Latest cyber attack is a reminder to practice ‘safer computing’

This post first appeared in the San Jose Mercury News

The latest global cyberattack is a good reminder of the importance of “safer computing.” Notice the “r” at the end of “safe.” Being 100 percent safe is a great goal, but it’s not attainable. But safer is easily attainable. Protecting your devices is like protecting your home. Locking your doors and windows doesn’t give you a guarantee that your home won’t be burglarized, but it makes you much safer compared to those neighbors who fail to secure their home.


Listen to Larry Magid’s CBS Radio News Reporters Notebook on cyber precautions

The recent attack, which was initially called Petya, began in Ukraine and spread around the world and crippled thousands of computers, including some at big institutions like the U.S. pharmaceutical company Merck, the Danish shipping company Maers and the French bank BNP Paribas.

Large organizations are particularly vulnerable because, once any machine on their network is infected, it’s possible for the malware to spread throughout the network. However, that doesn’t mean that small organizations and individuals are exempt. Anyone whose machine is connected to the internet — nearly everyone — is part of a global network and susceptible to malware.

So, once again, it’s time for all of us to review our security settings, our software and our habits to reduce our chances of being the next victim.

Start by backing up all your files. You can use a cloud-based service like Dropbox, Microsoft OneDrive, Idrive, Box, Google Drive, SugarSync or, for Mac and iPhone/iPad users, Apple’s iCloud. Another option is to purchase a backup drive such as Seagate’s $55 1TB Portable External USB drive or their $79 2 TB drive. Western Digital has similarly priced drives. If you only have a small amount to backup, you can purchase a SanDisk 64GB thumb drive for $18. All prices are from Amazon. You might find lower prices elsewhere.

The advantage to cloud storage is that it can easily be configured to backup automatically and your data is secure in a remote location, so you’re protected in the event your home or business is compromised by fire, earthquake, flood, robbery or any other unthinkable event. Some people worry about the security of cloud backup storage and that can be an issue so if you do use a cloud service, heed the advice below about strong and unique passwords. If you use an external backup drive, be sure to disconnect it from your computer when you’re not backing up so that it can’t be locked or deleted in the event of a malware attack.

It’s very important to have strong and unique passwords on all your account. Strong means that they are long (a minimum of 12 characters) and contain upper and lower case letters, numbers and symbols. Unique means not using the same password on multiple sites. That’s sounds hard but it isn’t if you follow the advice at ConnectSafely.org/passwords.

It’s also a very good idea to use two-factor authentication. Like an ATM card, two factor authentication means you need to have something and know something. Typically, if someone tries to log into one of your services from an unknown machine, the service will send a code to your phone via SMS. If they don’t have access to your phone, they won’t be able to get in. In most cases, you won’t have to bother with this step unless you’re using a new device or a browser you haven’t used before. Some services, including Google, will also give you a code to use in case your phone isn’t available.

Many attacks only target older operating systems, so it’s important to keep yours up-to-date. Both Macs and Windows machines can be configured for automatic updates, which is the surest way to make sure you’re protected. If you don’t know how, just google “auto-update” followed by Windows or Mac.

It’s also a good idea to install and use anti-malware software. Microsoft offers the free and excellent Windows Defender. There are also good anti-malware programs for Mac and Windows available from security companies like Symantec, Trend Micro and McAfee. If you’re a Comcast Internet customer you can get a free copy of Norton Security Suite for Mac or Windows.

Be very cautious about links that come via email. So-called phishing schemes are common and usually come as an email from a bank or other institution, often asking you to log-in to secure your account or verify your identity. Don’t click on that link. Instead type in the web address manually to make sure that you’re going to the right site and not a look-alike run by scammers. All financial institutions and an increasing number of other websites should have a web address that begins with https. The “s” stands for “secure” and means that the data is encrypted on its way to the server. However, this will not protect you if someone has your password.

Also be careful when using a public WiFi network. If you do use a public network, make sure you know the correct network name because it’s possible for someone to set up a bogus network to trap you and capture your data. A safer bet is to use a mobile account either from a smartphone or by tethering your laptop to your phone. It uses data, but it’s much safer and if you avoid video, audio and downloading files, you won’t use that much data.

And if you’re a parent, talk with your kids about cyber security. They — and you — might learn something. You’ll find some tips at connectsafely.org/a-parents-guide-to-cybersecurity.