Happy Father's Day to all of the dads out there!
Here's something you can give dear old dad on his special day - sit down with him and walk him through some pointers on how to keep his computer and his personal information safe. If you are over at dad's today spending some time, be sure to give his computer a good tune up while you are there.
Below are some ideas for things to pass along. You might have to do a few of these things for him or perhaps teach him the steps if he's interested, If you've got other tips that would be useful for your dad, please use the comment feature at the bottom to add to the list.
1. Keep it updated, which means the operating system, any programs he has installed, and most importantly his antivirus software. Turn on the auto-update feature and let his computer take care of updating itself automatically. Be sure to reboot if it asks you to.
2. Uninstall any software that dad does not use. Old programs often have security problems, and if dad's not going to use an application anymore, why not free up the space on his hard drive while at the same time making his computer more secure?
3. Make sure that his screen-saver requires a password to reactivate. Too often (particularly in shared environments with family members or office mates) a creative friend might send embarrassing emails from dad's computer or might accidentally download malicious software.
4. If dad has a laptop, be sure that the built-in disk encryption feature is running. This will protect him should his laptop be stolen. Also, invest in a cable lock so that his laptop can be physically secured while he's temporarily away from the computer. Laptops can be stolen in just a few seconds.
5. Warn dad to be careful with what he puts on social networking sites about himself, his friends, and his co-workers. Remember once on the Internet, always on the Internet, especially photographs.
6. Show him how to use website passwords that are complex but easy for him to remember. Tell him that if possible, use a passphrase rather than a password something like Thisismybankpassw0rd is much harder to crack or guess than 75yt*$AS (20 characters versus 8 characters.)
7. Remind dad to pay close attention to where he is online. Many phishing sites appear to be legitimate but if he looks closely at the address bar he may see that he are not really at his bank or site that he thought he was going to. Think twice before entering any personal information at a new web site does this company really need to know the things it is asking for?
Dad's Personal Information
8. Be very careful with peer-to-peer (P2P) or file-sharing programs. They should never be used on office computers, and if dad has them at home pay close attention to which parts of his hard drives are shared to others by these programs. Under no circumstances should he put office information on his personal computer, especially if he uses P2P software at home to share files with his friends.
9. If dad uses reply to all in emails, remind him to check each of the email addresses to make sure he know where his email is going. Also, tell him to BE VERY CAREFUL if he replies to a posting from a listserver or online group his reply may go to the entire group rather than just the person he thought he was writing back to.
10. Dad should know who to call or contact if he thinks he has become a victim of online crime. Events happen fast online and he often will not have much time to call for help before it is too late. In addition, show him how to keep a backup copy of all of his personal information (passwords, credit card numbers, bank account information, emergency phone numbers, etc.) on a physical piece of paper that is locked in a fireproof container.
Marcus H. Sachs
Director, SANSInternet Storm Center
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.