The security of computer systems (where, in addition to computers, smartphones, tablets and other equipment with Internet access) involves constant and proactive care since, even without our noticing, our equipment suffers dozens of daily attacks via Internet and / or business networks.
Prevention is the best weapon against these attacks since, after the attacks / infections, the consequences are usually disastrous and irreversible, losing data or allowing others to access sensitive information in our lives (including access to accounts banking, etc).
Here is a series of suggestions that should be taken very seriously because the question is not whether one day will be attacked, but when and what consequences will have this attack. With preventive measures, the risk of attack and its consequences are greatly reduced. Take these suggestions seriously!
1. Have the most current version of your Operating System
Whether on PC or Smartphone / Tablet, upgrade your operating system to the latest version. If the system allows, run the integrated update system. If this is not possible, consider purchasing a license for a more modern system or even purchasing more modern equipment that includes the latest operating system if your equipment is already old.
2. Run regular updates on your Operating System
If allowed by your system, enable automatic updates. If this is not possible, run the system updates manually on a regular basis (at least 1 time per month).
3. Do not use the system as Administrator
If the system allows, use the system as an ordinary user and not as an Administrator. For example, in Windows, you may have created an Administrator user with an assigned password, and only use that user for when you need to install programs. For day to day, create a “normal” user (without being an administrator), also create a password, and usually use only that user.
Programs / Applications / Software
4. Only install programs from trusted sources
On your smartphone or tablet, only install official application store programs for the operating system and / or brand of the device. On your computer, only install programs from official websites of well-known companies in the market or from established software aggregator sites such as http://download.cnet.com . When in doubt, before installing, do a search on the Internet for the name of the program and / or the creative company and see if there are negative references to articles or forums on the Internet (such as the indication that you have a virus ).
5. Never install pirated software
Have you ever thought about what has to gain who makes pirated software available for free? What they have to gain is that, typically, in the middle of the pirated software come viruses that invade your system the moment you install the pirated software. Viruses that share your information and passwords with third parties, viruses that erase your data, or viruses that one day block your computer and demand a rescue. It does not pay to take that risk. In addition to using pirated software is supporting the activities of criminals, the same that may one day destroy your digital life.
6. Have an anti-virus and firewall installed
At a minimum, you have activated the firewall that comes with the operating system (as in Windows, for example) and a free anti-virus. Preferably, you have installed a more complete and powerful anti-virus that includes: firewall, anti-virus, anti-malware, anti-ransomware, anti-spam. And make sure you have automatic updates enabled (free or paid).
7. Always have the anti-virus and firewall enabled when you install a new program.
If any program tells you that you need to disable the anti-virus or firewall (even temporarily) before it can be installed, never do so! Regardless of the reason given to you (usually, they claim there are minor incompatibilities but you can disable the anti-virus and install the program “to trust”). This is clear evidence that you are about to install a virus on your device.
8. Have passwords!
First of all, have your equipment protected with passwords and / or PIN. In the case of a computer, you have a password and, whenever you have to leave your computer turned on without supervision, for example, in a company, shut it down, log out, or put the computer into hibernation (provided you have the option to hibernation). In the case of the mobile phone, it is not enough to have the PIN of the mobile phone card when you switch on the mobile phone (as it used to). With a smartphone, more important than the card PIN when you connect your phone is to have a PIN to access the phone whenever the screen is unlocked. Otherwise, anyone who picks up on your mobile phone will have access to your entire digital life.
9. Use Complex Passwords
Never use simple passwords, which correspond to easily inferred information (your name or family name, date of birth, your pet’s name, etc.) or are actual words in the dictionary.
Always use long passwords (at least 10 characters), with upper and lower case letters, numbers and other symbols (*#$%&=+).
If you find it very difficult to memorize a totally abstract password (such as h3Das9#B8c$), mix a lot of information that is familiar to you but in a complex pattern.
For example, if you entered 1st class in 1980 and your co-worker was named MARIA, a good password you could memorize could be: m+1=a9-RI+8=A0. So there you have this information but mixed in a complex way for others but accessible for you to remember.
For 4-digit PINs (for example, on the mobile phone), you are more limited but still try to choose a number that is not too simple or does not mean anything obvious in your life (nothing to put your date of birth, neither 1234 nor 0000, etc.).
10. Always Use Different Passwords
Use different passwords and PINs on your computer, on your phone, on homebanking, on email, on Facebook, on sites you register, etc.
It’s hard to memorize different passwords, but if it does not and use only 1 password, if someone discovers your unique password, you have access to your entire digital life (and consequently your real life).
