At this point in the book, I’ve covered most of the technical topics that require background and longer explanations. However, there are a handful of other topics that I want to touch on because I feel they’re important. In this chapter, each section will have its own checklist with just a brief introduction. It’ll be sort of like a lightning round!
When Bad Things Happen
Up until this point, the entire book has pretty much been about preventing bad things from happening. Sometimes despite our best efforts, we still get bitten by misfortune. In this section, I will try to walk you through the recovery process for some common cyber-calamities, or at least point you to web sites that can help you.
Tip 12-1. E-mail Account Is Hacked
Immediately change your password and use LastPass to create a strong, unique one. Until you change your password, the bad guys can continue to use your account for their nefarious purposes, all the while pretending to be you.
You might want to change your security questions.
Look in your inbox for any e-mails about password changes or password reset requests that you did not initiate. As I discussed earlier in the book, most password recovery procedures involve sending you an e-mail to reset your password. If you find evidence of a successful password change, you should assume those accounts are compromised. Inspect them closely for bad transactions and change the passwords on those accounts, as well.
Look at your Sent folder to see whether any spam or scam e-mails were sent on your behalf. You may also want to contact any recipients of those e-mails to let them know they did not come from you and may be malicious.
Check your e-mail settings to see whether anything looks amiss. For example, make sure someone didn’t add or change your e-mail signature (an optional bit of text that is automatically included at the bottom of every e-mail you send). Check your autoforwarding and vacation/away settings, as well.
You should probably inform your e-mail provider that your account was hacked but that you have changed your password. They may be able to take some action against the attackers.
Finally, this would be a good time to enable two-factor authentication, if it’s available. If you had had this in the first place, your account probably would never have been hacked.
Tip 12-2. Web Site Password Breach
If you get a notice from a web site where you have an account saying that there has been a “security breach,” they will usually tell you that you should change your password. That’s precisely what you should do, right away. As a further precaution, don’t use any links in the e-mail (just in case it’s a fraud). Log in to your account by manually entering the web address or using a bookmark or favorite.
What the e-mail may not tell you is that if you use this same password on any other web site, then you better change your password on that site, too (and make it unique this time). If the web site breach e-mail says that credit card numbers were also lost, you should keep a close eye on your credit card account, looking for purchases that you didn’t make.
That’s “have I been pwned.” The term pwn (rhymes with “own”) is hacker lingo for dominating or defeating someone. If you’ve been pwned, you’ve been successfully hacked. This site maintains an up-to-date catalog of all the known server breaches, indexed by e-mail address. You enter your e-mail address and the site will tell you whether that address was part of a known breach.
Tip 12-3. You Suspect You Have a Virus
If your files are held hostage for money, see the next Tip.
Your computer is suddenly more sluggish or less responsive.
Your computer appears to be working hard even when you’re not using it. For example, the fans are blowing full tilt or the hard drive light is flashing constantly.
Unwanted windows or applications are popping up all the time.
Computer or web browser settings change without you doing it.
- 1.
If you haven’t already installed antivirus software, do that immediately (see Chapter 5) and run a full scan.
- 2.You can download and install special, on-demand virus checkers.
Malwarebytes “for home” version (Mac or Windows): https://www.malwarebytes.com/mwb-download/
If you have a Windows machine, you can also try downloading and running Microsoft Safety Scanner: https://www.microsoft.com/en-us/wdsi/products/scanner
- 3.
If you can’t seem to shake the virus, you might have to completely delete this user account. (If the account was your admin account, you might even need to completely wipe the entire computer and start over.) If you are pretty sure you know when things started going haywire, you can try using your backup software to bring your entire computer back to a point in time prior to the suspected infection date.
Tip 12-4. You’ve Got Ransomware!
If you get a pop-up message or big scary screen telling you that all of your files have been encrypted and you must pay money to fix it, you’re the victim of ransomware. If you have a full backup of your system (see Chapter 3), you can simply restore your system to a point in time prior to the ransomware infection and you’re done. That’s why the backup is so crucial.
If your backup is only for your files (and not your entire system), then you’ll need to delete the infected user account and then restore the files from backup.
If all else fails and you really need those files back, then you can always pay the ransom. In most cases, you will get your files back. If you didn’t, word would get around, and no one would pay. It’s in their best interests to bend over backward helping you. Some of these guys actually have tech support that you can call…I’m not kidding. You will probably be asked to pay with Bitcoin or some other anonymous payment method. Again, they should provide with all the help you need to do this.
Tip 12-5. Restoring a Lost or Messed-Up File
Mac OS Time Machine: http://support.apple.com/en-us/HT201250
Windows 7/8.1 Backup and Restore: https://support.microsoft.com/en-us/help/17127/windows-back-up-restore
Windows 10 File History: https://support.microsoft.com/en-us/help/17143/windows-10-back-up-your-files
Backblaze: https://www.backblaze.com/restore.html
And When I Die…
So, what happens to all your various online accounts when you die? That’s a question most people probably never ask themselves until it’s literally too late. While most people are aware that they should have a will and maybe some healthcare directives, most people don’t often get these documents created unless they’re very wealthy or particularly fastidious. But how many people take the time to handle their digital estates? What should happen to all your e-mails, photos, music, forum posts, dating site info, social media accounts, and so on? In this section, I’ll give you some tips on how to manage your digital affairs.
Tip 12-6. Get a Will
I can’t stress this enough. If you have a spouse or children, you really need to have a will in place. Every state has different rules about what happens to your stuff if you die without a will, but these processes can take a long time, and the default rules may not suit your needs at all. When you go to get your will, talk to your lawyer about handling your digital assets, as well. They should at least be able to tell you what your state law says about this subject. Be aware, however, that this area of law is very new and evolving quickly.
