03 - Welcome to the Matrix!

(12-22-21) Something of a computer-centric update this week, ahead of Christmas. Responding to several folks asking about this and with the continual drumbeat of new threats (echoes of 1984?) and recurring theft of personal and business data, you might find it useful to have some suggestions from many years of industry experience - let me know if you need more!

Backups

Top priority - ensure that you have backups of your critical data and that you are able to recover it; keep in mind that if you have not tested your backup you should consider that you do not really have one. Yes, testing backups is a real pain!

A good starting point is the 3-2-1 strategy. Have at least three copies of your important data on two different backup media with at least one copy somewhere offsite. You can always increment these numbers to make things more resilient. For onsite storage it's a good idea to keep the media in a solid metal safe for protection against fire, theft and electromagnetic attacks.

Important to have the recovery steps written down safely and available in case of need - when trouble hits you will appreciate this advice AND remember test from time to time.

If your data on Social media sites is important, consider getting and keeping a download that is included in your backups from time to time; all the major services have to offer this.

Passwords

Use a password manager - there is no excuse. A good password manager makes it easy to create and use a strong password for every site and application that you use and for all of these to be different; this is important to avoid that compromise of one supplier would expose all your other systems using same password. A good password manager also works on Mobile and Computer browsers and should be accessible securely on all your devices.

Multi-Factor Authentication (MFA)

Just do it - and avoid using SMS for this if possible (risk of SIM swap attack). MFA ensures that someone needs more than just your username and password to log in to your accounts. Consider Time-based One Time Password solutions (TOTP). Be sure that you have backup of this stored safely and it can be useful to have it in several devices

Patching vs Anti-virus

For personal use, the best thing you can do is to ensure that you timely apply vendor patches. It's generally a good idea to wait a couple of days from patch release just in case the patch causes issues but after a week or so, just patch! Both Windows PCs and Macs are decent choices these days as long as you use and do not disable the built-in protections with Mac being slightly easier to keep safe and secure, I think!

I wouldn't recommend antivirus for personal use - other than possible on-demand scans/checks or clean-up if you do get or suspect a malware infection. Windows and MacOS contain pretty good malware protection measures and use of 3rd party products can open up additional risks.

Mobile Phones

Android or Apple/iOS? For most people, Apple is generally simpler and safer but there are trade-offs, including cost! Android systems tend to be slower to get patches and easier for criminals to exploit - if you use one, keep it up to date and avoid unofficial App Stores. An interesting wrinkle here is that the Google Pixel phones are generally patched more quickly and they also allow you to install Privacy Centric operating system in place of Android (eg CalyxOS); with this approach it is possible to "de-google" yourself - not a bad ambition!

Privacy

Be aware that all the cloud-based services and most mobile Apps that you use are tracking what you do and they may well be doing much worse with your data. In theory they need to tell you in Privacy Policy but can anyone read or understand these and you are pretty helpless when these change them unilaterally. So - choose carefully which services you use and minimse unnecessary sharing of data!

That's it!

No one can be told what The Matrix is.
You have to see it for yourself.

Do share this newsletter with any of your friends and family who might be interested.

You can also email me at: LetterFrom@rogerprice.me

💡Enjoy the newsletters in your own language : Dutch, French, German, Serbian, Chinese Traditional & Simplified, Thai and Burmese.