Welcome to the blog of the book

The ebook is created from the blog posts of this blog

Hello dear reader,

I have added new content in the book:
- The long required introduction “Who should read this book?” which explains what the book is all about and why you should read it.
- Chapter “Online Security”: Enable two-factor authentication for Tumbler
- Chapter “Online safety for parents”:
- Parental supervision for parents
- Parental control for browsing

Enjoy it and help to spread the word: http://improve-your-security.org/social-media

No comments yet

More and more social media websites and not only are enabling two-factor authentication in order to secure their users better. Following all other major portals, now also Tumblr allows users to enable it.

 

settings

 

Here is how to activate it in easy steps:

  1. Visit your account settings.
  2. Click the “Two-factor authentication” switch.
  3. Enter your phone number.
  4. Now decide whether you’d like to receive the code via text or through an authenticator app. We recommend both in case you need to use one as a backup.
  5. Follow the steps laid out in the settings page.

After you’ve enabled it, you need to login in the future  like this:

  1. Log in to your Tumblr account using your username and password.
  2. Once you’ve received the unique code (either via SMS or through an authenticator app), enter the code in the specified field.

By the way, did you notice that by default the website is not using SSL? Please click on the “Enable SSL security” switch to turn it on by default for future logins.

 

How will Two-Factor Authentication work when you log in through iOS or Android apps?

When you have two-factor authentication turned on, you’ll need to generate a special one-time-use password in order to log in through your mobile apps. You can generate one through your Account Settings page.

 

What happens if you disable Two Factor Authentication?

We strongly advise against this. But if you must, you’ll be asked  to enter your account password to make sure it’s really you. You’ll then be able to log in to your account without the extra verification step. If you would like to re-enable it at any point, you’ll have to go through the aforementioned setup process again.

 

Which authenticator apps to use?

Tumblr recommends Google Authenticator, which you can download for iOS and Android.

 

Learn here how to activate two-factor authentication for other services as well.
If you want to improve your overall security, check out our Improve Your Security series.

No comments yet

You have an email account, a Facebook account, a LinkedIn or XING account.  And you have passwords for them. You think you’re secure. But you are not.

These days, cybercriminals aren’t only after our computers’ resources. They are interested in our identity, financial information and in our social media accounts.

That’s why it’s important to know how to properly protect your online assets against cybercrooks.

The content of the book was initially written as a collection of blog posts that were published on Facebook, Twitter, LinkedIn and XING. I noticed the high interest of the users of these services in my posts. This was a signal for me that there are people out there who want to know more and want to do more for their security and privacy.

It is expected from the reader to have a basic knowledge about various IT concepts, but as a user and not as a specialist. Usually, if you are just interested in technology, have an email address and/or a Facebook account you will be able to understand this book very well.

You should definitely read this book

  • If you are a user who thinks about what is happening with the data that you publish online (pictures, texts in all forms, songs, etc.).

  • If you are aware that there are people out there who want your data not because of its value for them but for you. Once they get your data, they might ask you to pay to get it back.

  • If you want to become for your children also in the online world the guide and the model that you are in the real life.

 

Content

The book is split into several chapters that cover various aspects of your digital life:

- Accounts and Passwords

Create good passwords, and best practices recommendations. Stop using the same password for your email account and for all those websites.

- Online Security

Harden your Facebook account, enable two-factor authentication for Google, Facebook, Dropbox, Twitter and LinkedIn accounts.

- Device Security

Learn about software updates, backups, encryption and password protection, what to do in case of malware infections.

- Tips that you can print and share

20 tricks to improve your security in general, 10 steps to securing a new computer, protecting social media accounts, and 10 tips for mobile device security, how to determine if their social media accounts have been hacked.

- How to protect yourself from advertisements and tracking (in construction)

Tools and ways to stop those nasty websites from tracking your online behavior.

- Online safety for parents (in construction)

Guidance for those parents who have children that just start discovering the online world.

 

Are you in a hurry?

Then jump to the chapter 8 “Tips that you can print to improving your security”.

 

The best part

This book is completely free and will remain like this. Even better, it is a book that will never be finished. I constantly add new and update the content to reflect the current situation in IT security.

Get your free copy today: www.improve-your-security.org

 

 

No comments yet

There has been a lot written about whether or not it is ok for parents to control what their children are doing on the Internet. This starts with supervising which websites they are visiting and spending time on.
Parental control applied to browsing means several things:

  • Filter the websites which they are allowed to visit based on their category. This includes many categories like sex, violence, games, social networks, etc. and it functions like a blacklist of addresses. Remember that no blacklist is perfect and that every minute there are many websites created, so it can be that exactly your child’s favorite website is not in that list yet.

  • Control the time they are allowed to spend online
    By setting time limits you make sure that your children have a real social life and interact with people outside of the virtual world. The “friends” in the virtual world are not exactly real friends. See the previous chapter – many children and yound people post things which they would never say to someone face to face. This makes the difference between online and offline.

  • Set the device’s profile to be that of a child.
    Many mobile devices like tablets allow now to set second profiles which are locked environments which can be used exclusively by children. Unfortunately not all allow this, so you have to be careful what you use. Windows allows this in the configuration of each user account.
    If your devices can’t properly set this up then you should configure this directly in the router. OpenDNS (http://www.opendns.com/) has some good How-Tos for the most used devices around.

