Blog: How Tos

It’s Safer Internet Day and we’ve got six tips to help you stay out of trouble

consultant-placeholder10 Ken Munro 11 Feb 2014

As it’s Safer Internet Day I’ve been asked to give a talk at my kids school this afternoon on the subject of internet safety. Others are covering child protection and social network security, but what should we advise those with little understanding of computer security to do, technically?

15 minutes to get across a comprehensive security message. Where on earth do you start?

Here’s what I’m going to cover:

Passwords – use a vault for less important passwords, make the rest unique and complex

Retailers sites are being hacked all the time. Maybe your credit card number wasn’t pinched, but your password probably was. Did you use the same password as you use on every other retail site? And on your social networks?

Browser sandboxing – get Sandboxie or similar on your home computer

You will get a virus or malware infection at some point, mostly likely through web browsing. A sandbox keeps the infection inside your web browser, stopping it from infecting your whole computer.

To get rid of the infection, just delete the sandbox and start with a fresh instance. Easy!

Parental controls – OpenDNS or equivalent

No parental controls are completely effective, but they’re a very good idea. I quite like OpenDNS for its simplicity.

Don’t forget that if your child is browsing using mobile data or using a friends Wi-Fi, then your controls may be reduced or completely ineffective. Some mobile providers block known bad sites though.

Anti-virus – pay for a subscription to a security suite. And yes, Apples need security too

Free A/V is great, but not enough. A £30 ish annual subscription to a security suite is well worth it, for all the additional security functionality they offer.

Mobiles – 6 digit PIN minimum, turn off Wi-Fi when you’re not using it

Most people’s online life is on their mobile phones. Worse, app passwords are cached locally in many cases. So often I find smartphones with no password, or a short password + an O/S that’s missing critical security updates or hardware security flaws.

I’m going to show them Wi-Fi client probe requests too; how they can be used to track the user, how fake APs and a Wi-Fi pineapple can be used for password theft.

Updates – update, update, update

‘nuff said, don’t you think?

Less than 2m30secs per topic. Wish me luck!”