17.29 – Protecting Oneself

The discussion to this point is not intended to frighten everyone back to pen, paper and snail mail for their practices. Relax – there are pragmatic ways of handling the risks, with recognition of the hazards and attention to best practices.

There is still a body of thought that these problems are only something which Windows users need to worry about. While it used to be the case that most malware was aimed at Microsoft’s OS, that was largely because Windows controlled over 90% of the desktop market. Criminals will gravitate to the biggest targets. Windows is still the dominant business operating system, but others like iOS, Android and Linux are now significant players.

The popularity of those alternatives means there are collections of users large enough outside of Windows to be worthwhile targeting. Every system has bugs which can be exploited, and every system has been infected at one time or another. 

In addition, many forms of malware are platform agnostic, like login harvesting through spoofed sites. Login harvesting, also known as credential harvesting, typically involves the theft of usernames and passwords via phishing, malicious websites, email scams or malware. Those have nothing to do with an OS.

This means that all users must be aware of security issues, no matter what device they are using. But one should also be mindful of special cases within the OS they use and should adjust their software if necessary to minimize issues.

For example, Windows does not necessarily disclose the file extension when displayed in Windows Explorer or other file lists. This means that although the file is named “trademark application.txt”, the user will only see “trademark application”. This is supposed to be friendlier, but what if someone sent an attachment named “trademark application.exe”? We have seen that executable files are risky, but with file extensions turned off, we might open this file, thinking it is a safe text document, and find ourselves infected.

To avoid this, go to Settings in Windows and search for “Show file extensions.” Turn that on so the full filename will be displayed throughout the operating system.

On the following pages, we’ll review some of the measures you can take to protect yourself from cyberfraud:

  • Passwords
  • VPN
  • Encryption
  • Backups
  • IT expertise
  • Network security
  • Patches and updates
  • Anti-malware software
  • Education and training
  • Email safety
  • Browsing safety
  • Mobile devices
  • Data safety
  • Minimize the attack surface
  • Cyber-insurance