2017 is the year you have to finally take backup seriously, seriously. In the past it wasn’t such a big deal but with Ransomware becoming big business, you have to protect yourself.
In case you somehow don’t know Ransomware is malware that installs itself onto your computer either via a website you accidently (or on purposely) visited or downloaded to your computer via other means that encrypts your hard drive and demands a “Ransom” to get your files back. This Ransom is usually paid in a digital currency called Bitcoin.
While the Ransomware goes by many names, once you have it, you are in a world of hurt.
Here are some of my tips to protect yourself from Ransomware:
The Best Option: Backup your files to an external hard drive. Regardless of what type of computer Operating System you run, if you run Mac OS or Windows, your best friend is an external USB hard drive. On a Mac, backup is easy, Time Machine. If you buy a USB Hard drive such as the Western Digital My Book series, they often come with backup software to assist in backing up your system. The first time you run backup, it will take a long time because it is backing up everything and I recommend having it backup everything.
Paranoid Alert: The issue is, if you get Ransomware onto your computer, it will also infect your external hard drive unless… After you run your backups (which you should do at least weekly), you should safely “eject” the external hard drive, disconnect it, and store it somewhere safe you will remember. Why? Because if the drive is disconnected from your computer and your computer is infected by Malware or Ransomware, once you get your computer back in working order, you can restore your files from this. You may have had to recover the laptop but you didn’t have to work to hard to get your files back. Also, if you are going on vacation, really hide this hard drive. If you computer or laptop are stolen, you can always eventually get a new one and your files are still safe.
Second Best Option: Backup your files to the cloud using iCloud if you are a Mac user or Google Drive or OneDrive or Dropbox or any service you trust to backup to. The issue with these options are they are not always user friendly and may not backup everything. OneDrive will backup your My Documents folder on Windows machines but offers no automation at all on Mac. To use Google Drive you basically have to save everything to your local Google Drive folder and wait for it to upload or sync up to the Cloud. If you are using iCloud on Mac, you have to tell it what folders to backup.
Paranoid Alert: Three things, 1) If you use more than their free space, these services cost money. As of this writing it costs $20 a year for 100 gig of iCloud or Google Drive space. OneDrive gives you a Terabyte if you buy Office 365 subscription so that may be a cost effect way if you really need Office 365 (a discussion for another day). 2)Don’t put confidential files into the cloud. Your tax returns DO NOT BELONG in the cloud. Why? Because if your cloud service is hacked, you are hacked. This leads to a discussion about Encryption (also a topic for another day) 3)If your computer is hacked and your cloud service is active, your computer is sending Ransomware encrypted files to your cloud. This means you may be losing your files if they don’t offer some type of versioning (versioning is where old versions of files are kept along with the new latest version). As of this writing, Google Drive keeps 30 days of versions of your files. That means you have to know within 30 days or less that you have been compromised and you need to restore your old versions. So if I write a file on Tuesday and then I update it on Wednesday, Google will allow me to go back to the version of the file I had Tuesday.
Other ways to protect your computer:
- Antivirus -The issue with Antivirus is they are not always kept up to date and sometimes there are viruses that are so new, no Antivirus in the world can protect you. But as the saying goes, the best offence is the best defence. It is better safe than sorry. In a Mac World it could be argued you don’t need antivirus and that is mostly true but sometimes you can be socially engineered into allowing something bad to happen. Always get a prompt when something is trying to install to your Mac or Windows, sure, but did you read what it said? Were you actually expecting something to pop up? Were you even installing anything? Or worse, sometimes the worst malware comes as a bonus (read that as bogus) that comes with something “legitimate” you are installing. I have had good luck with McAfee and Norton Antivirus suites. You can’t run with only their Antivirus and expect it to defend it all. You also need their malware and other features that come with Internet Security suites they offer.
- Web Of Trust Browser extension: My favorite browser extension is WOT, Web of Trust. It is an extension that works with Chrome or Mozilla that tells you the reputation of various websites you visit or in the case of bad ones, attempt to visit. If it is really bad, it will block it and ask, are you really sure? It is especially useful in Google Search as it puts a Green ring (if it is considered a good site) beside the search results. No Green Ring and I don’t click on it. McAfee offers a similar service for free but sometimes I see conflicting information between McAfee and WOT. Since most Malware and Ransomware is picked up by the sites we surf, this is good peace of mind. See image of sample search results with WOT on Google.
- Firewall – Windows and Mac both come with firewalls. Also most home wireless routers come with some firewall protection, but usually this is turned off or set at a very low level. Also this is the type of thing that can be tricky to manage and requires some technical skill. Go with at least the minimum protection. Read the Manual and you too can try to learn to increase your security.
- HTTPS or else: I know right now this site is not HTTPS but it will be soon. You should always only visit sites that are HTTPS (meaning the connection is encrypted). This doesn’t mean bulletproof mind you but it does offer some protection. When you visit sites without HTTPS, you are allowing information to travel between your web browser and the website without encryption, which means plain text, which means if someone were snooping, they could see everything you are passing back and forth. EFF.org has an extension for Chrome and Mozilla that forces HTTPS. It is called HTTPS Everywhere. I highly recommend running it to help ensure you are on the legitimate sites for things.