02 January 2006

How to protect against computer hijacking and against theft of your personal data (with potential to be used in Identity Theft).

Hijacking can only happen when hijacker's software finds its way to your computer.

Identity theft comes with unauthorised access to your information.

So the best way to protect is :

Don't let them in!

• Keep out software that you do not trust, such as:
  1. Any suspicious e-mail attachments
  2. Files downloaded from strange places
  3. ActiveX and Plugins from untrusted sites
  4. Spyware
     

To achieve this you need

Several building blocks to be in place:

1. Patch your browsers.
2. Anti virus product.
   
3. Anti spyware product.
   
4. Personal firewall
   

 

You should look after your protection software:

· Keep them up-to-date.
· Check them regularly (for example - weekly) that automatic update is really working.
· Configure your software (like anti virus) to scan your computer daily (at night or at lunch time)

• Keep software on your computers patched

Attackers would not be able to exploit known vulnerabilities and execute their programs through security holes.

To achieve that -

1. Keep and maintain list of software you have installed
   
2. Check for updates for each package regularly. Switch ON automatic checking for updates whenever it is possible.
   
Note: Do you use MS Office? When did you check for MS Office update last time?
3. Burn critical updates, Service Packs, Product Releases etc. on the two blank CDs and store one on site and one off site. List of what I think is critical for the current versions of Windows OS could be found on this site soon.


• Keep you data safe and available for restore in case that something does happen.
  
  

  You will need your important information be available ASAP.

  To achieve this -

  ·Identify data that should be preserved
  ·Keep your business related data files (such as drawings,
  plans, documents, presentations, program, schedules, lists of customers) in well identified places on your hard drive (or server)
  ·Check where is your e-mail program keeps your mail box and address book.
  ·Back up that data regularly.
  ·Check that backed up data can be restored correctly and actually used. Do it regularly
  ·Store back up media outside your main office.
  
  this would help as part of any disaster. Power failure could destroy your hard drives. Thieves could steal your computers. You would need your data to keep business running.

 

So to make a conclusion:

• Create the list what should be done and how often
  
• Check that it is achievable
  
• Make schedule out of it. Put it in your dairy (electronic or paper).
  
• Follow it
  
• Review it when necessary.
  

Security is process!
Schedule should look something like that (should be used as an example only!):

Automatic:

Manual checks:

Check this - I am not along in my like of checklists: A Home User's Security Checklist for Windows is what it is - the best advice for home security - list of thing to check regularly.