Naked Security Naked Security

5 tips for making life easier this SysAdmin Day

Ask not what your sysadmin can do for you...ask what you can do for your sysadmin!

We don’t need SysAdmin Day to remind ourselves who creates all those IT problems we keep running into.

We know the answer already: the cause of every IT problem can be traced back to Someone Else!

But we do need SysAdmin Day to remember who fixes those problems: Sysadmins, the men and women who keep everything working so everyone else can keep working.

So, for SysAdmin Day 2016, we’re presenting a short list of tips to help prevent some of the thorniest problems from the last 12 months.

The thing about the tips we’re proposing here is that many of the sysadmins we know are really keen on them, but haven’t quite got round to implementing them yet.

Even modest security tweaks mean some sort of change, and possibly even a smidgeon of inconvenience for some users.

That’s often enough to put the frighteners on IT, with the result that many small but effective security measures are put off simply to keep the peace.

In other words, this article is actually a “good network citizen” appeal to the rest of us, and these tips are actually for everyone.

Here they are: five little things that can make a big difference!

By the way, although these tips are aimed at sysadmins because some of them can be configured centrally for everyone, all in one go, all from one place…

…you can do them for yourself at home, and for your friends and family, too.

(And while you’re about it, please tell them about Sophos Home, our business-grade security for Windows and Mac, 100% free for home use.)

TIP 1. DON’T ALLOW UNTRUSTED APPS ON ANDROIDS.

Google’s default setting for Android phones is to have “Allow installation of apps from unknown sources” off.

That forces you to use Google Play, which isn’t perfect (the crooks have historically put plenty of effort into sneaking malware into it), but certainly makes you think twice before grabbing apps that may not have been scrutinised at all for security holes.

Unfortunately, this is a setting that often gets turned off, for example to install hot new games that aren’t offially available yet, like Pokémon GO.

Sysadmins can use tools such as Sophos Mobile Control to enforce this setting; if they do so on your phone, please go with the flow.

If you really need an app from an alternative market, you can always ask nicely.

Note, however, that not all Android device vendors support setting this feature remotely, so your sysadmins may have to rely on asking/warning/cajoling you to check the setting yourself.

If they do, give them a SysAdmin Day present: say, “OK, Sysadmin.”

TIP 2. SHOW FILE EXTENSIONS ON WINDOWS

By default, Windows doesn’t show file extensions, which are the characters after the last dot in the filename, such as .EXE, .DOCX or more esoteric extensions such as .JS.

This means that by the age-old expedient of giving a file two extensions, crooks can make a suspicious file look more believable.

Even if you don’t know what a .JS file is, you’re unlikely to believe an email that tells you it’s “an important document,” or that advises you to “open the attached PDF.”

But if the crooks call the file INVOICE.PDF.JS, then Windows will show it as INVOICE.PDF, and it becomes much more believable.

Some people don’t like showing extensions because it just looks like more techie jargon on the screen.

However, we think that there’s no reason to make it easier for crooks to make a bad file look OK.

TIP 3. SET JAVASCRIPT FILES TO LOAD INTO NOTEPAD

We mentioned .JS files in Tip 2. Those are JavaScript files: programs that run inside a controlled sandbox if you open them inside your browser, but that run as full-blooded programs if you open in Windows itself.

Ransomware crooks adore .JS files, especially when the .JS extension isn’t displayed. (We’ve even seen ransomware itself written in 100% JavaScript.)

Few people need to run JavaScript outside their browser, so you may as well tell Windows not to run JavaScript files at all when you click on them. Tell Windows to open .JS files in NOTEPAD instead.

Instead of a ransomware attack, you’ll just get a harmless window full of text that looks like gunk.

TIP 4. TURN ON ENCRYPTION AND PASSCODES ON MOBILE DEVICES

Lots of people are still afraid of strong passcodes and device encryption on their phones: they think they’ll forget the passcode, and they assume that the encryption will slow the phone down annoyingly.

But most people can remember their own phone number easily enough, so why not a passcode?

And even modestly-priced phones are perfectly usable these days when everything is encrypted.

Sure, crooks love encryption when they use it, because it helps them keep their criminal activities secret, but they hate it when you use it, because it means they can’t simply grab your phone and learn everything about you in a few minutes.

TIP 5. STOP BY IT AND SAY, “THANKS.”

OK, this isn’t a tip that sysadmins can do for you. This is one for you to do for them.

Spare a thought: sysadmins often bear the brunt of everyone’s complaints about the inconvenience of computer security.

So make SysAdmin Day the day you take some of that brunt away!

To keep you armed and ready for Sysadmin Day and beyond,
we’re giving away stacks of IT Survival Kits.
All you have to do is tell us a story about your experience of ‘just another day in IT’.

>> Tell your story now! <<