This is especially important if you are registering on websites whose reliability is not recognized because you are giving your password to a site and therefore to your managers, who may have scruples and capture your password and use it for other purposes or sell it to criminal networks. If that password is only valid for that site, the damage they can do in your life is almost nil.
11. Use a password management software
If you use a lot of web services and if you follow our advice to have different passwords in each one, instead of trying to memorize all these passwords you can install a password management program on your PC and mobile phone and, in this way, you only have to memorize the password of entry in this program to be able to review the password of the sites in which it registered. Now, never forget this master password!
An example of such a program is KeePass ( http://keepass.info ).
12. Use the Login (2-step) option
Some web services allow that, in order to enter a site, you have to enter your password but also a code that you receive on your mobile phone at the moment. This is an extra way of securing your account and should use it whenever it’s available. Guarantee is that you always have current your mobile phone number and your email in your registration on these sites.
13. Avoid using your Facebook, Google, etc. account to enter other sites
Nowadays, many sites allow instead of making a specific registration to use a certain site, simply enter your data from Facebook, Google, or another common site on which you made a prior registration. Although this possibility allows you to save 1 or 2 minutes in the process of making a new registration, on the other hand, if someone gains access to your Facebook, Google, etc account, you automatically have access to your records on the sites where you used this possibility. Apart from that you are giving these sites a lot of private information from your Facebook or your Google profile. Is it worth it, to save you 1 or 2 minutes of work, to take these risks and lose control over the privacy of your information?
14. Third Party Access Authorizations
Avoid making third-party access to your Facebook, Twitter, Google Plus, etc. accounts as much as possible. Whenever you use an application within these sites (games, horoscopes, etc.), you are giving access to third parties about your information, which will then be sold in marketing databases. In some cases, it’s even worse, because these applications can do publications on your behalf, send messages to your friends, etc.
Be very careful when a page asks you to have access to your Facebook profile, etc., as it is possible that this access will be abusive. Note that if you just want to make tastes, share content or make comments on articles, you never need to give any special access.
If you suspect that you are placing posts on your behalf or appear to have liked pages you did not like, review the Facebook, Twitter, etc. settings for applications that have access to your profile.
15. 1 Social Network = 1 Profile
If you have multiple profiles or if you always change your profile, name, photo, etc., when a false profile appears in your name, how will your friends know which one is true?
Create only 1 profile, stick to a name, and try to keep the picture for some time.
The same applies to your email. Do not ever change your email address. And, if you have to change, send an email (from your old email) informing which one is new. Only then will your contacts know that the new email is yours.
Do you really have to publicly share everything that happens in your life?
1. Note that once you put something on the Internet, it stays on the Internet forever and everyone (friends and strangers) will have access. Regardless of when you put the information as just for “friends”, sooner or later this information will be public to everyone.
2. Never say anything online that you did not say in the street to a stranger. If you see a suspicious air person at the door of your house will you tell him that you will be on vacation for the next 30 days? It’s that when you give this information online you are doing it, along with potential criminals. Even if you think you’re only telling this to your “closest” friends.
3. Never put photos or personal information of the children under your care online. In addition to being illegal, and taking away from their children the right to control over their privacy (which assists all human beings regardless of their age), children’s pictures will invariably stop at pedophile networks. Again, would he come to an esplanade and distribute pictures of his children in bathing suits to the strangers he encountered? And tell them in what school could they find their children, or at what time? That’s what you’re doing when you put photos and information on the Internet. EVERYBODY WILL SEE!
4. The more information you put online about yourself, your life, your habits, the easier it is for criminals to steal your identity and pass you by to your friends, guess your passwords, approach your children at school, mug your house. By giving up your privacy, you are missing out on a very important part of your security.
Fraud, Phishing, Spam and Virus
17. Frauds: Do not fall for free offers schemes
Both social networks and email are full of messages and pages that promise prizes in exchange for tastes, which promise fortunes in exchange for a small deposit payment, etc.
Do not be naive. There are no easy schemes to enrich, there is no widow in South Africa who needs your help raising $ 1 million, there is no Plasma TV waiting to be offered in return for a like on a page, not even a car waiting for him to choose the color to take home.
It is true that many companies make online promotions and actually offer premiums (of much lower value than in these schemes). How to know if a promotion is real:
1. If you come by email, where does this email come from? For example, if the email comes from @ pingodoce.pt and the link to take you to pingodoce.pt, it is probably a real email. If you say it comes from the sweet pingo but neither the email nor the links are from the official website of the brand, it is probably false. Delete this email!
2. If it is a Facebook page, for example, to offer a smartphone in exchange for a taste or a sharing, how is this page? If the only content you have is this promotion or others of the same type, it is probably false. If it is the official website of the promotion company, if you have months of content (publications, photos, etc.) that reveal a normal use of the page, it is probably real.
