Sometimes you can do everything right and still get it wrong.
Sure, mistakes happen. And I’m a big believer in allowing yourself to try and fail — because that’s a big way that people (and businesses) get smarter. But when it comes to cybersecurity? That’s a problem.
No, I didn’t click on spam. My site didn’t get hacked again. My VPN is working, and LastPass has simplified my life. But my security browser extension was apparently far less secure than I thought. Let me explain, and explain why you should care.
The Electronic Frontier Foundation (EFF) had a terrific post recently on getting the most out of a content blocker. In it, they write:
This guide focuses on how to correctly configure the blocking extension in your browser to ensure that it’s giving you the privacy you expect. We believe that tools work best when you don’t have to go under the hood. While there is software which meets that criteria (and several are listed in the final section of the guide), the most popular ad blockers do not protect privacy by default and must be reconfigured.
I use Ghostery (for Chrome), and one reason I love it is that it tells me which trackers have been blocked on every page I visit. Or so I thought. It turns out it “blocks nothing by default.” EFF then goes on to explain how to make it work. To Ghostery’s credit, the developers rolled out an update to make it easier to, you know, actually block all those pesky trackers.
Take a minute to check your browser extensions.
Maybe you’re not a big browser extension user. I didn’t think I was, but I have more than a dozen. Mine include Bitly (link shortening tool), LastPass, my VPN, and some other tools. If you have extensions you don’t use regularly, delete them. And avoid installing any extension that you don’t know is 100% legitimate. The Google Chrome Store, in particular, is a bit like the wild, wild, west and sometimes developers will sell their extensions to third parties. Those third parties aren’t always legit, and your next innocent update could put malware on your system. (You do have good antivirus / malware / spyware software too, right?)
Do a website security check.
This guidance is for WordPress sites, though I suspect much of the advice is useful for other types of programs too. Sucuri, my web monitoring company, has a terrific guide to WordPress security. I’m not doing all of these things, and you probably aren’t (or won’t) either. But it’s worth understanding what’s possible and taking at least a few of these steps to make your site more secure. Sucuri also offers firewall protection, which adds another layer of security to my site.
Beware of bad apps.
Since I’ve talked about browsers and websites, I thought I should mention mobile devices too. At a minimum, you should set up a PIN. But that just stops the random person who picks up your phone if it’s lost or stolen. My antivirus+ software, Webroot, is also on my Pixel (and it also has a feature that lets me wipe the data remotely).
So often we’re focused on our laptops but forget that our mobile phones are mini computers carrying the same data. Bad apps, like bad extensions, can worm their way into your data. I don’t install any apps that I haven’t vetted. In fact, I did a (reputable tech sites) search recently for “best recorder apps” when I was looking for an app that could record a conversation.
Finally, I’ve written before about some things to watch for and fix before they become problems. Don’t reinvent the wheel. Learn from what I learned the hard way, and make your browser, your website, and your overall cybersecurity a little more secure.
Hourglass by Uroš Jovičić (Unsplash); private by Dayne Topkin (Upsplash).