The recent attack on Sony’s Playstation Network was followed up with a flurry of attacks on a variety of online sites on everything from video game platforms to the CIA. Some attacks were deliberate and debilitating, others for the (alleged) “comedy” value that they gave one of the more prominent hacking groups, LulzSec, including the release onto the Internet of thousands of user passwords. LulzSec recently announced it was disbanding, but that’s not either verifiably true or the end of Internet hacking.
So what’s to be done? At a larger scale, it might not seem as though there’s much the ordinary user can do to protect themselves. After all, the administration of large online services is up to the providers, right?
Not exactly. While it’s true that we can’t control what those companies do, it’s worth noting that many of the behaviours of ordinary users have a profound effect on Internet as a whole. Here’s three simple steps that every single Internet user should follow to help both themselves and the security of the Web as a whole.
1) Keep it updated: Whether it’s operating system updates, new versions of your favourite Internet browser or the signature files of your AntiVirus software, running older, unpatched software provides an easy way into your system for the bad guys. This isn’t just a precautionary measure for your own system data; worldwide millions of systems are compromised and turned into attack or spam vector machines by malware without their owners being aware of it at all.
2) Simple passwords are only for the simple: You’ve probably got a password for dozens of online sites, from banking to Facebook and anything else besides. Remembering passwords is tricky stuff, but having a single login password for everything is just plain stupid. If a system is compromised through no fault of your own, the first and easiest attack on your other accounts is via a single password. There’s a number of software utilities that can help with storing multiple passwords securely via a single strong master password, and many of them can help you generate truly strong complex passwords for every single login.
3) Switch it off!: Most compromised systems are done so effectively invisibly; the whole point from the malware author’s point of view is that you don’t know it has happened, so they can continue to use your PC as a slave in a larger botnet, or more simply mine it for passwords, personal information and hopefully money. While you should protect yourself as well as is feasible via updates, one of the simplest things you can do to confound any malware is simply to switch your PC off when not in use. Sure, it’s handy to have a PC that flicks to life when you move the mouse or run a finger over the trackpad, but that always-on system is always available to malware authors and hackers as well. As an added bonus, you’ll save a reasonable amount on your power bill.