As a user with access to sensitive corporate or government information at work, you are at risk at home. In order to gain access to information typically housed on protected work networks, cyber adversaries may target you while you are operating on your less secure home network. Don’t be a victim. You can help protect yourself, your family, and your organization by following some common sense guidelines and implementing a few simple mitigations on your home network. Personal Computing Device Recommendations Personal computing devices include desktop computers, laptops, smartphones, and tablets. Because the bulk of your information is stored and accessed via these devices, you need to take special care in securing them. 1. Migrate to a Modern Operating System and Hardware Platform The latest version of any operating system (OS) inevitably contains security features not found in previous versions. Many of these security features are enabled by default and help prevent common attack vectors. In addition, using a 64-bit OS on a 64-bit hardware platform substantially increases the effort for an adversary to obtain privileged access on your computer. 2. Install A Comprehensive Security Suite Install a comprehensive security suite that provides layered defense via anti-virus, anti-phishing, safe browsing, host-based intrusion prevention, and firewall capabilities. In addition, several security suites, such as those from McAfee®[1], Norton®[2], and Symantec®[3], provide access to a cloud-based reputation service for leveraging corporate malware knowledge and history. Be sure to enable the suite’s automatic update service to keep signatures up to date. 3. Limit Use of the Administrator Account In your operating system, the highly-privileged administrator (or root) account has the ability to access any information and change any configuration on your system. Therefore, web or email delivered malware can more effectively compromise your system if executed while you are logged on as an administrator. Create a nonprivileged “user” account for the bulk of your activities including web browsing, e-mail access, and document creation/editing. Only use the privileged administrator account for system reconfigurations and software installations/updates. 4. Use a Web Browser with Sandboxing Capabilities Visiting compromised or malicious web servers is a common attack vector. Consider using one of several currently available web browsers (e.g. ChromeTM[4], Safari®[5]) that provide a sandboxing capability. Sandboxing contains malware during execution, thereby insulating the underlying operating system from exploitation. 5. Use a PDF Reader with Sandboxing Capabilities PDF documents are a popular mechanism for delivering malware. Use one of several commercial or open source PDF readers (e.g. Adobe®[6], Foxit®[7]) that provide sandboxing capabilities and block execution of malicious embedded URLs (website links) within documents. 6. Update Application Software Attackers often exploit vulnerabilities in unpatched, outdated software applications running on your computing device. Enable the auto-update feature for applications that offer this option, and promptly install patches or a new version when pop-up notifications indicate an update is available. Since many applications do not have an automated update feature, use one of several third-party products, such as those from Secunia and eEye Digital Security®[8], which can quickly survey Confidence in Cyberspace May 2014 MIT-005FS-2013 installed software and report which applications are endof-life or need patches or updates. 7. Implement Full Disk Encryption (FDE) on Laptops To prevent data disclosure in the event that a laptop is lost or stolen, implement FDE. Most modern operating systems offer a built-in FDE capability, for example Microsoft’s BitLocker®[9], Apple’s Filevault®[10], or LUKS for Linux. If your OS does not offer FDE, use a third party product. 8. Download Software Only from Trusted Sources To minimize the risk of inadvertently downloading malware, only download software and mobile device apps from reputable sources. On mobile devices, grant apps only those permissions necessary to function, and disable location services when not needed. 9. Secure Mobile Devices Mobile devices such as laptops, smartphones, and tablets pose additional concerns due to their ease of use and portability. To protect against theft of the device and the information on the device, maintain physical control when possible, enable automatic screen locking after a period of inactivity, and use a hard-to-guess password or PIN. If a laptop must be left behind in a hotel room while travelling, power it down and use FDE as discussed above.