According to the SANS institute, a pre-eminent computer security training, certification, and research organization, the top three cyber security threats are:
1. Client-side software that remains un-patched;
2. Internet-facing websites that are vulnerable, and;
3. the rising number of “zero-day” vulnerabilities (“brand-new” vulnerabilities that are as yet unknown to the anti-virus software companies).
Based on these key, real-world risks, here are the top five no-cost solutions that will reduce or eliminate these risks.
Log in as a local user, not as administrator
Default Windows settings provide user accounts that have full Administrator privileges. It is dangerous to use your computer when you are logged in as Administrator because you have totally unrestricted access to every corner of your system – every setting, every software application, every network connection, every file, etc.
If you happen to come in contact with a virus, spyware, or other malware program, that virus or malware then will be able to attack anything and everything on your computer.
Instead, you should login in as a local user, with limited privileges. Encountering that same virus, spyware, or malware as a local user will have much less impact-and in many cases no impact-on your computer.
Apply patches and updates promptly
When you get a pop-up reminder on your computer that “updates are available” for a particular software, do you click on the “Install Now” button, or the “Remind me Later?”
In our work with clients we find that most people choose “Remind me Later.”
But let’s stop and think for a moment as to why the software vendor has released this update, which by the way, is free: They’ve released it to patch some of the software vulnerabilities that the security researchers have found.
The longer you wait to apply that update, the more time you are leaving yourself open to an exploitation of that vulnerability.
Run vulnerability scans on your website
A recent IBM report on trends and risks documented significant growth in website vulnerabilities, particularly across three attack categories: Cross-Site Scripting, SQL Injection and File Include vulnerabilities.
It’s not important that you understand what these are; here’s what is important:
First, you must make sure that any people you have developing or maintaining your websites are familiar with these types of vulnerabilities and that they are using current methods to protect against them.
Second, you should check with whoever is responsible for hosting your website to see if they offer any kind of web vulnerability scanning as part of the hosting service you are already paying for.
And third, you should use web vulnerability scanning software.
Use anti-virus software and keep it up-to-date
The first thing to do is to check on what antivirus software you are using today, and make sure that the subscription is up-to-date, you are in fact receiving the updates, and that the updates are actually being applied to every PC and server in your organization.
There are free anti-virus software products available.
In addition to anti-virus software, we recommend you also have anti-spyware or anti-malware software installed on every PC.
Use a firewall and make sure it is working properly
One of the key ways to keep your computers safe and secure is to make sure you are using a firewall to close out unwanted traffic.
Double-check to make sure the firewall is plugged in, turned on or enabled. If you are using a software firewall, you need to check that it is turned on, and that you are set up to receive regular software updates.
If you are running Windows Vista or Windows 7 operating system, you can check on the status of your updates using the Windows Action Center. In general, we recommend turning on Windows Firewall.
Bill Abram is founder and president of Pragmatix, Inc., which helps nonprofits, corporations and small businesses use information technology to improve business performance.