How many steps does it take to secure your Mac, iPhone, or iPad from online security breaches? Honestly, no one knows, because if you’re online there’s a hacking attempt going on and most of us don’t know about it. Yeah, the craziness begins as soon as your device is connected to the internet or local network.
What can you do to improve online security?
This weekend I read an article about the Australian Signals Directorate’s (ASD) Top Four Strategies to Mitigate Targeted Cyber Intrusions. The first was published in 2011 and had only four basic items. Now it’s up to the Essential Eight.
None of these are foolproof, of course. That’s because fools are so ingenious.
Some on the list are new and not in the lexicon just a few years ago. Today, personal computers are safer when advertisements are blocked, Flash is deleted, and Java isn’t used. Does that sound familiar? It’s almost as if the very technology we use to make us more productive and efficient is now cause for making us less productive and efficient.
To get better gas mileage, turn off the engine and coast. That works. Gas mileage may improve, but the solution to better mileage also impacts the reason to own a vehicle in the first place; the convenience of getting from Point A to Point B.
Malware seems to be growing, especially since ransomeware has become a thing in technology. To prevent malware, ASD says:
- Implement application whitelisting, so only selected software applications can run.
- Make sure all applications are kept patched.
- Disable untrusted Microsoft Office macros, because they’re increasingly being used to enable the download of malware.
- Harden users’ applications by blocking web browser access to: Adobe Flash player, uninstalling it if possible; web advertisements; and untrusted Java code.
Yeah, Java and Flash are still around, Office macros still cause problems, and too many people don’t upgrade their applications or operating systems.
Some of this may seem self explanatory, but so is voting and that doesn’t stop people from selecting the wrong candidate in an election.
- Restrict administrative privileges to people who truly need them for managing systems, installing legitimate software, and applying patches.
- Patch operating systems, and keep them patched.
- Use multi-factor authentication.
- Back up important data daily, and store it securely.
The original Top 4 list won an innovation award in 2011. But that didn’t stop the increase in malware and ransomeware.
Most of the ASD’s top recommendations continue to focus on basic network hygiene, and most of that can be achieved by the IT department simply doing its job properly. But cybersecurity vendors want to sell fancy and expensive techniques, some of which do very little to improve security.
Network and computer hygiene is important, but vendors who sell solutions and protections don’t do much to improve anything. Maybe that explains why macOS Sierra comes without virus protection, but the built-in software firewall is turned off by default.
This one is more than controversial.
The ASD’s recommendation that every organisation install ad blockers will also be controversial, given that it declares as hostile a key part of online business models.
Yours truly just a week ago on Mac360:
Let’s call it what it is. Most online advertising– the kind that tracks users behind the scenes, takes untold amounts of data and uses it to help advertisers and not readers– is nothing short of the definition of Malware.
That’s right. According to the definition of malware in my article, most online advertising is malware. Everything else on the ASD’s list is worth consideration, of course, but only some of it is aimed at the home user.