18. Phishing: Do not click on links in emails to “confirm” data if they do not come from real companies
If you receive emails from your bank asking you to confirm your access data otherwise your account will be closed or you will have to pay a fine, delete this email. It’s fake, you can be sure.
If you receive emails from the Finances or the police or from another entity saying you have fines to pay and indicating the amount of the fine soon, it is false. These entities never send e-mails with penalty amounts. If you have any doubts, check the email sender and see the links to where you click (but do not click). Search Google for the official sites of these entities and see if it corresponds to the sites of the email and the links. If it does not match, delete the email. If you are afraid of actually having a fine to pay, contact the concerned entity by the phone number found on the official website of the same, never reply to the dubious email or click on your links.
If you live in Portugal and receive emails in Brazilian (assuming you do not have services with Brazilian entities) or a poorly written Portuguese (typical of being written by foreigners or an automatic translator), the most certain thing is to be a fraud. Delete the e-mail.
As a rule, if the email comes from entities with which you do not have services, or written in a very bad Portuguese, or the email address is not from the official site of the entity, or if the links would take you to addresses other than the or if the email text is in the sense that you urgently need to click on something to confirm data to not be “disabled”, the most certain thing is to be phishing, that is, an attempt to get you to provide your personal information to criminals.
If you find that you have just submitted your data to a fake site, immediately look for the actual site and change your login details and confirm that your mobile phone or your alternate email address on those sites is correct. And if necessary, call the entity in question (Bank, Finance, etc.) and immediately advise yourself on what you should do.
Please note that if you have just registered on a site and receive an email from this site asking you to click to confirm your email, this is the exceptional situation where it is a legitimate request that was initiated by you just before and where the email corresponds to the site where you just registered. In most other cases where you are asked to provide or confirm data from scratch, always suspect and do not click on anything without being absolutely certain that you have verified that the sender is real.
19. Virus: Do not click links in emails or open attachments without being absolutely sure of their origin
If you receive an email from someone you do not know, with links or attachments to something you “really need to see,” delete it as it is a virus.
If you receive an email from an email contact of your contact but the text is not consistent with the type of text you would expect from that person, or if the text is too focused on clicking a link or opening an attachment ” important, “delete it as it is a virus (and please notify the person by other means because your email account has been hacked). By contacting the person by other means, you can always confirm with her that the email was really her and, if so, she can resend the email to you.
20. Viruses: Do not visit high-risk sites
If you visit pornographic sites, illegal content sites (such as movies, software, etc.), illegal TV broadcasts, etc., know that you will almost certainly be infected with a virus. Avoid putting yourself in that situation.
And never, but never, install programs or applications suggested or automatically posted by these sites.
If a site tells you that you have to upgrade your computer, your phone, Flash, Java, Media Player, or anything else, to be able to see certain content is false. If in doubt, go by your own means to the control panel of your computer or the settings of your phone and run the updates there, if there are any. Never install what sites suggest.
If you find that you have installed something that you should not have, or if your computer or mobile phone is always issuing the same warning that you should install certain things, the most certain thing is already being infected. In that case, turn to specialist computer technicians immediately so they can “clean” your equipment before further damage.
21. Virus: Ransomware
In the case of ransomware (viruses that block your computer and require you to pay for a redemption in order to regain access to your data), there are some specific situations that you should pay attention to:
1. If you suspect that you have been infected, or if you notice that a file has changed by itself, or if you tried to open a file, the file instead of the usual content has what appears to be a bunch of nonsense lyrics (a sign that the file has been encrypted), immediately turn off the computer on the network where you are connected and turn off the power, even taking it to computer technicians who may try to access your computer’s disk data directly without running the risk of spreading the infection.
2. If your computer appears with a screen indicating that your data has been encrypted and you must pay a redemption, it is probably already too late because your data should already be unrecoverable. In any case, do not give up and follow the same steps described above (turn off the PC immediately and look for computer support).
3. NEVER pay the ransom. First, because in many cases, even if you pay, they will never give you what they promise (access to your data). Second, because paying is helping criminals keep their criminal operation and increasing the likelihood that everyone (including you) will be attacked again.
There are some viruses that resemble ransomware, taking control of your Internet browser or your mobile phone or computer with messages requiring payments but actually the virus has not encrypted anything; he is simply trying to extort money from you based on your fear. Some of these viruses, for example, show a symbol of the police or the FBI saying they know that they visited illegal sites but that they give the possibility of paying a fine and thus be cleared. Of course this is all false. Therefore, do the same as indicated above: do not pay, turn off your PC or mobile phone and look for computer support.
