Computer Security

Computers and smart devices are constantly being developed further, and an increasing amount of attention is being given to the security of devices. At the same time, criminals are always honing their skills and finding new ways and means of invading users’ devices. Security is not a permanent state but a continuous process. Users capable of defending themselves by adopting safeguards are the most important link in this process.

Anti-virus software as a compulsory element

Anti-virus software is the first line of defence in the fight against malware. Different types of malware force smart devices to erase all data, copy and forward their users’ information, etc. The most widely used operating systems are most threatened by malware due to their large number of users, which means that the number of potential victims as well as the amount of potential gain is bigger. Anti-virus software must be installed on both computers and smart devices, and its purpose is to block dangerous web pages or prevent the execution of files that contain malware.

If you are unsure about whether a file that has been sent to you or a link that is included in an e-mail is safe, and your anti-virus software has not been activated yet, you can check the safety of the file or web page by using the public service at http://cuckoo.cert.ee/ provided by CERT-EE.

Use a firewall

A firewall acts as a guard and decides which information can access your computer and which cannot. Every operating system (e.g. Windows, Linux, OsX) now comes with a built-in firewall. It is important not to disable it. Several firewall service providers offer different automatic configurations, for example high, medium, or low security settings, which the user can choose from. Firewalls are a common component in many anti-virus software suites, but can also be installed as stand-alone applications. Depending on the security level:

  • data will be automatically allowed to pass through,
  • data will be allowed to pass through or not depending on the user’s choice,
  • data will be denied passage automatically.

Update your operating systems

Software developers work hard to ensure that their products work well and fix any discovered security vulnerabilities as fast as possible. For that purpose, all software developers release security patches for their operating systems. In most cases, operating systems, services, and environments notify their users of any new security patches that are available for download and installation. If you have turned off automatic updates, they can be manually downloaded from the website of the operating system, but in such a case, you have to carefully follow information provided by the developer in order to remember to install important security patches.

Back up your data

No storage medium lasts forever; this also applies to your computer’s hard drive. If you store important documents, messages, or pictures on your computer and do not want to lose them, save these files in a certain folder and create back-ups. These copies can be stored on CDs, DVDs, external hard drives, or with your Internet service provider. We recommend following the principle of keeping at least three back-ups in two different environments when creating back-ups.

Take caution when reading e-mail

Most computer users receive junk e-mail (spam) promising prizes or cheap products every day or less frequently, irrespective of the settings selected by the user. The goal of such messages is to deceive people into giving out information and money, or to coax people into clicking on hyperlinks which infect their computers with malware. Do not open e-mail attachments from people you do not know and do not click on links in e-mails.

As e-mails that contain malware can also spread without the account holder’s knowledge, do not open files with suspicious extensions (e.g. .zip, .rar), even if they are sent by someone you know. You should also remain very cautious about .pdf and Microsoft Office files included as attachments if you have not received a prior thorough (or at least sufficient) description of the contents of the attachment from your acquaintance.

If a friend who mainly speaks Estonian unexpectedly starts sending out e-mails in a foreign language, ask them to check their most recent logins to make sure that their e-mail account has not been hacked. E-mails which include requests to install a specific application on your computer to better access certain information should also be approached with suspicion. It is highly probable that such specific applications also include malware, which will harm the user’s computer in one way or another.

Use strong passwords and two-factor authentication

Passwords are meant to protect information. You can be sure that the first thing an intruder enters as your password is your name, date of birth, pet’s or child’s name, or some commonly used password such as “admin”, “qwerty”, or “123456”. If this is not enough, the intruder will use a special piece of software to crack your password. The software will at first try to access your computer by inputting words from a dictionary as your password. If your password consists of more sophisticated combinations, the break-in time might be long enough to make the intruder give up.

Keep the following recommendations in mind when selecting your password (most e-mail service providers and popular social media platforms also request the same).

  • The password must be at least 8 characters long and contain both capital and lower-case letters, numbers, and special characters.
  • Use different passwords for different services.
  • Passwords have to be sophisticated enough, yet easy to remember for the user in order to avoid the need to write them down; instead, develop a system for remembering your passwords.
  • Use your ID-card or mobile-ID for secure login. Be sure to remember that your ID-card should only be in the reader for as long as actually necessary.
  • Use multi-factor authentication to protect your e-mail and social media accounts.

Take caution when downloading software

Many applications, which can be installed for free, are available on the Internet. Before you download and install a new piece of software, find out whether the software is provided by a reliable developer, and what sort of data the software can access. Make sure that you read the user manual and terms and conditions of use of the software.

Protecting your privacy on the Internet

While online, there is usually no way to look another person in the eye and make sure what their true intentions are, or whether the person is indeed who they claim to be. Examples of where a person who claims to be a teenage girl turns out to be an ill-intentioned, middle-aged man are not rare. Therefore, one should be cautious when an online acquaintance wants to meet your or your child in real life.

When asked for personal information – name, personal identification number, home address, phone number, bank account number, e-mail address – make sure that you find out what the data will be used for and how it is going to be protected before forwarding it. Additionally, keep in mind that neither banks nor major service providers (such as Telia, Starman, etc.) will ever ask you to supply data via-email or ask you to forward your personal internet bank passwords. These operations can be performed via self-service, where options exist to enter the self-service environment in a secure manner.

In the era of social media, great attention should also be paid to your privacy settings; make sure that you share personal, family-related posts only with your friends and not the whole world. All major social media service providers offer the option of limiting the target group of their users’ posts. Another thing to keep in mind on social media is that your friend list which you share personal (and sometimes sensitive) information with should only include people that you personally know.

Seek advice from a specialist

If you are uncomfortable around computers, do not hesitate to seek guidance from experts. If you do not happen to have a friend, who is a computer specialist, ask a computer vendor or an Internet service provider. Many such establishments offer a service to clean your computer of malware. At the same time, they can give you advice on how to keep your computer secure in the future.

What to do if

  • …your device is infected with malware? Disconnect the device from the network. Scan the files on your device with updated anti-virus software. If necessary, turn to your Internet service provider or a computer maintenance company for help, who will, if necessary, involve CERT-EE, a department of RIA that handles security incidents, in cleaning your device of the malware.
  • …your device has been invaded and damage has been caused? Turn to an IT specialist and/or your Internet service provider. You should contact the Cybercrime Department of the Police and Border Guard Board at cybercrime@politsei.ee if major damage has been inflicted.

Last amended: 15-02-2017 00:00 | Compiled by: Estonian Information System Authority