Tip 12-7. Add a Backup to Your Safety Deposit Box
Again, this is not really a digital thing, but it’s important. Many banks will not honor a will or power of attorney to allow access to a safety deposit box. I have no idea why this one thing is treated specially, but apparently it is. So, make sure that your spouse and perhaps one of your children have been approved to access your safety deposit box.
Tip 12-8. Save Your Passwords Somewhere Safe
Your successors may need immediate access to things like bank accounts, investments, insurance, computer accounts, and so forth. You should therefore print off a list of your most important passwords and keep them in a safe place. Better yet, print off some one-time passwords for LastPass, which will work even if you change your master password. You might put these printouts in your safety deposit box or in a fireproof safe. LastPass also has a Family Plan that can allow access after a period of time—sort of dead man’s switch. If you don’t respond within a time period, your chosen successor will be given access to your password vault. Just make sure that whoever needs these passwords knows where they are and knows how to get to them.
Tip 12-9. Ensure Access to Two-Factor Device
If you’ve followed my advice on setting up two-factor authentication where you can, that means your successors will also need access to your two-factor authentication devices. This will most likely be your cell phone. So, make sure that your cell phone account can remain active (so your phone can receive SMS messages) and that your authenticator app is accessible (write down your phone’s PIN somewhere).
If by some misfortune your loved one dies without doing this, your best bet will be to try to access their accounts from known devices and in known locations. This might prevent the two-factor code from being needed, at least for a period of time.
Tip 12-10. Appoint a “Digital Executor”
While you might want to simply hand over all your passwords to your beneficiaries when you die, you might actually have some parts of your digital life that you want to die with you. The only way to accomplish this is to appoint some third party who you trust to take care of this for you after your death. Your lawyer might be a good choice. You will need to carefully document what you want done with each account. You will only want these passwords and instructions to be opened after your death, which is something your lawyer should be able to arrange for you.
If you do a little Googling, you can find that people are starting to write articles about what to do with your digital life when you die. Search for digital estate planning . These services are in a massive state of flux. I had links to two of them in the first edition of my book, and they’re already either out of business or merged with some other company.
Catey Hill, “5 Steps to Creating Your Digital Estate Plan,” Next Avenue, May 6, 2012, https://www.nextavenue.org/5-steps-creating-your-digital-estate-plan/
Mariella Moon, “What You Need to Know About Your Digital Live After Death,” Engaget, December 10, 2014, http://www.engadget.com/2014/12/10/online-life-after-death-explainer/
Leigh Anderson, “You Need to Deal With Your Digital Legacy Right Now,” Life Hacker, November 15, 2017, https://lifehacker.com/you-need-to-deal-with-your-digital-legacy-right-now-1820407514
Gold Stars and Tinfoil Hats
We’ve covered well over 150 different tips on mostly simple and mostly free things you can do to improve your computer safety. While some of these tips involved some effort and some of them may have impinged on your convenience, they were quite tame compared to the items in this section! Just for fun, I’m going to lay out some truly “pro” tips for taking things to the next level. These are for the tinfoil hat and black helicopter crowd.1 I am by no means recommending that you need to do any of these things. For that reason, I’m not going to painstakingly lay out the steps required to do them. However, I thought it would be fun to show you the lengths that some people go to in order to be super secure. These are roughly in order of effort and cost or just plain paranoia level.
Tip 12-11. Install NoScript
Tip 12-12. Install Haven on an Old Android Phone
Tip 12-13. Add a Dedicated Guest Wi-Fi Router
While most modern routers provide a “guest network” option, you still have to trust that the router software maker implemented that security feature properly. If you have some Internet-enabled devices in your home that you don’t fully trust (like Internet of Things devices) or if you have a lot of strangers in your house who want to use your Wi-Fi, you might want to consider beefing up your security and having a dedicated Wi-Fi router for your guests and IoT devices. Having a dedicated router for this untrusted traffic is the safest way to make sure that guests and rogue devices cannot access your private home network.
Tip 12-14. Install Little Snitch (Mac OS Only)
Tip 12-15. Use Top-Shelf Security and Privacy Tools
More than any other web site I’ve found on privacy, this one always goes the extra mile and doesn’t screw around with half measures. Many of the tools I’ve recommended are listed here, but there are many more. For this book, I’ve tried to find the right compromise between security and convenience. Not these guys. If you really want to take things to the next level, this is the web site for you.
Tip 12-16. Install Custom Wi-Fi Router Software
DD-WRT: https://dd-wrt.com/
OpenWRT: https://openwrt.org/
Tip 12-17. Install and Use PGP
Tip 12-18. Use Tor to Protect Your Identity
Tip 12-19. Need to Blow the Whistle? Use SecureDrop
Tip 12-20. Set Up a Virtual Machine
Installing VirtualBox: https://www.virtualbox.org/
Installing Ubuntu: https://www.wikihow.com/Install-Ubuntu-on-VirtualBox
Tip 12-21. Use a Dedicated Secure Computer
While a VM is cheap and easy, you can never really be certain that there won’t be some sort of information leakage between your VM and your host operating system. If you want to go full tilt, you really need a dedicated machine that is completely separate from anything you would normally use. You can save money by buying a used machine, but of course you can’t be 100 percent sure that the person you bought it from hasn’t somehow compromised it, so you’d better just get a new one from a big-box store.
If you want to really go the cheap route, you can buy a Raspberry Pi 3 minicomputer. For just $35, you can have a fully functional Linux computer that’s about the size of a deck of cards! Of course, you’ll need to buy a case and a power supply for it, plus an SD card for the “hard drive”… but you can get all of that for about $60. All you need is a monitor, keyboard, and mouse, and you’re set!