Become a Patron of Ask Leo! and go ad-free!
Transcript
If I could tell you just one thing …
Hi, everyone! Leo Notenboom here for askleo.com. A while back, about a month ago, I was asked to give a short talk about computer security. But I was given only about five or ten minutes, which really made me, or forced me to distill down exactly what it is I think about when I think about computer security.
In fact, the way I approached it, was to say, “Ok, If I can tell you only one thing, if you can walk away from listening to me for five minutes with only one thing, what would that thing be? What would I want it to be?”
So I gave the talk and I actually came back again a second time so I had the opportunity to say, “Great. What’s the second thing if I could have you remember only two things I say about computer security, what would it be?” I gave that talk, and it actually led me down a path where I ended up talking or thinking about five separate things in priority order relating to computer security.
What I want to do today is basically give you that list – in reverse order.
So, number 5: Keep learning. Now I mean this in a couple of different ways. Of course, it means keep learning about your operating system, how to use your computer, how to use your technology – that kind of thing, but more importantly when it comes to security, it means keep abreast of what’s happening. Stay open to security or computer related news. Understand what the current threats, what the current vulnerabilities are, even just hearing them. You don’t necessarily need to understand them in detail, but even hearing about what’s going on, learning about what’s happening in security in technology today, will help keep you more secure.
Number 4: Be patient. I say that not because I have some important idea that you need to be patient, rather I come to it based on the experiences of the people that I see. So many people are in a rush to get something done, to fix a problem, to accomplish with their technology that when they do encounter a problem, when they do encounter a security issue, they blow right through it and often make the wrong choices when it comes, again, to computer security. Take the time to do a little bit of research, to wait for an answer, to ask a question and get an answer. Do a little bit of work; be patient; it will save you a lot of grief in the long run. Spending a little bit of time up front can often save you a tremendous amount of time later on if things go wrong.
Number 3: Don’t panic. Seriously. This is one of those things where I see people make the worst possible choices when it comes to something related to their technology out of panic. They will click on anything; they will install anything that even hints about being a solution to their problem and many times those solutions really just make the problem worse. In a way, it kind of follows on being patient but definitely take the time; don’t panic; think it through. There’s actually very little you can do that will actually, permanently, physically, damage your computer so just be ok with it. Take your time. Don’t panic.
Number two: Be skeptical. Now we all want to believe. We all want to assume the best out of humanity, and you know what, for the most part, that’s true, but when it comes to promises made by software vendors or tools or pop-ups or any of those kinds of things, absolutely question the source. Make sure you understand exactly where a bit of information is coming from. See if you can’t corroborate with some other bit of information from a trusted source. Develop trusted sources that you know you can rely to steer you straight.
And the number one, most important tip I have for computer security, it’s going to surprise you, but it’s the one thing I want everybody to remember and that is back up. Seriously, back up. Back up everything. Back up your data, back up your computer. Back up. I say that because, you know what, things are going to happen. Things are going to go wrong. Hardware’s going to fail but in the realm of computer security, you’re going to miss something. You’ll end up with malware of some sort; you’ll end up with a virus. Even ransomware. All of those kinds of things can be protected against if you have a good back up in place. If you get malware, you restore to the previous back up that you took the night before and the malware is gone. It’s like it never happened. How much secure can you be?
So those are my five tips. Number 5: Keep learning. Number 4: Be patient. Number 3: Don’t panic. Number two: Be skeptical: Number 1: Back up. You probably could have guess I was going to say something about backing up, I’m sure. If you’re interested in these tips and want something a little bit more readable, perhaps a little bit more coherent, than my just spouting them off here on video, I actually have them collected in a 17-page PDF that’s yours FREE. It’s called, Computer Security: The Five Things I Would Tell You If I Could Only Tell You Five Things. You’ll get it free. Here’s a link: isafety.askleo.com. Enter your email address and I’ll send you a copy of the PDF for free. It’s that simple.
As always, I hope it gives you value. I will see you again next week. Until then, remember stay safe, have fun and tip number one, don’t forget to back up. Take care.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Excellent advice, Leo. I think your top 5 list is spot on.
Hi Leo –
Thanks again for publishing that list. I couldn’t concur more. About two weeks ago my partner had intentionally reset his computer because it “wasn’t working right”. Unfortunately, when he did that, of course all of his desktop icons and folders went missing and a lot of data was not the same as it had been even though supposedly just “resetting” in windows 10 preserves data and programs, etc.
Luckily, I have become a fanatic about backups. I do several different kinds of back ups including an online one and one that I take off site when we go on vacation. Because I do backups, and they are full back ups with Macrium Reflect (thanks for recommending that also) I simply took the most recent back up that I had made, which was only 2-3 days old and totally restored his whole “C” drive. Everything was perfect. Since I hadn’t done anything like this in a while, I had to reeducate myself about booting to that Macrium Reflect bootable media, because one can’t restore a drive that one is currently using. Nevertheless it was a snap and saved a lot of time and work.
