Computer Security: How to Secure Your Devices from Threats

Americans spend a huge amount of time on computers—“more than 11 hours per day watching, reading, listening to or simply interacting with media.” They socialize with friends and family online. They watch movies, listen to music, read, and play online. They work online. They shop online. They pay taxes online. Computers have become real life.

Thus, computer security is real-life security, and lapses in it have real-life consequences. Credit card numbers, Social Security numbers, birthdays, addresses, passwords, and more all reside on computers and the internet. With this information, hackers can, among other things:

• Steal your money
• Steal your identity
• Take out credit cards in your name, ruining your credit
• Steal your data and ransom it back to you

Many people take home security very seriously. They buy strong doors and sturdy deadbolts. They activate outdoor lights with timers or motion sensors. They install alarm systems or invest in the convenience of a smart home security system. But if they neglect to secure their computers, they are leaving themselves open to a wide range of significant threats.

Having your identity stolen can be just as damaging as having your home burglarized. In this article, we explain how you can counter common threats like:

• Password vulnerabilities
• Attacks on public Wi-Fi networks
• Phishing
• Malware
• Physical computer security

When the giant consumer credit reporting agency Equifax was hacked in 2017, its administrator username and password were both “admin.” When the email accounts of the Democratic National Committee (DNC) were hacked in 2016, weak passwords such as “Obama-Biden-2012” were apparently in use.

Strong passwords are crucial for computer security and some common but critical mistakes can put your identity at risk. Don’t wait for someone to hack your smart camera and tell you to change your passwords. Be smart with passwords now. Here are some common mistakes:

This may seem obvious, but enough people do it that it’s worth stating: If you don’t have a protective password or passcode on all devices, you are asking for trouble. What if you lose your device? What if it gets stolen? Anyone can use it and access almost anything with no password.

This is a very bad idea, but many people do it for convenience. Sure, we all have dozens of online accounts with passwords. Insurance? Password. Utility bill? Password. Dating app? Password.

But here’s what can happen if you have the same password for just a few accounts—let’s say your email, your Amazon Prime account, and some third small-time website (maybe it’s a one-stop-shop for funny cat GIFs). The third website has a data breach, and now someone has your email address and a password. They hop over to Amazon and log in with your credentials. Now they can change your password to lock you out, order stuff to their address with your credit card, or just take your credit card number itself.

They log into your email, too. With access to that, they can get into other accounts even if they don’t have the password. The process for resetting a password almost always goes through email. The lesson here is simple: Don’t reuse passwords.

A weak password is nearly useless. Obviously, you shouldn’t use “password,” “admin,” or “123456” to protect your computer, phone, or any account (“Passw0rd/” isn’t fooling anyone, either). But people still use weak passwords like these.

Weak passwords can be easily guessed, either because they are common or because they are vulnerable to brute-force attacks. In a brute-force attack, a hacker uses a computer (or multiple computers) to try every possible combination of characters for a password. Guarding against this is straightforward: using a longer, more complex password. The number of possible combinations in a password increases exponentially with its length.

Weak passwords are short and use few character types. If your password is five characters long and only uses lowercase letters (a-z, 26 possible) and numbers (0-9, 10 possible), there are 36⁵, or 60,466,706 possible combinations. That’s a big number, but with the right technology, a determined hacker could guess or otherwise crack such a password in seconds.

Follow these simple steps to increase your security with passwords:

1. Always set new passwords for your devices. Please do this. It’s easy. It’s the 21^st You can even use facial recognition or fingerprint scanning to lock certain devices. If a device must be password-locked and comes with a default password, change it; many of these default codes are accessible online.
2. Use strong passwords for your devices and accounts. Strong passwords are long, use several kinds of characters (uppercase and lowercase letters, numbers, and symbols), an unrelated sequence of random words, and don’t have words or numbers that can be easily connected to your biographical information.
3. Don’t reuse passwords across accounts. Again, this is essential. An option for remembering passwords for seldom-used sites is writing them down and storing them very securely. For far greater security, memorize them or use a reputable password manager. This type of software securely stores passwords and many programs will automatically fill in web forms for you. Each password can be strong and unique, and types of software will randomly generate passwords and/or change them frequently.

First, let’s recap how Wi-Fi works. The internet travels to homes and businesses over a physical line; either fiber-optic cables or phone lines. It arrives at a modem, which converts data that travels over the lines into a format that computers can use. From there, you can use ethernet cables to connect devices to the internet. Or, you can connect a Wi-Fi router to the modem. The Wi-Fi router transmits data to connected devices and receives data from them. Some individual devices are combination routers and modems.

