How to Secure your Mac and iDevices and Avoid Common Vulnerabilities

February 15, 2016 Meeting: Nonnie Markeset, Facilitator

NOTE – We have several options for reviewing notes from this meeting:

  • If you’d like to see a video with voice over of the presentation deck, CLICK HERE to view it on YouTube.
  • If you would like to view a PDF of the presentation deck with images, CLICK HERE
  • If you would like to download a PDF of the printable meeting notes that were published prior to the meeting, CLICK HERE

 

Mac Security

How to Secure your Mac and iDevices and Avoid Common Vulnerabilities

 

What are vulnerabilities?

External Vulnerabilities

1. Viruses
2. Malware
3. Trojan Horses

 

Vulnerabilities We Create Ourselves

  1. Weak Passwords
  2. Sharing too much personal information on public websites, likeFacebook
  3. Visiting sites that contain your sensitive information on a publiccomputer or on a public website
  4. Visiting “bad sites”. Ones that offer free movies, music, cheapgoods and services.
  5. Clicking on links in emails you receive
  6. Not having your computer/iDevices password or passcodeprotected and/or having a weak password/passcode for your device.
  7. Having the same password or similar for all sites.
  8. Not keeping your OS/iOS and apps up to date
  9. Spilling coffee on your keyboard
  10. Dropping your device

Of all the vulnerabilities listed above, your greatest vulnerability is your passwords:

Viruses 1%

Spills and Drops 9%

Trojan Horses 5%

Weak Passwords 85%

 

Password Examples

Here are some examples of weak passwords:

•123456
•jack0322
•w0nd3r
•princess
•samkenmary
•122940

Here are some examples of strong passwords:

•wHx9vm5Gs7zR
•vxqCIKypD7”

 

And remember this adage:

If an offer is too good to be true, it is usually too good to be true!

 

How to create strong passwords

  • Make it at least 12 characters
  • Have it contain numbers, capitals, small letters, and symbols
  • Do not use words found in the dictionary
  • Do not use names associated with you, your family or your pets
  • Do not use birthday
  • Make a unique password for each site

Website to check the strength of your password

 

http:// http://www.takecontrolbooks.com/ resources/0148/zxcvbn/

 

How to remember your passwords?

(Hint: You Don’t)

 

3 ways to manage your passwords:

# 1 and the least desirable:
– with “AutoFill” turned on in Safari

# 2 and “if you really don’t want to go any further”:
– Use Keychain Access on your computer (It’s found in the Utilities Folder in your Applications)

# 3 Use a third party password manager app:
– 2 Trusted and Excellent Apps

1.1Password
2.Last Pass

Set up 2-step verification for any site that has this feature

This, however, requires you to have a mobile device on which you can receive a generated code to complete the sign in process. This code will be sent to you via a special app on your iDevice or via an SMS message if you are using an iPad.

How It Works

  1. Go to the site.
  2. Enter your password.
  3. Receive a randomly generated code on your phone.
  4. Enter that as a second password on the site.

Example

I’m signing in to the Apple Site with 2-step verification.
I’ve entered my password for the site.
A verification code has been sent to my iPhone.
I enter that code into the boxes that appear on my computer.

 

Some sites that offer 2-step verification:

Google/Gmail — https://www.google.com/landing/2step/
Facebook — Go to Settings, Security and select Login Approvals
Apple/iTunes/iCloud — https://support.apple.com/en-us/HT204152
Many banks and investment sites

Steps to take if you think you have been compromised

  1. Change the password for the compromised site.
  2. Change the questions and answers to the security questions forthat site.
  3. Change the passwords for other sites.
  4. Set up a prioritized list of sites that need to have passwordschanged:
    • All your email account passwords • Bank and investment accounts
    • Facebook and other social sites
    • Amazon, Netflix
    • eBay/PayPal
    • AppleID/iCloud

I also recommend that you set up a schedule to change passwords every six months, at least for your most important sites.

 

What to do if you get constant pop-ups in your web browser warning you that your computer has been compromised.

DO NOT CLICK ON THE LINK

DO NOT DOWNLOAD THE SUGGESTED APP THAT CLAIMS IT WILL CLEAN YOUR COMPUTER

DO NOT CALL THE TELEPHONE NUMBER LISTED AND GIVE THEM ANY INFORMATION

 

Instead do these 2 things

1. In Safari (Firefox and Chrome have similar procedures) “Clear History” in the Safari drop down menu

 

2. In Safari Preferences, go to “Privacy”

  • Cookies & website data – “Remove all website data”
  • Website tracking – “Ask websites not to track me”

Malware, Viruses, Trojan Horses, and Hackers

These are vulnerabilities that come from external sources.
A virus is a type of malware that gets installed on a computer without permission and has the ability to create havoc with your computer. This type of malware is at this point “non-existent” on Macs because of the safeguards Apple sets up.
The types of malware that Mac users must be aware of are called Trojan horses. They are pieces of software that can piggyback on other software to get into your computer. Basically you give them permission without knowing it.
Do you need Anti-Virus software to protect yourself from these? Most Mac pundits will say no.

 

Instead follow these 4 rules

1. Keep your Mac updated

  • Make sure you have the latest OS and when incremental updates come through make sure to install them
  • Update the apps you use when you are notified of updates.
  • Turn on Auto-Update if you want in System Preferences-App Store

2. Download software only from trusted sites. Here are some safe sites

  • Mac App Store
  • Adobe
  • Microsoft
  • Agilebits

 

3. Stay informed and research an unknown site before you download from it.

2 good sites to check and to keep you informed are:

  • MacRumors.com
  • CultOfMac.com

4. Do not click on links contained in emails you receive

  • As frustrating as this is you are safer if you open your web browser and manually put in the address… do not copy it.
  • Gmail has two new symbols to inform you if your email is being sent encrypted and if the person you are receiving the email from is the actual person sending the email. The first is represented by a lock and the second by a question mark.

Extra Protection

1. In Safari Preferences under General make sure “Open Safe Files” is unchecked

Extra Protection

2. In System Preferences under Security and Privacy, chose “Mac App Store and Identified Developers”.

 

Firewall

The firewall lets you block incoming traffic to particular programs, meaning it is only useful if there are programs on your computer that you want to restrict in terms of incoming information.

If that’s not the case, and if you use the Internet primarily behind a secure router, you probably don’t need to enable a firewall at all.

One thought on “How to Secure your Mac and iDevices and Avoid Common Vulnerabilities

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s