22. Spam: Report, Do not Reply, Delete
When we talk about spam, more than talking about the occasional e-mail from a company that sends you a single e-mail presenting its services, we are talking about e-mails that you receive repeatedly (usually from abroad), with news false, with business proposals, with promotion of “strange” products, etc.
If you receive this type of junk mail, there are 3 rules to follow:
1. If your email system allows it, click the button that allows you to flag this message as spam / junk mail / junk mail.
2. Never reply to these emails. Whenever you respond, even to say “Remove,” all you get is that you are verifying to spammers that your email exists and is active, which will cause you to receive even more “spam” “. In addition, by responding, you’re just getting irritated, wasting time, and having trouble writing an email that no one is going to read. Spare yourself all this and simply go ahead and assume that “spam” is part of the Internet.
3. Delete the e-mail without clicking on anything. Any link you click on (even if it is one that says “unsubscribe” will have the effect of confirming to spammers that your email exists and is active, which will make you receive even more ” spam. “Likewise, never click to” see the hidden images “of the message, as it is also giving the same confirmation.
Now, if the email does not fit into this typical “spam” but it is a simple e-mail of a company to present itself, tolerates and if it does not interest you simply delete it because it would have been a perfectly legitimate and acceptable contact. Of course, if the company insist and send you emails very often, it already falls under the category described above of “spammers” and the above rules already apply.
23. Never connect to “Open” Wireless connections
No matter how tempted it is to connect to any wireless connection you find to “save” your mobile traffic, when you connect to “Open” wireless connections you are sending your data in a totally vulnerable way to be intercepted. Apart from that, even if the name of the connection is apparently that of the entity or location you think you are connecting to, you may actually be connecting directly to an attacker who will copy everything you send by this link, including passwords. Also review on your computer and on your mobile phone the setting that allows your device to automatically connect to any open network you find, and disable that possibility.
24. Be careful when connecting to public wireless connections, even if they require a password
Avoid connecting to the Internet through any public network, even if it requires access password. But if you have to call, do the following:
1. Ensure that you have disconnected the file / network sharing in the settings of your PC
2. Ensure that your email program communicates in SSL
3. Try always to open the sites starting with https:// instead of http:// (note the “s”) because most sites nowadays give this possibility
25. Never insert sensitive data into third-party computers
If you browse the Internet on computers that do not belong to you (from colleagues, cybercafes, shops, etc.), NEVER access websites where you will have to provide sensitive data such as your email, homebanking, your social networks, etc. If you need to enter your password, do not browse this site on third-party computers. This is because it is extremely easy for everything you write (including passwords) to be registered by the owner of the computer and the computer can later use your data.
If, in case of urgency, you have to do so, follow 2 rules:
1. As soon as you finish, do not forget to “End Session” on the site in question.
2. Once you get home, enter this site, change your password and confirm in the settings of this site if your alternate email and your mobile phone are correct (if applicable).
Always assume that it is a risk to enter third-party computers because, even if the computer belongs to a person you trust, it may not have implemented the same security precautions as you, and you may unknowingly have the computer infected and your data will be “caught” unintentionally.
26. Resist Social Pressure
One of the most effective ways to invade a computer system is by forcing the unwary collaboration of those who have access to it. To avoid being the target of so-called “social engineering”, note the following:
1. Never give anyone access to your computer or mobile phone without absolute supervision or trust in the person concerned. It is enough, for example, to lend your mobile phone to someone for 30 seconds to install a virus or put your mobile phone to use value-added calls. If someone asks you for a borrowed phone to make a call, dial the number and start the call and be present at all times.
2. If you take your computer or mobile phone for technical intervention, always choose companies or technicians known in the market and / or your personal trust. And, when you have it back, change your computer passwords, email, and other applications you have installed.
3. If you are in a large company and receive an “internal” call from someone who claims to be from the “computer department” asking for data or asking you to do something on your PC, tell the person who will disconnect and who will be calling you back department, then calling the number you know to be from the department. This is to prevent outsiders from calling the company and pretending to be an internal employee.
4. Never give passwords by phone or email, even to the computer support. If you really need this access, insist that they come physically to your job.
5. Do not carry data or files of your company to equipment or places without express authorization. Nor do you bring external files to the company computer without proper control and authorization. Not only can you incur legal problems, you may inadvertently be responsible for spreading viruses.
6. If you receive emails or messages on social networks and have questions about the identity of the sender, seek to contact you by other means. And the more urgency a person has to show that he does something for her, the more suspicious. Never do anything to feel pressured. Take the time to confirm what you need.