Password-protected Wi-Fi networks encrypt the information transmitted between devices and the router. Encrypted data can only be read by devices with an encryption key. Without encryption, anyone could intercept and read the information being transmitted on a network. It is, after all, only radio waves. Encrypted Wi-Fi networks are always password-protected.

Keep in mind that password-protected Wi-Fi isn’t always safe. That coffee shop network with “Espresso19” for its password is hardly secure. Anyone who buys a coffee can get the password and then potentially intercept your traffic, and you have no way to know if such a network’s encryption is active or up-to-date.

Open Wi-Fi networks are dangerous because they are often unencrypted. A hacker can use a network analyzer to “eavesdrop,” or capture data traveling between routers and devices. With this data, they can:

• See which websites you visit
• Intercept usernames, passwords, and other private information
• Access your email and social media sites, even if those sites encrypt passwords

Wi-Fi networks can be named anything. Maybe the café down the street has a network called “CoffeeShop.” They protect their network with a password and use strong encryption. But there is nothing to stop bad actors from setting up a network called “CoffeeShopOpen.” Without a password, many people would connect to this network and their personal information could be easily collected.

How can you protect yourself on public Wi-Fi? Follow these tips to increase your safety.

1. Don’t use it when sensitive information is involved. If you need to do some mobile banking, consider pulling out your phone and switching over to cellular data. 4G LTE data, for example, is encrypted.
2. Only access secure websites. An easy way to do this is to only visit sites whose URL begins with “HTTPS,” not “HTTP.” The “S” stands for “secure” and indicates that your connection to the website is encrypted. You can also look for a lock symbol, indicating a secure connection, next to the URL.
3. Use a virtual private network (VPN). VPNs create private encrypted “tunnels” between your device and the server.

In the digital age, everyone is vying for your attention. There are countless ads, emails, and links begging to be clicked. But be careful! Hackers use what’s called social engineering to trick you into giving away your private information or installing malware onto your computer.

The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, explains that social engineering is about social skills, not computer skills. Hackers use this technique to convince their victims that fraudulent links are legitimate, that infected files are safe, and that trespassers belong. Social engineering can be used for phishing or vishing attacks or to deliver malware.

The CISA defines phishing as:

• Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

Another variety of this scheme is vishing (“voice phishing”); it’s those fraudulent phone calls you receive in which the caller purports to be from your bank or the IRS, and attempts to wheedle personal information out of you.

Even if you are safe with your passwords and Wi-Fi connections, you can still be tricked into giving up your information. Part of the 2016 DNC hack involved phishing.

Consider this common phishing example: A hacker sends out an email that looks like a communication from Facebook. The email tells the recipient that they need to update their privacy settings or perhaps that they missed some friend requests—very enticing information. The hacker provides a link which unsuspecting victims dutifully click. The link takes them to a fake login page where they enter their login credentials, giving this information to the hacker.

Such attacks are, technically speaking, easy. It’s trivial for a hacker to send an email that looks like a Facebook email. And making a web page that looks like the Facebook login page is also simple. The aesthetic code for both tasks is freely available to anyone who can right-click.

Fortunately, it’s pretty easy to avoid being phished. A good spam filter will catch most phishing emails. You can check email addresses and URLs to verify their legitimacy. Banks, social media providers, and other companies have official domain names for their web pages and email. And your credit card company won’t email you from a Hotmail or other address, so always verify where the message came from.  

You can also check to see if they know your name. Legitimate emails and websites often specifically use your name because they actually know who you are. “Dear Customer” is a very suspicious start to an email. Keep in mind, however, that hackers can learn your name as well. It’s on all your social media sites, after all.

The easiest way to avoid being phished, though, is to not click that link. Just don’t. What if you get an email from a website you use that looks convincing and important in your Spam folder? Don't click on it. Travel to the website in question by typing their address into the search bar. If the email and the problem are both real, you can do whatever you need to in this way.

The same goes for phone calls. Get a real-sounding call from your bank about some issue? Hang up and dial the bank’s main phone number. If the phone call is real, the issue will likely be in the bank’s system, and you can handle it. If not, your bank would love to know about the scam.

Hackers don't just take. They give, too—malware, that is. They use social engineering to get you to download a virus or some other kind of malware onto your computer.

Malware is an unwanted computer code designed to infiltrate computers and carry out a task. There are many different varieties of this threat. Adware displays ads. Spyware tracks everything you do on the computer. Ransomware holds your data hostage until you pay. The list goes on. Self-replicating malware is called a virus. 

You can get malware by clicking on links, downloading or opening email attachments, or even just opening certain emails. Hackers make these things attractive by appealing to what you want. If you’re on the job hunt, criminals can get your email address from job boards and send you messages about jobs that you never applied for. You might also encounter hackers on social media or dating sites. Unsolicited messages from attractive women to men are frequently scams, just like many of those ads for “hot singles in your area.”

Thankfully, it’s also fairly simple to avoid malware. Make sure you have a good firewall, which is software that inspects all information entering and exiting your computer and determines whether it is allowed to pass. A good firewall that’s often part of a quality, dedicated anti-malware program can block malware before it’s installed on your machine. Moreover, strong, up-to-date security software can detect and delete many types of malware, even if it gets in.

As with phishing attacks, the most important step you can take is to just ignore suspicious links, ads, emails, and messages.

Don’t open. Don’t click. Don’t download. Don’t engage.

While most of what we’ve discussed thus far involves digital threats, computers are of course physical devices. As such, they are vulnerable to physical threats. It’s crucial to protect IRL (“in real life”) access to your computers. Two core components of physical security for computers are access control and surveillance. Access control prevents or limits anyone from, well, accessing your computer. Surveillance lets you track down thieves or your device if it gets stolen or otherwise goes missing. 

Access control is all about making sure that no bad actors can physically get to your devices or the data on them. At home, one of the best things you can do to protect them is to invest in home security, including strong doors and locks and, ideally, a smart home security system. When you are out and about, exercise reasonable caution with your devices. Don’t leave them unattended where someone could grab them or insert an external drive into them.

For added security with desktop computers, you can lock them down with cable locks, lockdown plates, or locking cabinets. You can also set up alarm systems that trigger when the computer is unplugged from the power source. Laptops and mobile devices are a bit harder to lock in place, but there are locking power-docking stations, or you can keep them under lock and key in a safe or file cabinet when you aren’t around.

Access control is vastly improved with the intrusion sensors that are part of a smart home security system, such as motion sensors, door and window sensors, and glass break sensors. These sensors will sound an alarm if your home is broken into, which often is enough to make thieves run before stealing anything. And, for example, anything that opens and closes—including a locked cabinet that stores your computer—can be equipped with door and window sensors. If someone attempts to access the equipment, you’ll know it.

That said, the best computer security practices are useless if you are out in public and someone can just read your credit card number off the screen. A privacy screen obscures your screen from the sides, making it only readable straight-on.

Finally, you have to protect your devices from hardware infected with malware. In 2011, the U.S. Department of Homeland Security ran tests in which they dropped CDs and thumb drives in the parking lots of government buildings. A startling 60% of the devices that were picked up by government employees were plugged into government computers. When the devices had government logos on them, that number jumped to 90%. Inserting strange hardware—be it SD cards, CDs, or thumb drives—is very risky and a great way to get hacked.

Surveillance technology is a core part of physical security, enabling you to quickly identify thieves, possibly stop them, and give police clues to potentially track down criminals and recover your devices. In concert with the aforementioned intrusion sensors, adding cameras to a smart home security system creates another level of safety. They work like this: embedded motion detectors sense movement (if intrusion sensors haven’t already detected a threat) and send you a mobile alert that someone is in your home. Via a smartphone or other device, you can actually see the crime in progress, and even try to warn off intruders through two-way audio features.

If the cameras are part of a smart home security system, they will automatically start recording once an alarm is triggered by other sensors. And if the thief steals the devices anyway, recorded clips may provide vital information for law enforcement.

Beyond cameras, you can also install theft recovery software such as LoJack onto your laptop. These programs run in the background and can be used to locate a stolen laptop as soon as it connects to the internet. Many Apple devices, for example, arrive with similar options preinstalled.

The security of your computer is the security of your life. We build entire identities online. We bank online. We work online. Hackers recognize the immense value of this information, and they will try to steal data and cause damage in a variety of ways. Fortunately, with the right tools and a little know-how—and a focus on both cybersecurity and physical security—you can stay safe both online and “IRL.”

Want to help others keep their devices safe? Share this blog!

Frontpoint keeps homes safe whether families are there or not. We've been revolutionizing the home security industry for over a decade. And we're just getting started. To shop DIY home security systems, check out our Security Packages. If you have questions or would like to discuss a quote, contact us at 1-877-602-5276.