The 10 Commandments Of Basic Security For DIY Authors, Artists & Creatives Online #infosec #cybersecurity

The 10 Commandments Of Basic Security For DIY Authors, Artists & Creatives Online

by SM CADMAN

Originally published on Page to Pixels in 2015.

“Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure.” —Helen Keller

  1. Thou Shalt Use Both An Antivirus And A Firewall, Paid Ones!

Use a paid Antivirus and Firewall. It will update regularly, keeping you protected from Zero-Day vulnerabilities and provides an extra layer of protection when surfing online. Are they fallible? Yes. But for the majority of regular users online, it will keep you and your machine and devices protected from most of the typical and damaging malware and viruses. Some Antivirus software such as Kaspersky will also keep you protected from nasty things like Rootkits and RAT’s (Remote Access Trojans). For another extra layer of protection, if on a Windows machine, keep UAC (User Account Control) enabled too. It keeps malicious software from modifying your system without your permission.

  1. Thou Shalt Use Strong Passwords

A hacker once told me, “Your passwords should be like launch codes…” and I agree. They should contain (wherever possible) long strings of both upper case and lower case letters, digits and symbols such as #!&. Or use a string of four to five words, unrelated to one another but know that sometimes these types of passwords are vulnerable to Dictionary Attacks. Make a hard copy of all of your passwords, keep them up to date, a simple notebook will do, kept in a secure location. Change them every 3-6 months. If your machine is clean, malware and virus free, think about using a Password Keeper but also understand that they too can be vulnerable to attacks. Avoid Public Wi-Fi whenever possible, and make sure your home network is secure by choosing the most appropriate setting. If you must use Public Wi-Fi, make sure your settings on your computer and/or devices are set to Public to avoid sharing files on that network.

  1. Thou Shalt Not Reuse Passwords, For Goodness Sake!

Use a different password for every account and/or device you use or have. Yes. You must! It’s a pain in the ass but it’s worth it, so just do it.

  1. Thou Shalt Regularly Backup Your Files To Either An External Drive Or Cloud

Remember to back up your files, such as media, documents, photographs and any software/applications you use frequently. Use an external, portable hard drive for added security if you don’t trust Cloud back up, flash drives for quick backups etc. Keep your passwords on Cloud backup secure by following the aforementioned advice.

  1. Thou Shalt Keep All Of Your Software/Apps And Websites Updated

Make sure you regularly update your machine and software too. Choose automatic updates if less tech savvy. Always keep Flash updated and if you’re not using Java for gaming (Minecraft etc.) or keeping it up to date from previous versions, uninstall it. Also make sure your browser is updated too.  If you’re thinking about having a website and are not technically proficient, use a CMS (Content Management System) website provider such as WordPress.com that regularly updates your website’s security and includes a comment anti-spam features (like Askimet) that also protects you from attacks.

  1. Thou Shalt Be Aware Of Phishing Attempts And Social Engineering

Phishing is a particular nuisance to those who use the Internet for business, such as writers, artists etc. Often it arrives in your inbox in the form of some job offer or some other product offered. Always check the email it was sent from, if you can see the source of it (some email providers, provide this service) examine it. Social Engineering can also take place in these malicious types of emails by trying to entice you to download certain documents, run programs or click on various links within these emails. Good rule of thumb is: Unless you know the person and they’ve made you previously aware of sending you such information, don’t download anything or open any links. Be suspicious and wary of links that even family and friends send you with jokes etc. Social Engineering is especially rampant on Social Media by using tactics such as, ego flattery, being overly friendly and even romance (specifically targeted at women) or just the opposite, abusive with you. In security, the weakest link in the chain is the human being. Kevin Mitnick was famous for exploiting human vulnerabilities. Good videos explaining this to the average user are:

The Dangers of Social Engineering at TEDx by Brian Brushwood

This is how hackers hack you using simple social engineering:

The Dangers of Social Engineering by NCMS Inc.:

