12 Step Security Program - BE SAFE

Good security advice can be hard to find. Lots of security experts offer help, but not all of their tips are accurate or up-to-date, and many address PC security only. So even if you follow their advice, you may be more vulnerable than you think. That's where we come in. We've assembled a dozen simple but essential tips--a 12-step security program--to keep your PC, smartphone, gadgets, and identity safe. The steps are practical and fairly easy to perform, so you can strengthen your security without losing your mind in the process.

1. Use virtual credit card numbers to shop online
You have good reason to be nervous when using your credit card number to shop online. After all, you may know little or nothing about the company you're buying from, and your credit card information is at risk of being comprom­ised in a data breach. Using a virtual credit card number is one way to make your Internet shopping excursions more secure.


Essentially a wrapper for your regular credit card or debit card account, a virtual card number is good for one use only. When you use the virtual number, the bank that supplied it charges your purchase to your regular credit or debit card, but hackers never gain access to the underlying credit card information.


Various financial institutions maintain some sort of virtual credit card program. Bank of America, for instance, offers a ShopSafe service, and Discover has a similar service built around what it calls a Secure Online Account Number. Check with your bank or card issuer to see what options are available. Alternatively, consider Shop Shield, a virtual card number service that you can use with any credit card or checking account.


2. Secure your Wi-Fi
Is your Wi-Fi network at home password-protected? If not, it should be. You might not care if your neighbors use your Wi-Fi connection to surf the Web, but someone with more sinister motives could take advantage of your generosity (and lack of protection) to gain access to data stored on your home PCs.


The easiest way to guard against Wi-Fi interlopers is to encrypt your Wi-Fi network. Afterward you'll have to enter a password whenever you connect to your Wi-Fi network, but that's a small price to pay for improved security. Most Wi-Fi routers support WEP, WPA, and WPA2 encryption standards. Be sure to use either the WPA or WPA2 encryption settings, which provide a much higher level of security than WEP encryption.


Another safeguard is to set your router not to broadcast the SSID (your network's name).
With SSID broadcasting disabled, your wireless network won't be visible to computers nearby, and only people who specifically know your network's name will be able to find it. The procedure for locking down your Wi-Fi will vary depending on your router's model and manufacturer. Check the router's documentation for instructions.

3 Encrypt Your Hard Drives

Hard drives and USB flash drives are treasure troves of personal data. They're also among the most common sources of data leaks. If you lose a flash drive, external hard drive, or laptop containing sensitive personal information, you will be at risk. Fortunately, en­­crypting your hard drive can give your data an extra layer of protection be­­yond setting up a system password. Encryption will conceal your drive's data and make accessing the files almost im­­possible for anyone who does not know your encryption password.

The Ultimate and Business editions of Windows 7 and Vista come with BitLocker, a tool that lets you encrypt your entire hard drive. If you don't have the Ultimate or Business version, another alternative is to use TrueCrypt, a free, open-source tool that can encrypt your entire disk, a portion of a disk, or an external drive. For its part, Mac OS X includes FileVault, a tool for encrypting your Mac's home folder; Lion, the next major Mac OS X release on the horizon, will be able to encrypt a whole hard drive.

Another option is to buy external hard drives and flash drives equipped with en­­cryption tools. Some of these drives have built-in fingerprint readers for additional security. See "Secure Flash Drives Lock Down Your Data" for more about secure flash-drive options.

4. Keep Your Software Up-to-Date

One of the simplest but most important security precautions you should take is to keep your PC's software up-to-date. I'm not talking exclusively about Windows here: Adobe, Apple, Mozilla, and other software makers periodically release fixes for various bugs and security flaws. Cybercriminals commonly exploit known vulnerabilities, and Adobe Reader is a constant target of such assaults.

Not infrequently, the latest version of a popular program introduces entirely new security features. For example, Adobe Reader X, the newest version of the company's PDF reader, uses something called Protected Mode to shut down malware attacks. If you still use an earlier version of Adobe Reader, you aren't benefiting from Reader X's security enhancements.

Most major commercial software packages come with some sort of automatic updating feature that will inform you when a new update is available. Don't ignore these messages; install updates as soon as you can when you're prompted to do so. It's a little bit of a hassle, but it can prevent major headaches later on.