Backup, backup, backup!!!
Sincerely,
John J.
Thank you for the 5 Tips and I try to live by them.
Seeing as Microsoft decided to remove the auto logon feature in our email accounts and then give you a solution: True Key.
What do you know about this. I have not activated it yet but would like to know more about it.
One of my backups was to my DVD. Windows 10 does not support Windows 10 media center.
I have lost the use of my internal CD/DVD burner. It don’t write to my E: drive and it will not
read the backup DVD’s. I am left with an F: on my external USB hard drive. My C: has a copy
of the original folders and files.
Over then years I have lost or worn out several hard drives. I had backups so I was able
to survive. Will ms$ ever give us back Media Center or should I discard my CD/DVD’s
Thanks, Esley
Media Center will not return.
But you should still be able to read and write data CDs and DVDs without issue. That’s completely separate from Media Center and should just work.
“And the number one, most important tip I have for computer security, it’s going to surprise you, but it’s the one thing I want everybody to remember and that is back up.” – I’m not sure I agree with this – at least, not from a security perspective. These days, the most malware looks to steal banking credentials, passwords or encrypt data – including, in some cases, backups. Sure, you can eradicate the malware by restoring a backup – if you know which of your backups has not been compromised, that is – but, by the time, your banking credentials, passwords, etc. have already been snatched.
Consequently, I’d say that prevention is by far the most important aspect of security – and a big part of that comes down to knowledge and understanding the threat landscape (your #5).
I agree with you Ray Smith on everything said. I think once the crook is in the house every thing is up for grabs. Good luck on finding the backup to use that you feel safe with. Did your security just get updated to find this? If so how long has it been there. So what back up do you use? As you said by the time you try to come up with a safe backup you are already in trouble.
Consequently, I’d say that prevention is by far the most important aspect of security – and a big part of that comes down to knowledge and understanding the threat landscape (your #5).
There you go. I think you just read number one also but that is just my opinion. We all have opinions…
“I think once the crook is in the house every thing is up for grabs.” – Exactly. Yesteryear, the consequences of a malware infected were usually not too bad – you’d end up with a hijacked homepage, redirected searches or a quote from the Simpsons inserted into your Word documents. But that’s changed. Nowadays, a malware infection can result in your bank account being emptied. So, yeah, prevention is more important than it ever used to be.
I get that. Actually, all five are important. :-)
My ordering was based on my gut feel looking back on the last 13 years of this and asking myself “what one thing would have made the biggest difference to the most people I’ve heard from?”. Backups win, hands down, both for security related issues as well as everything else that backups are good for.
“My ordering was based on my gut feel looking back on the last 13 years….” – Yeah, but things have changed considerably during those 13 years and the consequences of a system being compromised are now much more serious. You could eradicate old school malware – homepage hijackers, etc. – by restoring a backup and everything would good again. All you’d have lost is a little time. You can eradicate today’s malware in the exact same way but, by the time you do, somebody else could have – and be using – your banking credentials. As I said, prevention is more important than it ever used to be.
My prevention is excellent. Never had a virus or malware. I am more likely to have a hardware failure than an intrusion so backing up is more important to me. But since I am already doing prevention by nature, this discussion is just becoming pedantic.
Your backup USB or Mobile hard drives must be physically detached from your computer once the backup is completed.
The malware must first be removed..preferably by a reformat and reinstall, prior to trying to recover infected files from your back up source..
I was asked to remove cryptolocker ransomware from a Seniors’ Club computer recently.
The backup doc, docx , jpg (photos) & xls(spread sheet files) were all encrypted..including the backup drive which was attached to the computer.
It is impossible to un-encrypt these files unless an asking price of $500 USD was paid.
The factory reset stored in the hidden partition on the hard drive was also infected and not usable.
Nice earner for me ..but not the point.
“Your backup USB or Mobile hard drives must be physically detached from your computer once the backup is completed.” – I think it makes better sense to keep external drives connected in order to keep the backup process automated (there’s probably a greater risk of somebody forgetting/neglecting to reconnect the drive and then being without backups than there is of them being hit by a crypto – especially if they exercise commonsense). That said, it certainly makes sense to have an additional cloud-based backup mechanism in place as 1) it gets your data offsite and 2) services that enable versioned backups (most do) make it easy to recover from a crypto.
Thanks for your reply Ray.
My point is that the ‘Seniors Club’ computer back up USB device was attached to the computer for convenience.
When a link (disguised as a PDF)within a Postal email was clicked, the cryptolocker Ransomware was installed and encrypted everything on the hard drive ,including the hidden factory restore partition and also the USB backup :(
Backups’ off site are important as you alluded…implementation for the masses is the problem ….
Thanks for posting this. This is a clear example that Cryptolocker did encrypt a backup file. It’s still not a good idea (for most people) to disconnect the backup drive regularly. It’s just too hard to remember to plug it back in. The best strategy is to do everything possible to be safe online (carful what you click on…) and to regularly switch out backup drives. You then will always have a recent backup available no matter what happens.