7. Never be ashamed to say no. When in doubt, they will have to be others to demonstrate that they are legitimate or that you can trust them, you should never provide sensitive data for shame than you will think if you do not.
In order to have better chances of recovering your emails if you suffer a computer attack, ideally you should use one of the following solutions:
1. Use the e-mail through a Webmail, that is, through a web page in your Internet browser. That way, the emails are always on the mail server and not on your own PC or mobile phone.
2. If you have the e-mail set up in a program on your PC (for example, Outlook) or your mobile phone, make sure that you always have the account set up as an IMAP account (not POP). This way, the emails are always synchronized between your PC and the email server. So if your PC crashes or a virus erases or prevents you from accessing your files, your emails will be on the email server and you can always retrieve them.
Get even 2 more things:
1. That the email is configured to use encryption in the communication with the receiving and sending servers – This is so that your password and your emails can not be intercepted, for example, on a wireless connection.
2. That the company where you have your email hosted includes the service of backups of security of your emails – This in case of catching a virus that deletes the emails directly in the email program.
3. If you use free services like Hotmail or Gmail for professional purposes, we advise you to switch to professional email hosting services with your own domain. Not only will you promote your business name instead of Gmail or Hotmail, but you’ll be able to have regular email backups in case a virus erases everything you have in your email account ( something these free services do not protect).
The only way to be 100% protected against data loss due to viruses in general (and ransomware viruses in particular), equipment malfunctions, theft of equipment, fire, unauthorized access of third parties, company employees, etc. , ie due to the huge variety of ways that can lead to the loss of all your digital data, is to have regular backups of your data.
Put simply, there are 3 alternatives to implementing backups:
1. External Disks – Implies the acquisition of external disks (whose average value nowadays is around € 70).
Advantages: Unique investment; You do not need to be connected to the Internet.
Disadvantages: It requires you to connect, disconnect and disconnect the external drive every day from all the devices you want to back up; It requires that daily take and bring the disk with you to a physical location outside the one where you have the computers, only way to guarantee access to the data in case of assault, fires, etc .; Since you will be connecting the external disk to PCs that may already be infected even without realizing it, at any moment you can simultaneously lose both the data of the PCs as the external disk; To make sure that you do not overwrite “good” files with “infected” files, there must be multiple daily copies of the same files on the external disk, which can very quickly make the disk full and requires strict file versioning copied.
2. Professional Cloud Backup Service – It involves acquiring a professional cloud backup service (at iFlexi, cost starts at € 50 + iva / year – https://www.iflexi.pt/en/iflexi-cloud/ ).
Advantages: The backup process is automatic and real-time, not requiring your intervention; The backup is stored in a different location from the original data, so the likelihood of both copies being affected simultaneously by natural disasters is practically zero; Several backups are saved in several days in case it is detected that in the last backup there were already infected files and even then, you can recover the previous version of the files; Smartphones and tablets are easily added to the backup process; As a bonus, you get access to your files anywhere, either on your phone or on any computer with Internet access, which gives you great flexibility in accessing your data (even if your original computer is turned off).
Disadvantages: Cost is annual which in the long run can be more expensive than the acquisition of an external disk; You need to be connected to the Internet, preferably with a broadband connection.
3. Free Cloud Services – So, and free Cloud services like Google Drive, Microsoft OneDrive, etc. are not an option? They are, with limitations!
As for the professional iFlexi Cloud backup service, these services have the advantage of being free. But unfortunately, they have the major disadvantage of not allowing multi-day copies of files in the Cloud. This means that if your PC is infected with eg an ransomware virus and your files are encrypted, iFlexi Cloud can restore the files from the previous day (before they have been encrypted), while with a free service your files on your PC are encrypted, files in the Cloud will also be encrypted, and there are no “old days” files that you can revert to, so they do not actually protect you from ransomware viruses. Therefore, having one of these free services, with regard to ransomware, is not great protection.
In Summary …
Now that you are aware of these security risks and hopefully we have taken the time to implement the appropriate measures and changes to your routines, it is essential that you disclose these tips to your colleagues, family members and, in general, everyone that shares the use of your computer, your mobile phone, or your home network. And in the case of children, give a simplified summary of the aspects they may have contact with (such as teaching them not to tell their life on the Internet).
Because attacks always find a way, usually by the weakest link in the chain, it is up to you to ensure that all links are strong. And this is achieved by sharing this important information!
If you need help implementing these security measures, please refer to our iFlexi Tek service ( https://www.iflexi.pt/en/iflexi-tek/) and sleep more rested!
[ ARTICLE TRANSLATED WITH GOOGLE’S AUTOMATED TRANSLATION SERVICE ]