- Block phishing and dangerous IP addresses
- Use good passwords & a password manager
- Use a good anti-virus
- Encrypt your data at rest
- Backup all files securely in the cloud
- Wipe and rebuild your computer at regular intervals
1. In 30 seconds, block dangerous URLs for free
Applies to: Home router and individual computers
We now have large numbers of digital devices in our homes and on our networks. Many of those devices are "Internet of Things" passive units which are easily hackable, it is really important to have device, home and office security which goes beyond just antivirus, because many of the machines being hacked aren't 'computers' anymore, but fridges, light bulbs and routers.
The standard DNS servers (Navigation instructions for the web) let you go anywhere on the internet - even places that you explicitly don't want to go because they will do harm to your computer. This happens because the lookup tables for IP addresses will resolve the URL you go to into a routing path through the internet. What they don't do is check if the path is safe or if the ending place is one you want to go to.
Google's search pages do a version of checking where they won't let you go to sites without a warning if they think the site is bad, but if you go directly to a site, or if a virus or bot net invades your house and starts sending devices to URLs, it will succeed.
OpenDNS has a blacklist table of URLs which is continuously updated by the community. If any computer tries to go to one of those when using OpenDNS, it will redirect them to an OpenDNS help page rather than letting them go to the site.
How to set up OpenDNS ( < 1 minute )
On your router and computer, you can add the below server IP addresses as your primary and secondary DNS servers. Then repeat on each of your computers so when you are in a coffee shop or different country, you are still protected.
You can set up OpenDNS or OpenDNS Family Shield. Family Shield additionally filters our pornographic and other inappropriate content and is the correct choice for a home environment.
2. Use good passwords, a password manager and rotate
Set up a good password manager like 1Password
There are multiple services / apps which do this. I would suggest using 1Password or another which is fully vetted and explains how they do their encryption.
A key challenge with all of them is making it easy to copy in your passwords onto a web page or in an app. They need a good browser extension to work well.
A key challenge with all of them is making it easy to copy in your passwords onto a web page or in an app. They need a good browser extension to work well.
Check if your user-names were stolen
There are multiple sites such as https://haveibeenpwned.com/ which have identified the list of user IDs which were stolen during hacks over the last decade and can tell you if your accounts need to have their passwords rotated and if you should worry about their contents.
I strongly recommend checking them regularly or if you hear about a new password breach. Additionally, just changing all passwords regularly is a good idea.
Rotate Passwords
Using 1Password, it will tell you which of your passwords are weak or old and you can easily update them.
3. Use Antivirus
It used to be that on Mac, people didn't worry about viruses, but that was a decade ago. It is now necessary to protect Macs.
4. Encrypt your data at rest
Applies to: individual computers, phones and tablets
If your computer or other devices are ever stolen, the data on them can be easily copied off the hard drive even if you have a password. The reason is that it is not normally encrypted so if someone accesses the memory, there is no protection.
iPhones and iPads ( < 1 minute)
Settings > Touch ID & Password > Make sure you have a good password turned on.
Scroll down to the very bottom of the page and you will see 'Data protection is enabled'. If this is there, your data is secure.
Macs ( < 5 minutes)
Setting > Security & Privacy > FileVault. Enable then reset and it will do it in the background.
You should definitely encrypt your data at rest. FileVault is part of the MacOS and automatically does this. Even if you did not previous have your hard drive encrypted, this allows you to do so now and it will encrypt everything in the background. (So don't delay in using it!)
Apple details on how to turn it on and off.
5. Securely back up files locally and in the cloud
Applies to: individual computers
This may seem normal now, but it is surprising how many times we forget to set up our backups or don't check them and they turn off. An additional key is to make sure our backups are encrypted.
The reason why this is extremely valuable is that when your computer is hacked, it is the operating system or specific applications are corrupted and start to mis-behave. Your actual files, however, are usually left alone or at worst stolen or deleted but not very often corrupted.
Therefore, if your computer is corrupted, you need to re-install the OS from the beginning
Local encrypted Time Capsule Mac Backup ( < 1 minute)
Click Apple menu > System Preferences, Time Machine.
If you are already backing up to a physical disk like their Time Capsule, click on the disk and look in the bottom left corner. If the 'Encrypt backups' check box is checked, you are already encrypted. If not, remove your backup disk then re-add it, clicking to encrypt.
When you do this, just be prepared to have your computer on the network for 12+ hours as it does its initial backup.
Cloud encrypted backups
It is always scary sending our data out to someone else, but in this day in age, it is actually statistically safer to store it in the cloud than locally. I recommend using dropbox for storage unless you have a specific reason not to. Here is their writeup on their security, which is state of the art.
I would recommend creating a base directory with a structure that allows you to easily segment files by usage so that you are comfortable dropping every file you create and anything you see as value in there.
Exclusions from a cloud backup:
- Code repositories which are backed up elsewhere
- OS files which you should always re-install
- Apps you have installed in the past
6. Wipe and rebuild your devices at a regular interval
My iPhone has been slow for about 6 months and I thought it was just old hardware. I reset everything and rather than reloading the iCloud backup, I reinstalled it all from scratch. It is now massively faster which means that there was some process in the background, either official or malicious, which was taking up CPU time and making it less responsive.
The same thing applies to laptops and even Apple TV. Wiping and rebuilding if it feels slow actually does help.
The key is you can't just use a backup you already have as you will probably reinstall the malware or broken process that was bugging you in the past.
The same thing applies to laptops and even Apple TV. Wiping and rebuilding if it feels slow actually does help.
The key is you can't just use a backup you already have as you will probably reinstall the malware or broken process that was bugging you in the past.