  1. Thou Shalt Not Feed The Trolls, Stalkers, Script Kiddies And Hackers

They will lie, defame and are often downright delusional with accusations, anything to engage you. Why? Because they’re trolls. But don’t engage them. They use tactics such as shaming and doxing also. Often their motives are simple and for very selfish reasons, but the worst ones can have far-fetched vendettas about some innocuous thing you’ve said or think you may have done or wronged them by. Never be afraid to block them or even act bizarre (crazy*) to deter them and keep them away from you. Blocking isn’t censorship on them—it’s giving you your freedom to go about your business online free from harassment. Their abuse is censorship on you. If it’s particularly bad, always take screen shots but never respond; log IP’s on your website with any explosive comments and don’t read them if they upset you. And never be afraid to seek out professional help if it gets out of hand.

  1. Thou Shalt Not Freak Out If Hacked On Social Media, Twitter Etc.

Most hacking of accounts on Social Media occurs because of these reasons:

-A compromised app, or bogus app

-Clicking on links, especially shortened URL’s without expanding them to see the link

Often URL shorteners are used nefariously to track users and glean their IP and information from them. Used with Grabify or Google Analytics or even an app, users that use these URL shorteners can then keep track of who or what visits their specific link shared, in a sense, it’s also a form of phishing by obtaining your IP and information too.

-Visiting websites without being aware they’re logging your IP, or neglecting to scan the website first

Most malware and viruses are often dispatched in private messages and DM’s (Twitter, Direct Messages) via links or code dumped there, or links that lead you to re-log into your account. If you see strange code dumped on your feed or other nefarious posts shared by others on these platforms, never retweet them or repost them. Be wary of spam masquerading as actual posts or tweets too. Often times bots on Twitter will attach themselves to your account. Never follow back and block all bots if they follow. Do not retweet or follow any Follow Back Teams either.

Signs of bots are: Never engaging in reciprocal conversations; timelines full of quotes and jokes, a sign of automation; and no favorites.

Resources and information:

To scan URL’s try, VirusTotal: https://www.virustotal.com/

Google’s Transparency Report (on a specific site): https://www.google.com/transparencyreport/safebrowsing/diagnostic/

To expand URL’s try, LinkExpander: http://www.linkexpander.com/

CheckShortURL: http://www.checkshorturl.com/

Does the Twitter Follower Scam Actually Work? by TrendMicro: http://blog.trendmicro.com/trendlabs-security-intelligence/does-the-twitter-follower-scam-actually-work/

Investigating Twitter Abuse, Part 1 by TrendMicro:

http://blog.trendmicro.com/trendlabs-security-intelligence/investigating-twitter-abuse-part-1/

Investigating Twitter Abuse, Part 2 by TrendMicro:

http://blog.trendmicro.com/trendlabs-security-intelligence/investigating-twitter-abuse-part-2/

  1. Thou Shalt Be Choosy About The Media You Share Online

Not everything about you must be shared. Think Before You Post is a good way to stop and reconsider future repercussions about what you’re posting. Limit your media such as photographs too unless this is your business to do so. Understand that Cloud, devices, Social Media accounts even with extreme privacy measures set on can still be hacked by very obsessive, stalking hackers. Never store, take photos of yourself that you don’t wish to be shared or made public. Understand too that devices and computers with built in cameras are at risk also for being hacked. If you feel especially paranoid about this, tape up your cameras and never use them. Use a separate device/camera to take photos with. Make rules between friends and family to okay all media about you before they post it too. Know your boundaries and what you’re comfortable with and never be afraid or intimidated to enforce them with others.

June, 2016: Mark Zuckerberg Covers His Laptop Camera. You Should Consider It, Too:

  1. Thou Shalt Not Freak Out Even If This Still Happens To You, ‘I Was Still Hacked!’

It happens, even after following the most stringent routines with security. Know that it’s not your fault and it happens to thousands of people and businesses each day. Seek out professional help if you’re dealing with malware and virus and get help if you’re dealing with personal abuse too, especially with PTSD and depression as a result from it. This may be the case if it has been an especially virulent attack such as doxing or from cyberstalking. Know that you’re not alone and you have just as much right to be online as anyone else too.

~Sara