Protect your device, browser & web connection
When thinking about website security, it is easy to overlook the:
- device (operating system) used to connect to your website,
- the way you connect (your web browser) to the internet, and
- how you connect (in the clear or via encryption).
The MELTDOWN and SPECTRE security vulnerabilities of January 2018 point up the importance of ensuring that you are using the latest available version and release of Operating System and Web Browser.
And that when you sign into any website you do so via an encrypted link (HTTPS).
To use the latest available version and release of operating system and browser is no guarantee that your personal data will not be stolen but it will significantly reduce the risk.
Likewise when you take the time to add an SSL certificate to your website.
DEVICE Operating System (OS)
The device you use to connect to the web should be using the latest available version and release of OS.
Is your device using an old version of proprietary OS?
It is possible that users of older versions of proprietary operating system (OS) will not benefit from the latest available security release.
Users of older versions should check that new OS update announcements apply to their older version.
If not then they should plan to either upgrade to the latest version OR switch to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Is your device compatible with the latest version of its OS?
We know many old computers will not run the latest version of MacOS or Windows 10.
If this is your experience then you should plan to change to a different OS.
We advocate open source.
Linux Mint is an example of an open source OS.
Search for "how to switch to linux mint" if you would like to try Linux Mint.
Tips for users of proprietary operating systems
If you use a proprietary operating system then it is essential that you:
- turn on User Account Control (UAC), and
- tweak its settings so that it ALWAYS notifies you when system changes that require administrator level permissions are about to be made;
- set Automatic Updates to be applied automatically or prompt you when updates become available;
- regularly scan your computer for malware but don't rely only on your anti-virus package;
- also scan using a specialised anti-malware application like malwarebytes.
WEB BROWSER
The web browser you use to surf the web should ALWAYS be the latest available version and release.
Chrome
Hacker News report: New Google Chrome Zero-day Vulnerability Found.
Do NOT use a version of Chrome earlier than 72.0.3626.121.
Reason: this version was a security patch issued by Google to address a serious security vulnerability.
RECOMMENDED: Sign up for The Hacker News Newsletter when you visit the above link.
Use Strict Site Isolation
This was an optional security feature in older versions of Chrome,
It is now enabled by default in Chrome 67 and later versions on Windows, Mac, Linux, and Chrome OS.
Another reason to use the latest version!
Strict Site Isolation limits the ability of rogue Javascript programs to steal data when you browse the web.
Chrome Site Isolation isolates the website you are visiting from:
- websites open in other browser tabs,
- websites embedded inside other websites (via iframe).
Read more: Site Isolation and how it works.
Firefox
First Party Isolation
First Party Isolation works in a similar way to Strict Site Isolation in Chrome.
But it is NOT enabled by default.
We recommend that enable First Party Isolation.
If you experience issues after enabling it you can easily disable it by following instructions at the following link.
Read more: How to turn on First Party Isolation.
Tips for users of any and all browsers
Turn ON Browser Security Features.
Never let your browser remember passwords.
NEVER trust website pop-ups that tell you to download a browser update.
FREQUENTLY clear the browser cache (short term memory).
WEB CONNECTION
Make sure you always connect to your website and hosting control panel by secure encrypted connection when you are administering its content.
Check your Router has not been hijacked
Router (or DNS) hijack means that someone has intentionally modified the settings on your router without your consent.
The hijacker will be able to:
- monitor,
- control, and
- redirect
your Internet traffic.
For example, if your router is hijacked then the next time you visit a website you might instead be redirected to a fake version of the website.
Routers are more vulnerable to being hijacked if they contain vulnerabilities or have been misconfigured.
FREQUENTLY check your router has not been hijacked using the FREE tool provided by F-SECURE.
Read more: F-SECURE Router Checker.
Learn more about how F-SECURE Router Checker works
And get a second opinion.
Read more: Review of F-SECURE Router Checker by Tom's Hardware.
Read more: Free Tools to Test Scan your Router.
Add an SSL Certificate to your website
When you add an SSL Certificate to your website's domain your user credentials will be encrypted when you sign into your website's control panel.
We recommend free Lets Encrypt SSL certificates which can be quickly and easily added when you sign into your hosting control panel.
There are some Joomla! and SEO settings that may need to be changed when you add SSL.
Read more: How to add a Lets Encrypt SSL Certificate.
File Transfer
NEVER connect to the server hosting your website via an unencrypted connection.
AVOID use of HTTP and FTP.
ONLY use HTTPS and SFTP or FTPS.
NEVER store your user credentials in your Web Browser or FTP Client's cache.
Read more: File Transfer.
EMAIL CLIENT
Let CAUTION be your watchword when using your Email Client.
Useful pointers to keep in mind every time you read an email
NEVER click on links from sources you neither know or trust.
NEVER reply to spam or click on unsubscribe links unless you trust the sender is genuine. Instead mark the mail as junk.
NEVER assume a known source is the person you think it is.
ALWAYS use caution when clicking on email links, especially shortened URLs.
NEVER open attached files without scanning for viruses and malware.
SUBSCRIBE to 'The Hacker News' newsletter
To keep up to speed with the latest security threat affecting your website, operating system and web browser.
You can sign up when you visit the link below.
"The Hacker News (THN) is a leading, trusted, widely-acknowledged dedicated cybersecurity news platform, attracting over 8 million monthly readers including IT professionals, researchers, hackers, technologists, and enthusiasts."
Read more: About 'The Hacker News' Media.
Make Joomla! CMS Security YOUR #1 Priority
We offer Joomla! coaching, help and support to businesses and organisations across Cheshire, Manchester, Merseyside, North West England & the UK.
Learn how to manage Joomla! website security.