  • Have a chat with your child about what he should see and what not, what is real and what not.
    This is the healthiest and long term solution. But, the temptation is big and after all, all his “friends” are doing that already. Many children think that if someone is doing something, then it can’t be that bad. This is why it is also important to continue to keep an eye on what he is doing.

 

 

No comments yet

Social media websites like Facebook, Instagram and alike are so heavily used because they make it easy for people to share information with others. Many don’t know that sometimes, what they share is shared with the entire user base of the social network, not only with their friends. Even if now the default settings have improved, there is another problem that still remains.
Definitely, the most challenging part in dealing with social media these days is the ability to know what is OK to share and what not. I always advise young people in this regard: share only what you would trust yourself to say loud in a room full of people. If you can’t do that, then don’t share it.
But, even with this rule of thumb, many young people feel over-confident and still over-share.
Here is where the parental guidance and supervision must come.

 

oversharing

 

 

 

 

 

 

 

 

 

 

 

Children and young people don’t think too much when it is about sharing. Try to explain them using these categories and use simple examples from their environment (friends, situations, etc.).

Here are several things which have to be considered when you talk to your child about sharing.

  • Something that got published remains there for a very long time, and potentially can’t even be erased anymore. Internet never forgets nor loses something because there are all kinds of backups, replications and alike. This means that even if you write in one place, the things you published might be used by other portals that aggregate that information. Once it is online, you lose the control over what is happening and you can see that the pictures you shared with a lot of people get tagged and reshared multiple times. The more exciting the picture, the more attention it gets.

  • Always read twice before clicking on Send – it is about the smallest typos which can make a huge difference in the meaning (yes, some of those auto-correct errors are real), and about how confident you feel about sending something that what you wrote might pop-up on a user’s screen. If you think that the recipient of the message would enjoy it, then send it, otherwise not.

  • If you send plan sending a message to someone, would you tell him/her that in a face to face discussion as well?
    Sometimes it is easier to bash someone when you don’t see it and this is how cyberbullying starts. If you wouldn’t tell that directly to a person then you shouldn’t write it also.

  • Your view on the things can be different. What you might find funny, others may find outrageous, disturbing or offending. If you want to make a joke about someone, think about how the other is going to see that before you send.

If you think that your children require some supervision, try using some services that integrate with the social networks and allow you to see if there is anything strange going on. You need a tool that scans, analyzes and alerts you to suspicious or concerning activity including:

  • Contact from strangers

  • Cyberbullying dangers

  • Inappropriate content/language

  • Reputation risk

 

No comments yet

Hello dear reader,

I finally manage to find some time to write the introduction chapter called “Who should read this book”.

I also added a new chapter in the “Device Security”, related to Microsoft’s announcement for the end of support of Windows XP.

Please help me to spread the word about the book by liking the Facebook page, twitting, sharing: http://improve-your-security.org/social-media/

Happy reading,
Sorin

No comments yet

Well, at the first glance, this Myth might actually be true… But…

It is never so simple to speak only about cost and effort.

Let’s take software development as main example (I am good at that).

If you are a company that does something unrelated to software development, such an approach might make more sense. But, there is  ”but”. :)

If you are a software development company, you need to go through the process of determining if you “build or buy“. “Buy” in this context means also to pay somebody to do it for you.

The “BUT”:

In any case, one thing has to be made clear: Never, ever, outsource something that is critical for your survival  (e.g.: revenue, main product you sell, main system you use to do your job, etc.).

Since it is outsourced, you don’t have control on it. If the company decides to cancel the contract with you, or disappears from the market, you might lose everything.

Of course, there are all kind of contractual clauses, but anything that disrupts your activity is critical for your business.
So, “build or buy” careful…

No comments yet

I started some time ago to write the chapter 7, Online safety for parents. There is so much to write about, that I don’t know where to start.

Does anyone have some ideas or thoughts how should I start?

Or, what do you expect to find in this chapter?

 

I need some kind of prioritization to start.

Here is what I have in mind:

  • Software to monitor your kids on social media websites

  • The smartphone

  • Cyberbulyling

  • Configure social media websites to be secure for your children:

  • Facebook

  • Google Plus

 

Let me know: book@sorinmustaca.com

 

 

No comments yet

Hello dear reader,

I am living really are exciting times as the book starts to be known world-wide.
Have a look in the “In the News” page on the blog: http://improve-your-security.org/news/

I added two new chapters in the book:
- Chapter 6. IT Security Myths
20 myths which might make you laugh, but actually I and other IT security professionals are meeting them every day. Unfortunately, only when it is too late and people suffer from cyber attacks.

- Chapter 7. Online safety for parents
This chapter is at the very beginning and it is about teaching parents to securely deal with social media in order to allow them to explain to their children about the risks and pitfalls of being (too much) online.
Stay tuned, a lot more will be added here.

There is also a new sub-chapter in Chapter 5. Did you know you can opt-out from Google’s targeted ads and tracking?
Some hints about how to control what Google knows about you.

I hope you will enjoy the book !

Don’t forget to spread the word: http://www.improve-your-security.org

Sorin

No comments yet

It is true that if you connect to the email server via SSL (actually, using the SMTPS protocol) nobody can peek into your email… until they reach the server.

email-encrypted

 

 

 

 

 

 

Usually, email servers connect to each other via SMTP, without encryption. And this is the problem as the connection between them is plain text and anybody can read the content.

The only secure way to make sure that only you and the intended recipient is to encrypt the email. Of course, you need to encrypt the email using PKI so that the recipient can have the possibility to decrypt it.

 

No comments yet

%d bloggers like this: