Security Check List for My Rig

I get the following question a lot:  “Adam, what is it that you do to protect yourself in the Cyber World?”  I’ll answer that question, but let’s set the stage.

Back in the early 2000s, MTV had a show called “Pimp my Ride” where a crew of automotive experts, from West Cost Customs, took old cars and trucks, chopped them up and turned them into feasts for the eyes and ears.  An infinite combination of multimedia, lights, speakers, and in some cases, even fish tanks and hot tubs where added to the “Rides” resulting in delighted owners.

When someone asks me “How should I protect myself?” I hear in the back of my head “Adam, please pimp my ride”.  Well just like Xzibit (Host of Pimp My Ride), I must understand what the person asking for my help likes or needs.  

Do you like football and tailgating? Fine, we will put a giant TV in your trunk and a deployable grill on the bumper.  Do you like Star Wars?  Great!  We will turn the inside of your car into the cockpit of the Millennium Falcon.  The more they knew about the person who the car was for, the better their chances of getting the reaction they were looking for: Overwhelming shock and delighted.

The same holds true when talking about Cyber Security.  The more I know about what you plan on doing with your business, the better I can “Pimp your Ride”.  Are you a solo-preneur running your FBA (Fulfilled by Amazon) empire from your laptop?  Great, let’s focus on endpoint defense, automated file backups, and secure authentication to online tools.  Are you a part of a small accountant shop and deal with a bunch of sensitive customer data?  Fantastic, let’s look at enterprise class level backups, rock solid encrypted connections, and secure collaboration tools and file transfer.

The reason we start with a “Tell me about you” session is because, just like with a pimped out ride, the number of options for security is infinite.  There are some common features such as, all cars have wheels, but the things that make the car or business unique, and therefore valuable, are the individual preferences. 

I say all this because I’m going to share with you how I secure my own personal cyber foot print.  There will be things you can take away from my list and use, but you owe it to yourself to talk to a professional who can ask the right questions.  You owe it to you to allow yourself to be delighted.

Here is what I do:

Configure Windows 10 to automatically update.

Most cyber attacks exploit old vulnerabilities.  The big companies fix most of them but they can’t force you to protect yourself.  Remove you out from the picture, endure the annoying “Please wait while Windows installs updates” messages when you are in a hurry.  It’s a small price to pay.

Enable all security settings in Windows.

Your laptop is actually very safe from attack when it’s just sitting there with all the security turned on.   With the out of the box security turned on, the only way the bad guys get in is if you invite them.

Create a user account that doesn’t have Administration rights and only log in with it.

You are going to make a mistake.  You are going to click on something you shouldn’t.  It’s ok.  You are not a bad person.  That being said, if we know this is going to happen, then let’s make sure our computers won’t give us the rights to casually cause mayhem.  Most virus and malware require admin privileges in order to infect your computer.  Normally we are logged into our machines with the first account we create.  This is the admin account.  Use it to create another and only log in with that one.  You’ll get asked if you really want to install XZY software when you click the link in the email.  It gives you a chance to say “Wait, that’s not normal”.

Backup my important files

I treat my laptops as throw away terminals.  I use Google for email (Gmail) and storage (Google Drive).  I have local copies of my documents but Google backs them up constantly.  If I need to change laptops, I just log into Google, download drive, and sync up.  Bam.  This works for me because all my important stuff is in the form of Microsoft Office products (Word, Excel, Power Point) and various PDF documents.  This doesn’t work if you have databases or other complex software you depend on.

Encrypt my hard drive

Microsoft ships Windows 10 with Encryption software called Bitlocker enabled.  I might be able to recover if something happens to my laptop quickly but that doesn’t mean I am OK with people having access to my data.  I look at security as both physical as well as cyber.  It is much more likely that my laptop will be stolen in an airport or I forget it at a bar than someone hacking into my computer from the Web.

Move my important tools to the cloud

100% of my work can be done online.  My tools are all “As A Service”.  Need to create an infographic?  (venngage.com)  Need to check email? (Gmail.com) Need to create a marketing campaign? (Drip.co)  Need to check my CRM? (SalesMana.com)  Need to conduct a cyber security assessment? (Outgrow.co) Need to video conference? (Zoom.co).  If you take away my laptop, I can go anywhere, log into Google, download Chrome, and be back to work in under an hour.

Anti-virus and additional browser defense

I use Avast for Business to handle the commonly known threats.

Use 2 factor authentication

This means that I use a username and password with the addition of some other form of authentication, such as my cell phone.  The reason I do this having that second form of authentication means that if someone gets your username and password they still can’t log into your systems or software.  I use Microsoft Authenticator.  It’s free and easy to setup.

The following infographic is the checklist for what I do.

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in