5. Upgrade to the latest antivirus software
If you're running antivirus software from two or three years ago, you should up­­grade to the most recent version, even if you still receive up-to-date malware signature files for the older edition. The underlying technology for antivirus software has im­­proved significantly in recent years.

To detect threats, antivirus products today don't rely solely on the traditional signature files (regularly updated files that identify the latest malware). They also use heuristic techniques to de­­tect and block infections that no one has seen yet. Given how frequently new viruses crop up in the wild, the ability to protect against unknown malware is critical.

6. Lock down your smartphone
If you use your smartphone the way I use mine, your handset probably contains lots of personal information--e-mail addresses, photos, phone contacts, Facebook and Twitter apps, and the like. That accumulation of valuable data makes smartphones a tempting target for thieves and cybercriminals, which is why the smartphone is shaping up as the next big security battleground.

Android phones are already being hit with Trojan horses and other types of malware, and security experts agree that mobile malware is still in its infancy. Worse, many users don't think of their phones as computers (though that's what the devices are), so they don't take the same security precautions they would with a PC. If you haven't downloaded a security app for your Android phone, you should. Most smartphone security apps are free, and it's far better to have one and never need it than to get caught off-guard and exposed without one.

If you have an Android phone, the first app you should install on it is an antivirus program. Besides scanning for malware, mobile antivirus apps may support such features as a remote wipe (so you can securely remove all data stored on the phone if you lose it), GPS tracking (for locating your phone if you misplace it), and SMS spam blocking.

Our favorite freebie in this category is the Lookout Mobile Security app. Lookout scans your phone for existing malware threats and automatically scans any new applications you install on your handset. Other popular antivirus apps, available for a subscription fee, are Symantec's Norton Mobile Security (beta version), AVG's Antivirus Pro, and McAfee's Wave­Secure.

Because Apple's App Store takes a more restrictive approach to apps offered for sale there, iPhone owners generally don't have to worry as much about malware, though it's always possible for something to slip through the cracks. Apple hasn't allowed any proper antivirus applications into the App Store, either, but you do have some security options.

One is a device tracking and remote-wipe service from Apple called Find My iPhone. It comes as part of Apple's paid MobileMe service ($99 per year), but Apple also offers it to any iPhone, iPad, or iPod Touch owner, free of charge. With Find My iPhone, you can lock and remotely delete data stored on your iPhone, track the device via GPS, remotely set a passcode, and display an on-screen message with an alarm sound (so you can find it if you misplace it around your house or office).

One more tip: When choosing a mobile antivirus program, it's safest to stick with well-known brands. Otherwise, you risk getting infected by malware disguised as an antivirus app.


7. Install a link-checker plug-in
Security threats may lurk in seemingly innocuous Web pages. Le­­gitimate sites may get hacked, cybercriminals game search engines to make sure that their infected pages come up in searches for hot topics (a technique known as "search engine poisoning"), and seemingly safe sites may harbor malware. Although you have no way to guard against these attacks completely, using a link checker can help protect you from many of them.

Link-checker tools typically show small badges next to links in search results and elsewhere to indicate whether a site is trustworthy, dangerous, or questionable. Many such tools also add a status indicator to your browser's toolbar to signal the presence of any problems with the site that you're currently visiting.

Various options are available: AVG LinkScanner, McAfee SiteAdvisor, Symantec Norton Safe Web Lite, and Web of Trust are all available for free. Many security suites come with a link scanner, too.


8. Don't neglect physical security
A thief can snatch an unattended laptop from a desk and walk away in a matter of seconds. And a thief who has your laptop may have access to your files and personal information. A notebook lock won't prevent someone from cutting the cable, but it can deter crimes of opportunity.

Kensington is probably best-known for its notebook locks; it offers an array of locks for laptops and desktops. Targus is a second vendor that specializes in laptop security gear, including one lock that sounds an alarm when someone tries to pick up the attached laptop or cut the lock cable.

Prying eyes are a common security hazard. To prevent unauthorized viewing of your data when you step away from your desk, always lock your screen before leaving your PC unattended. To do this, simply hold down the Windows key and type the letter L. This will bring up the lock screen. To get back to work, press Ctrl-Alt-Delete, and enter your login password at the prompt.

