If we want computer security in 2016 to be anything other than a repeat of computer security in 2015 then we’ll have to do things a bit differently in the New Year.
And when I say “we” I mean “all of us”, because we can all do things a little better (and, anyway, your users are gearing up for another 366 security groundhog days).
Yup, 2016 is in our hands!
I asked our regular Naked Security writers what they’ll be doing differently in 2016, and here is what they said. (You can tell us what you’ll be doing differently in our comments section below.)
Mark Stockley
In 2016 I will stop treating my Mac’s offer to postpone software updates like the snooze button on my alarm clock.
If my laptop is open then it means I’m working and I don’t want to down tools for a software update. When I’m asked if I want to install software updates now or in one hour I choose one hour.
I tell myself that one more hour won’t hurt. I tell myself that what I’m doing is terribly important, that I’ll have finished in an hour, and I’ll do the update then.
I tell myself this every hour, over and over for days weeks.
In fact I have an update pending now…
John Zorabedian
A couple of months ago, I went out and bought an external hard drive, but it sat in the box for weeks. I know, I know – a lot of good it was doing me. Imagine how silly I would have felt if, during that time, I had lost my laptop containing all of my important images and other private data. Or it was stolen or damaged. Or I had somehow gotten ransomware on my Mac, making all my files unreadable.
Good intentions will get me nothing. In 2016, I pledge to be much more conscientious about backing up my personal files on a regular basis.
Lisa Vaas
Lisa’s first thought was to “wiggle the crap out of ATMs” to check them for any phony bits that thieves might have stuck on in an effort to skim bank cards. She changed her mind after writing up yet another facepalm-inducing tale about a preposterous Facebook hoax that hooked users with CAPITALISED promises of a share of the Zuckerbergs’ largesse.
Now her resolution is simply to “yell at people more”.
Paul Ducklin
No more New Year’s resolutions for computer security! We need to make online security into a long-term digital lifestyle choice instead of something you can put off until the day after the night before… errr, which is my New Year’s resolution, I guess.
Your End Users
If you’re wondering what your end users will be doing in 2016, our marketing folks have put together this handy instructional video that explains exactly what you’re in for.
(No video? Watch on YouTube.)
You!
Now it’s up to you, dear reader – make your computer security resolution a public pledge in our comments section below!
Image of 2016 courtesy of Shutterstock.
Marvin
To address personal network security more seriously:
1) Get a modem router with up to date firmware and which is onwardly updateable (seen nothing in the Amazon sales)
2) Find a low power box to put between my first modem router – connected to the outside world and my wi-fi router and run something on the box which secures my network and gives me a VPN to use when on public wi-fi. Need to be able to understand how to set it up and then remove the keyboard/monitor and just let it run.
3) Find a better sensible secure back up set-up (including off-site or fire/tempest/theft proof) to cover against ransomware, malware, disk failures (must be due one of them!) and laptop theft.
4) Get my mind around full-disk encryption of my Win 7 and Linux laptops
5) Understand the security implications of my Android kit (tablets and phones stuck on old versions). For instance does having Amazon Music app on my tablet make my amazon account more vulnerable?
6) Understand 2FA and get something workable set up that does not have me constantly searching for my mobile!
7) Get off internet banking!
Paul Ducklin
For (2), and perhaps (5), why not have a look at our free tools page :-)
Everything on there is 100% free, no timeout, no ads.
https://www.sophos.com/en-us/products/free-tools.aspx
Marvin
Thanks, I was thinking of the Sophos Home UTM (is Sophos XG Firewall Home Edition the successor product?) for (2 – the firewall box); my main issue at the moment is getting my mind around the hardware without either spending a huge amount or getting an “always on box” that consumes lots of juice!
I am fearful of buying a bit of kit and then finding it will not quite do what I want (e.g. will the two network ports work the way I want them to? Will they throttle the entire system?).
I also have an old VGA monitor and PS/2 keyboard and would hope that I do not have to buy a monitor just to set up the box.
Paul Ducklin
IIRC, the UTM Home Edition has been replaced in our Free Tools repository by the XG Home Edition. They are different yet very similar, if you know what I mean. As for “what sort of hardware will I need,” why not try it out in a Virtual Machine first, and see what sort of performance you get with what sort of memory allocation?
Marvin
Thanks again. It is not just memory allocation that worries me – I can buy kit where that is upgradable relatively easily.
Virtualisation I find troublesome. Fine for running Linux in a Window on Win7 where it uses the host hardware and interfaces – I do not have to worry too much about what is going on.
But virtualising a bit of security software is a bit of a brain strain! “Stuff” comes in from outside over my modem-router LAN by wifi to my W7 laptop, jumps around inside the host hardware, crosses into the virtual machine where the nasties finally get sorted out and then jumps back into the LAN – does not seem entirely logical! (It might be “secure”, but I like to see the logic to have confidence that the whole thing would not fail due to a poor wifi driver or something!)
Hence the desire to find a solution which goes:
Internet (with possible nasties)
| (modem cable)
1) Modem (ADSL or fibre etc)
| (ethernet)
2) Physical Firewall (UTM/XGHE – removes nasties and provides VPN)
| (ethernet)
3) WiFi Router (where ungrading firmware is now less of an issue)
| (wi-fi or ethernet)
Computers, NAS etc.
Such a structure seems to be logical!
Paul Ducklin
That looks fine to me. Problem with a lot of SoHo routers is that they are sort-of “all-in-one-and-indivisible,” so your modem, firewall, Wi-Fi, switch and everything is all in one box with one BLOB of firmware, so your divide-and-conquer approach is a good idea, if you are willing to have multiple boxes. (Many people like the all-in-one approach.)
I was only suggesting a VM temporarily, as a quick way to try out the VG product and get a feel for it, decide how much memory you might want, what features you’ll use, and so on. Maybe run up a couple of VMs connecting through the Sophos XG VM, and run some scripts to generate traffic, see what happens? Try some browsing – videos, music, downloads, and so on – and see how aggressively you want to set the filtering settings, before going live.
It’s a good way to learn thre product, anyway. (I have XG in a VirtualBox VM as we speak :-)
Billy Reuben
I resolve not to throw up my hands in frustration and utter “Well, then just expose yourself to all kinds of threats! See if I care!” when management (again) minimizes our vulnerability landscape. I will keep applying firm, gentle pressure. A soft tongue breaketh the bone.
Paul Ducklin
Or, as my former boss and mentor (he’s retired now) at Sophos Australia used to remind me…
…you catch more flies with honey than with vinegar :-)
MAR
Never open an e-mail from someone, something or a business you do not know. Delete immediately.
Anonymous
Wonder why most ATMs are still running Windows XP, but connecting to the PCI requires a current and regularly patched OS
Paul Ducklin
Often it’s a stripped-down-a-bit variant of XP called XP Embedded which does still receive security updates, if memory serves.
So, in official terms, anyway, the OS probably is “recently patched.”