In 2014, companies announced nearly a breach every day, exposing an average of 1.1. million identities per breach.
For consumers, the news appears grim. From ads on major websites infecting consumers’ systems to ransomware that can hold data hostage, criminals continue to successfully steal money and data from half a world away. If companies can't protect themselves from the bad guys, what chance do individual users have? Even the police are falling prey to criminals.
In reality, consumers have a better chance than most companies. Yes, home users are overwhelmingly targets of opportunity, but they can protect themselves by making their systems harder to compromise and looking out for signs of infections.
“You can’t just pack it up and give in, even though that may seem to be a reasonable approach,” says Mark Nunnikhoven, senior research scientist with OpenDNS. “You need to take reasonable steps to protect yourself.”
You might also be interested in reading our comprehensive review of Bitdefender's Box.
For years, security professionals have tried to erect impenetrable digital walls, but that strategy has largely failed. Instead, the latest philosophy focuses on throwing up multiple hurdles in front of attackers and improving awareness—spotting attacks before they can do damage.
For consumers, these techniques boil down to three simple strategies.
1. Don’t leave a device vulnerable
With the average person carrying three devices—a smartphone, a tablet, and a desktop or laptop—keeping track of whether all those devices have downloaded the latest updates is a chore. Multiply the workload by the number of family members and keeping up with updates can be an enormous and ongoing project.
A few security services can help the family administrator manage the problems. For Windows users, Secunia’s Personal Software Inspector, a free service, checks all third-party software for updates and gives instructions on how to update. For hybrid households, OPSWAT Gears, a free service for less than 25 devices, makes sure that each PC and Mac passes a number of security checks, such as whether it has antivirus, a firewall, and an encrypted hard drive.
“We get you a score for compliance and then we give you the tools to improve your score, either based on systems configuration or third-party applications,” says OPSWAT CEO Benny Czarny.
In addition, most major security software makers have made managing multiple devices much easier, albeit for a fee.
2. Monitor your network's traffic
Once your systems are locked down, the next step is to monitor the network for potentially bad traffic. To compromise your computers, attackers must communicate with your network, and that leaves traces.
One option: Look at the logs captured by the network router. More advanced routers--including many high-end consumer models and most models designed for small-business use, have options for logging or even for archiving of logs in the cloud. Another option is use a cloud service, such as OpenDNS, which collects all the domain requests generated by your users, blocking communications to suspect servers and websites and allowing family administrators to filter inappropriate traffic.
“You want to have more visibility into what is going on in your network,” says OpenDNS’s Nunnikhoven. “That means that you can look at each one of those devices in turn or you can try to go up a level and look at the overall network visibility.”
3. Check outbound traffic
Finally, having a firewall turned on and protecting your computer from outside threats is a no-brainer. But for consumers who want more protection, an outbound firewall—such as Little Snitch for Mac OS X and GlassWire on Windows—can alert them to potentially malicious applications trying to connect out to the Internet.
Outbound firewalls, on the other hand, have a somewhat noisome learning curve. Every time an application attempts to communicate with the Internet, the user must allow or deny the request. The firewall will remember the answers for the future, but it generally takes a few days to get to a point where the firewall is not inundating the user with alerts.
Still, the effort can pay off, says Nunnikhoven.
“There is no magic bullet for security,” he says. “But with a few relatively low-cost tools, you can create a good layered defense.”