via Mark Nestmann
One of the key points of asset protection planning is to have multiple lines of defense in place.
For instance, when our team reviews ways to protect a client’s bank and securities accounts, we may suggest conveying ownership of the accounts from the client’s name to an LLC. The LLC, in turn, could be owned by an irrevocable trust created with provisions that allow the client to gain access to the assets as long as no litigation is taking place or threatened.
In this manner, we can double-lock the client’s assets so that they’re much less vulnerable in the event of a judgment.
We take the same approach with computer security. It’s helpful to have multiple layers of security in place. And while you may not be able to make your PC entirely hacker-proof, you can make yourself a hardened target – one that a hacker will avoid in search of easier pickings.
Probably the most important precaution is to keep your PC up-to-date. This prevents hackers from taking advantage of vulnerabilities discovered in unpatched versions of both hardware and software.
That’s often easier said than done, because major updates (especially to operating systems) can take hours to install and can even crash your system. Protect yourself from “backup hell” by creating a system image of your entire hard drive before you install an update. I use Microsoft’s imaging tools on my Windows 7 and 10 PCs. Mac users need a separate program for this purpose as the Time Machine app that comes with Mac PCs doesn’t create a bootable disk image.
Not all software reminds you that it’s time for an update, so it’s a good idea to install a tool that probes the programs you have installed and lets you know when new patches are available. A good one is the free utility Patch My PC.
Next, make sure you have a good anti-virus program installed to keep known malware out of your PC. There are many good free programs out there; one I’ve found effective is Avast.
The next precaution to take is to beef up the security of your internet connection to make it impossible for hackers to penetrate it to steal log-in data or other sensitive information. A virtual private network (VPN) is ideal for this. A VPN is software that constructs an encrypted data channel between your PC or smartphone and the internet so that your data stream can’t be monitored. The VPN we use at The Nestmann Group is Cryptohippie.
Unfortunately, even the best VPN won’t protect you if you open the wrong message or visit the wrong web page. The message or the web page can contain malicious code that automatically installs on your PC. The code can monitor your keystrokes, let the hacker hijack your PC, or even make your files unreadable until you pay a ransom to unlock them.
Most poisoned messages and web pages rely on JavaScript, a web programming language. When you see a web page with animated graphics, interactive maps, and many other types of effects, JavaScript is often involved. Because JavaScript is often used maliciously, you want to be able to choose which web pages are allowed to run it, and under what conditions. An add-on to Firefox called NoScript gives you that capability.
Google Chrome and Internet Explorer also give you the ability to turn off JavaScript. But NoScript lets you choose which web pages can run JavaScript. It also speeds up browsing, because only the interactive effects you’ve authorized are displayed. The downside, though, is that many web pages simply won’t run without JavaScript.
All of these precautions help make you a hardened target. But what if a hacker manages to infiltrate your PC? For that contingency, you’ll want a second (and possibly third) layer of security.
One tool to seriously consider is a firewall. A basic firewall, like the one built into all Windows operating system since Windows XP, is designed to block unauthorized inbound access to your PC. But if a hacker has taken over your system, you want to block information from getting back to the hacker. You need a firewall that blocks unauthorized data from leaving your PC. There are many to choose from; I’ve used Comodo for several years.
But what if a hacker somehow overcomes all these barriers and still gains access to your PC? If you’ve taken the precaution of encrypting your most sensitive files, nothing but gibberish will show up when the hacker tries to extract data. The encryption program I use is Symantec Endpoint Encryption. It can encrypt individual files or your entire hard drive. You can also create virtual encrypted drives with the program.
Use an email program that facilitates transmission of encrypted messages. My personal choice is Thunderbird, paired with a free plug-in called Enigmail. Once you exchange encryption keys with the people you correspond with, Enigmail automatically encrypts and decrypts your messages. What’s more, the messages are permanently encrypted on the server on which they reside. If a hacker manages to penetrate the server, the content of the messages remains secure.
If you use webmail services, ditch US providers such as Gmail, Yahoo, etc. Use a non-US service that is serious about security and encryption. I use Swiss-based ProtonMail for webmail, which provides end-to-end encryption for all messages delivered on its network.
Don’t be surprised if your friends, family, co-workers, etc. tease you about your newfound preoccupation with computer security. But if they’re hacked, you’ll have the last laugh.
A good time to begin securing your PC is today. Hackers certainly aren’t going to do it for you.