Good security advice can be hard to find. Lots of security experts offer help, but not all of their tips are accurate or up-to-date, and many address PC security only. So even if you follow their advice, you may be more vulnerable than you think. That's where we come in. We've assembled a dozen simple but essential tips--a 12-step security program--to keep your PC, smartphone, gadgets, and identity safe. The steps are practical and fairly easy to perform, so you can strengthen your security without losing your mind in the process.
1. Use Virtual Credit Card Numbers to Shop Online
You have good reason to be nervous when using your credit card number to shop online. After all, you may know little or nothing about the company you're buying from, and your credit card information is at risk of being compromised in a data breach. Using a virtual credit card number is one way to make your Internet shopping excursions more secure.
Essentially a wrapper for your regular credit card or debit card account, a virtual card number is good for one use only. When you use the virtual number, the bank that supplied it charges your purchase to your regular credit or debit card, but hackers never gain access to the underlying credit card information.
Various financial institutions maintain some sort of virtual credit card program. Bank of America, for instance, offers a ShopSafe service, and Discover has a similar service built around what it calls a Secure Online Account Number. Check with your bank or card issuer to see what options are available. Alternatively, consider Shop Shield, a virtual card number service that you can use with any credit card or checking account.
2. Secure Your Wi-Fi
Is your Wi-Fi network at home password-protected? If not, it should be. You might not care if your neighbors use your Wi-Fi connection to surf the Web, but someone with more sinister motives could take advantage of your generosity (and lack of protection) to gain access to data stored on your home PCs.
The easiest way to guard against Wi-Fi interlopers is to encrypt your Wi-Fi network. Afterward you'll have to enter a password whenever you connect to your Wi-Fi network, but that's a small price to pay for improved security. Most Wi-Fi routers support WEP, WPA, and WPA2 encryption standards. Be sure to use either the WPA or WPA2 encryption settings, which provide a much higher level of security than WEP encryption.
Another safeguard is to set your router not to broadcast the SSID (your network's name). With SSID broadcasting disabled, your wireless network won't be visible to computers nearby, and only people who specifically know your network's name will be able to find it. The procedure for locking down your Wi-Fi will vary depending on your router's model and manufacturer. Check the router's documentation for instructions.
3. Encrypt Your Hard Drives
Hard drives and USB flash drives are treasure troves of personal data. They're also among the most common sources of data leaks. If you lose a flash drive, external hard drive, or laptop containing sensitive personal information, you will be at risk. Fortunately, encrypting your hard drive can give your data an extra layer of protection beyond setting up a system password. Encryption will conceal your drive's data and make accessing the files almost impossible for anyone who does not know your encryption password.
The Ultimate and Business editions of Windows 7 and Vista come with BitLocker, a tool that lets you encrypt your entire hard drive. If you don't have the Ultimate or Business version, another alternative is to use TrueCrypt, a free, open-source tool that can encrypt your entire disk, a portion of a disk, or an external drive. For its part, Mac OS X includes FileVault, a tool for encrypting your Mac's home folder; Lion, the next major Mac OS X release on the horizon, will be able to encrypt a whole hard drive.
Another option is to buy external hard drives and flash drives equipped with encryption tools. Some of these drives have built-in fingerprint readers for additional security. See "Secure Flash Drives Lock Down Your Data" for more about secure flash-drive options.
4. Keep Your Software Up-to-Date
One of the simplest but most important security precautions you should take is to keep your PC's software up-to-date. I'm not talking exclusively about Windows here: Adobe, Apple, Mozilla, and other software makers periodically release fixes for various bugs and security flaws. Cybercriminals commonly exploit known vulnerabilities, and Adobe Reader is a constant target of such assaults.
Not infrequently, the latest version of a popular program introduces entirely new security features. For example, Adobe Reader X, the newest version of the company's PDF reader, uses something called Protected Mode to shut down malware attacks. If you still use an earlier version of Adobe Reader, you aren't benefiting from Reader X's security enhancements.
Most major commercial software packages come with some sort of automatic updating feature that will inform you when a new update is available. Don't ignore these messages; install updates as soon as you can when you're prompted to do so. It's a little bit of a hassle, but it can prevent major headaches later on.
5. Upgrade to the Latest Antivirus Software
If you're running antivirus software from two or three years ago, you should upgrade to the most recent version, even if you still receive up-to-date malware signature files for the older edition. The underlying technology for antivirus software has improved significantly in recent years.
To detect threats, antivirus products today don't rely solely on the traditional signature files (regularly updated files that identify the latest malware). They also use heuristic techniques to detect and block infections that no one has seen yet. Given how frequently new viruses crop up in the wild, the ability to protect against unknown malware is critical.
6. Lock Down Your Smartphone
If you use your smartphone the way I use mine, your handset probably contains lots of personal information--e-mail addresses, photos, phone contacts, Facebook and Twitter apps, and the like. That accumulation of valuable data makes smartphones a tempting target for thieves and cybercriminals, which is why the smartphone is shaping up as the next big security battleground.
Android phones are already being hit with Trojan horses and other types of malware, and security experts agree that mobile malware is still in its infancy. Worse, many users don't think of their phones as computers (though that's what the devices are), so they don't take the same security precautions they would with a PC. If you haven't downloaded a security app for your Android phone, you should. Most smartphone security apps are free, and it's far better to have one and never need it than to get caught off-guard and exposed without one.
If you have an Android phone, the first app you should install on it is an antivirus program. Besides scanning for malware, mobile antivirus apps may support such features as a remote wipe (so you can securely remove all data stored on the phone if you lose it), GPS tracking (for locating your phone if you misplace it), and SMS spam blocking.
Our favorite freebie in this category is the Lookout Mobile Security app. Lookout scans your phone for existing malware threats and automatically scans any new applications you install on your handset. Other popular antivirus apps, available for a subscription fee, are Symantec's Norton Mobile Security (beta version), AVG's Antivirus Pro, and McAfee's WaveSecure.
Because Apple's App Store takes a more restrictive approach to apps offered for sale there, iPhone owners generally don't have to worry as much about malware, though it's always possible for something to slip through the cracks. Apple hasn't allowed any proper antivirus applications into the App Store, either, but you do have some security options.
One is a device tracking and remote-wipe service from Apple called Find My iPhone. It comes as part of Apple's paid MobileMe service ($99 per year), but Apple also offers it to any iPhone, iPad, or iPod Touch owner, free of charge. With Find My iPhone, you can lock and remotely delete data stored on your iPhone, track the device via GPS, remotely set a passcode, and display an on-screen message with an alarm sound (so you can find it if you misplace it around your house or office).
One more tip: When choosing a mobile antivirus program, it's safest to stick with well-known brands. Otherwise, you risk getting infected by malware disguised as an antivirus app.