Another way to shield your screen is to install a privacy filter over the display. These filters fit directly on a monitor so other people can't peer over your shoulder and see what's on the screen. A privacy filter may be particularly useful if you work in an "open" office that lacks cubicle walls. Various companies sell these filters, including Targus, 3M, and Fellowes.

9. Make HTTPS your friend
When you're browsing the Web, protect yourself by using HTTPS (Hypertext Transfer Protocol Secure) whenever possible. HTTPS encrypts the connection between your PC and the Website you're visiting. Though HTTPS doesn't guarantee that a site is secure, it can help prevent other parties from hacking into the network and gaining access to your account.

Many sites use HTTPS by default: When you purchase an item online or log in to online banking, for instance, your browser will probably connect to the site via HTTPS automatically. But you can go one step further by enabling HTTPS on Facebook, Twitter, and Gmail.

To use Facebook's HTTPS feature, log in to Facebook and click Account in the upper-right corner. Select Account Settings from the drop-down menu, and look for ‘Account Security' on the resulting page. Under the Account Security heading, click Change, check the box next to Browse Facebook on a secure connection (https) whenever possible, and click Save.

For Twitter, first log in to your account. If you're using the new Twitter interface, click your account name in the upper-right part of the screen, and select settings. (If you're still using the old Twitter interface, click the Settings link in the upper right of the window.) From there, scroll down to the bottom of the resulting page, check the box next to Always use HTTPS, and click Save.

To enable HTTPS on Gmail, log in to your account, click the gear icon in the upper-right corner, and select Mail Settings from the drop-down menu. Next, under the Browser Connection heading, select the button labeled Always use https. When you're all set, scroll to the bottom of the page and click Save Changes. To learn more about Gmail security, visit Google's Gmail Security Checklist page.


10. Avoid public computers and Wi-Fi
As convenient as free Wi-Fi and publicly available computers may be at, say, a public library or café, using them can leave you and your personal information exposed. Public computers might be infected with spyware and other types of malware designed to track your movements online and harvest your passwords.

The same is true of open Wi-Fi networks. Cyberthieves may set up rogue Wi-Fi networks that look legitimate (for instance, one may be named for the café that you're visiting) but enable the crooks to collect your personal information. Even legitimate open Wi-Fi networks may leave you vulnerable. For an example, look no further than the Firesheep plug-in for Firefox, which allows just about anyone to hijack log-in sessions for various social networks.

Sometimes, you may have no choice but to use a public computer or Wi-Fi network. When you do, don't use it to check your e-mail or social network accounts, conduct online banking, or perform any other action that entails logging in to a site. If you have access to a VPN, use it.


11. Be password smart
You probably know already that using obvious or easy-to-discover passwords like "password" or your pet's name is a bad idea. But how can you make your passwords significantly more secure?

First, you need to use a different long, strong password for each account. Hackers often attempt to break into accounts by employing a "dictionary attack," which involves using words straight from the dictionary to guess your password. So don't use standard words as your passwords; instead, try creating them from a combination of letters, numbers, and symbols. And don't simply replace letters in a word with a symbol (for example, using the @ symbol in place of an A); it's too common a trick. You can also strengthen your passwords by using a mix of lowercase and capital letters.

Basically, the more complex a password is, the better. But try to use something that you'll be able to remember--a mnemonic of some sort that incorporates various alphanumeric symbols--and that nobody but you would know.

Remembering multiple passwords can be a challenge, which is why many people find that a good password manager is indispensable. KeePass is a good, free password-management option that works on Windows and Mac OS X systems.

12. Check your credit report each year
Unfortunately, even if you do everything right, bad guys might still succeed in stealing your identity. After all, you can control who has access to your personal information, but you can't control how well a company that you do business with secures its personal-data records.

Nevertheless, you can limit the damage that would result from undetected identity theft by checking your credit report regularly. Periodically checking your credit report is a good way to make sure that no one has opened credit card or bank accounts under your name.

If you are a U.S. citizen, you're entitled to receive one free credit report every 12 months from each of the three major credit agencies--Equifax, Experian, and TransUnion--via AnnualCreditReport.com. The service will let you examine and print out your credit report for free, but if you want to obtain your actual credit score, you'll have to pay for it. Since your freebie credit report is just a once-a-year affair, it's a good idea to insert a reminder in your calendar to check in again with AnnualCreditReport.com in 12 months.