Here’s a good article from Leo that you may enjoy: https://askleo.com/will-ransomware-encrypt-my-backups/
Now that crypto-malware is encrypting backup files, it seems that it’s now necessary to make regular backups of your backups. This can be accomplished by making a copy of the backup files to another external drive, or alternating the drives you use for backup. I also feel, at least for me, that a cloud backup solution like Dropbox or a dedicated cloud backup service is essential in addition to system backups.
“I also feel, at least for me, that a cloud backup solution like Dropbox or a dedicated cloud backup service is essential.” – Absolutely. Versioned cloud backups not only protect your data against cryptos, but also against fires, floods, hardware failure and any other disasters or mishaps that could result in the loss of the local copy.
Yeah, there is a degree of risk no matter which way you do things. Keeping the drive connected means there’s a risk of backups being encrypted; keeping it disconnected means there’s a risk of being without backups because somebody forgot to reconnect it (or the backups being encrypted because somebody forgot to disconnect it!). I believe that the former option is the least risky for most people, especially when supplemented with versioned cloud backups.
I have contributed to your news letters when it was buying a coffee do I still need to and how ?
I am over 80 and enjoy it very much.
You certainly don’t need to. In general I prefer people now purchase a book so you get something more out of the transaction. But http://buyleoalatte.com still exists. :-)
Once again I have to praise the good job you are doing. This is probably one the best newsletters (video articles) I have listened to so far. You have hit the nail right on the head. Your 5 options summed it all up with regard to security.
Thanks again and as always keep up the good work!
I have the feeling that people (including me) need to develop critical thinking skills in order to use computers and the internet properly. There’s a lot of information and it needs to be checked, and double checked and compared. Learning how to do a little research and use Google may be valuable for people too.
I recently upgraded to Macrium Reflect 6 and so far that program works like a charm, I must say. Thank you for the constant reminders in your articles and newsletters to back up. :-)
I would also add two words to every conversation that every electronic media user should burn into their minds…NEVER AND FOREVER.
NEVER put out anything you don’t want to share with the entire world…that includes partners both present, ex or soon to be ex, and future; parents, bosses and anyone else…….
And if you put it on social media you should expect it to be there FOREVER. PERIOD!
It’s likely “old school”, as the kids now say, but we have been successful, at least with accounting, by using the three by three method, now with plus. That is the daily back ups are done on rewriteable disks, 1,2,3, that rotate. If a harddive /program goes wonky, you can try to restore with number 1. If one is also flawed, and contains the problem, you can move with caution on to 2. Three stays in the box. Worst case you are two days behind with a clean copy. This is duplicated weekly, and monthly. Besides this archaic system, we also save individual stations to thumb drives, and there is a teribit drive on a server. (and of course, the hard drive on each machine)
Came to this article because we have been avoiding “the cloud”. There is an interesting article on BBC TV today, regarding the information collected by Facebook. A privacy advocate, who uses Facebook only occasionally, requested the materials/information they had on him, the result was a 1222 page document of a very broad spectrum of his files, contacts, activities, equipment used etc, etc. Also the article pointed to the issue that the four key players in the cloud, Amazon, Google, Microsoft and Dropbox (??) , stored their backups in multiple countries, with varying laws re who, what and when the material could be accessed, and a variety of responsibilities to the user. Apparently there is also the issue of knowing exactly where your stuff might be.
I have been very pleased to encounter Leo’s outline of utilizing available backup, in the cloud and elsewhere. Must admit to being a bit curious, and ignorant, about the use and facility of encryption, as well as its strength in the milieu of world wide storage/encryption/hacking experts? Also the issue of ownership of materials stored in the cloud has darted in and out of my attempt to keep current and to make an informed decision regarding use of the cloud. Being old school I am still inclined to keep accounting and highly sensitive data in house, and or in reach, a stored copy off site. But less sensitive data, properly and securely encrypted is a very tempting scenario.
Apologies in advance for any blatant stupidity, but as my Dad said often, “if you don’t ask, you won’t find out.”
Leo and crew, thanks for your clear, insightful answers to so many issues over the years. A very, very valuable resource.
Cheers All
I’m very happy to know my cloud storage is backed up in several countries. That gives protection even if a war breaks out in one or a few of those countries. As for security and ownership, I trust the high grade encryption of BoxCryptor to keep prying eyes away from the sensitive files.
https://askleo.com/boxcryptor_secure_your_data_in_the_cloud/
Yeah, data geolocation/sovereignty is very much a non-issue at the home user end of things. So what if your data is held in another country? A foreign government is no more likely to be interested in your data than your own government – in fact, it’ll probably be less interested. And, realistically, whether you avoid the cloud – as Mel says s/he does – or not, you have absolutely no control over where your data ends up anyway. I mean, do you know whether your bank’s data centers are located in the US or overseas? How about your insurance company’s? And do you know what information data brokerages hold about you, where that information is kept and what is done with it? Probably not.