, launch the program in question and check for updates from within that program. In the case of Flash (very commonly used in fake software update notices), use it’s preference pane, in System Preferences under the Apple menu to check for updates. Again – never let anything prompt you to update any software when you’re browsing. It is far too easy to create a convincing pop-up, offering a nefarious “software update.” Cancel is often the safest option.
5. Ignore email messages which claim to be from any institution which asks for your username/password (or takes you to a web interface asking for username/password info). When in doubt, contact companies (particularly financial institutions) via phone. These ‘phishing scams’ are unbelievably common and far too convincing.
6. Be cautious with search engine results. A friend was scammed when he was having trouble with his Kindle e-book reader and Google’d “kindle support”. He called the first number in the search results and found himself speaking with a scam support organization, who took control of is computer and wanted $250 to “clean the viruses.” He finally caught on and disconnected their screen sharing session.
7. NEVER allow anyone you don’t know to remotely control your computer. Even if they claim to be from Microsoft or Apple support.
8. Consider using a password management utility (I use and recommend 1Password from Agilebits).
9. Never re-use the same password on any two sites. This is even more important with passwords for financial institutions. Here is an example of why re-using passwords is a bad idea:
An editor at Wired magazine used the same email address as his username and the same password for his Twitter, Apple ID and Gmail accounts. Somehow his Gmail account password was compromised (probably using a public WiFi network – see #14 below) and the attacker made an educated guess that the same email address and password were also used for his Apple ID and Twitter accounts. The attacker then logged in to his iCloud account with his Apple ID and, using the “Find my Mac” feature (designed to help locate, lock and/or erase a lost or stolen Mac, iPhone or iPad), completely and permanently erased everything on his computer’s hard drive, including the only pictures of his young daughter. They then went on to read through his Gmail account and deleted 8 years worth of messages. All of this could have been prevented by having a backup of his data and using different passwords for different services. Full article:
https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
10. Use the “password generator” in your password manager to create unique, cryptic and strong passwords for every site.
11. If you haven’t changed your WiFi password in a while, it’s never a bad idea to do so. This way, any past guests, staff or others who have joined your network in the past will no longer have access. Family, legit current users and devices will need to re-enter the new password the first time they join the network again, but the security gained can be beneficial.
12. Don’t share passwords, intellectual property or other confidential information via email or text. Use voice or in-person communication instead.
13. Consider installing anti-malware/anti-virus software on your computers. Keep the virus definitions up to date. This is particularly relevant for Windows computers. On Macs, the free adware/malware tool from Malwarebytes works well:
https://www.malwarebytes.com/mac/
14. NEVER use public WiFi networks which don’t require a password to join. Such networks appear without a lock in the WiFi menu:
15. If using such a network is unavoidable, use a VPN (Virtual Private Network) service to encrypt your traffic over the unencrypted WiFi network.
16. Backup. Backup. Backup. If something yucky gets installed on your computer or your data becomes encrypted in a ransomware situation, having current (i.e. nightly) backup(s) can be a lifesaver. I haven’t seen any “ransomeware” (malware that encrypts all the data on your computer until you pay for an unlock key) on the Mac yet, but we know it exists for Windows computers. Having a backup can save you from this nightmare. Test your backups before you need them. I use and recommend Carbon Copy Cloner from Bombich Software.
I will close by saying “I am not a security expert” (nor do I play one on TV) and you should definitely consult with someone who is savvy with PC/Windows computers and best practices for securing Windows machines, if you have any.
Feel free to forward this page to anyone you think it might benefit. If you post the content on social media, all I ask is that you reference me as the original source.
Disclaimer: I don’t get paid by any of the companies mentioned above. These product recommendations are provided based on my own experiences and use.
Please feel free to contact me for more information about any of the information above.
Kirk van Druten – LANsharks Consulting
510-601-5475
About the Author:
Kirk van Druten is the owner and founder of LANsharks Consulting, an Apple Macintosh network and consulting firm, serving Northern California clients since 1994.
Please don’t duplicate or re-publish this without asking first. Thanks.