A protocol for keeping safe in an age where virtually nothing is safe

Thomas Zucker-ScharffSolution Guide
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.
Edited by: Andrew Leniart
Due to recent circumstances, my siblings and I started speaking about ways to keep safer.  The steps we came up with are delineated here.  I hope this helps others prepare themselves for a world we should never have had to prepare for.

Due to the age we live in, where the internet is a dangerous place and identities are for sale, we need to take extra precautions in everything we do.  There are several categories of things that can immediately be tackled.  And there are a bunch of things you should always do.

A year ago, I wrote this article about a true horror story my mother encountered when she received a call supposedly from Apple support.  Unfortunately, it has happened again.  So I started speaking with my siblings and my brother made some excellent suggestions.  One of them was to create a protocol for what to do with stuff, computer and otherwise, just in case the primary person was not available.

Before I get started, I think it is important to restate what is obvious to some of us but not so obvious to others.  I have been cleaning malware from computers for too many years to count.  When I do it nowadays, I always tell the end user the same thing when I am done.  The only safe computer is one that has hardened cement inside it and the only clean computer is one that has never been infected and never been connected to the internet (and even then there is a question).  So is your computer clean after I am finished with it, yes and no.  It is clean enough to use for most things, but don't do anything financial on it.  I wouldn't put any PII (personally identifiable information) on it either.

Above all, since we seem to keep so much of our lives on our electronic devices, protect yourself from yourself by putting some type of warning system on your device.  Something that will warn you if you have encountered malware.  Since I am most familiar with the Windows operating system, I can say what I use on that.  I use HitmanPro.Alert (predecessor to InterceptX by Sophos) and WAR (Winpatrol AntiRansomware from BillP studios). Between these two, I have either been informed of or stopped from doing many dubious things.

I can't possibly address everything in one article, so I won't try.  Suffice it to say that this is only an outline of the basics.  I will be both adding and subtracting from this as I go along.

The  Plan

There are several categories we can easily address (they are Bolded and CAPITALIZED).  Here are a few of the basic categories and a little information on each one.

photo of credit card


Before reacting, think carefully and ask yourself the simple question, "Do I actually NEED every credit card I carry?" I know I don't, if you do not, then, by getting rid of a single credit card you are shrinking the threat landscape that an outside perpetrator can use against you.  This includes any cards you no longer use.   You could probably combine some cards as well - ones that are used for the same or similar purpose.  DO NOT forget to completely destroy the old cards and cancel the accounts!  (Someone is going to get mad at me for that one)

clipart of women paying bills


In many families, including my own, one person takes the responsibility of paying the bills.  If the relationship is a long one and the same arrangement continues, there may come a time when the other partner would feel completely lost if they had to step in to pay the bills.  This is a problem.  If the responsible party is laid up for a couple of days, everything can go to hell-in-a-handbasket, so to speak.  So what can you do?  Start simply.  Ask and answer the following questions:

  1. Are any bills paid automatically? If so, which ones? How are they paid? (through which apps)
  2. How do you log onto the website where you pay bills? Or how do you use a program that pays the bills?
  3. Do you have a binder which has a list of all bills that need to be paid? If not, why not?
  4. Try putting together a list of bills that need to be paid each month.  Put down the amount if it stays the same (like car payments or mortgage payments).  Try to put all autopay items together (like in PayPal) and list the rest separately.

Mostly non-billing questions:

  1. If you use a password manager, do you have the master password listed somewhere?
  2. If you use bio-metrics like fingerprint scanners, or eye pupil readers where do you store the alternate way to login in? 
  3. If you have app security or app passwords, where are they stored?

password image


For some time now I have been writing about passwords and passphrases.  I posted this piece on my work webpage: http://www.einstein.yu.edu/centers/cancer/default.aspx?id=39576.  The most common recommendation is to use either a long and complicated password - which includes numbers, symbols, lowercase, and uppercase characters - (not P@$$w0rd or 1234567), or a memorable but extremely long passphrase, preferably without any punctuation.  

It is also recommended that you use a DIFFERENT password/phrase on each and every website you visit and application you use.  The solution that many of us have found to this seemingly inexplicable dilemma is the password manager.   Andrew Leniart wrote an excellent article on review the best password managers here.  It should be noted that NIST guidelines now suggest that requiring users to change passwords often results in easier to guess passwords or, worse, reused passwords.

image of computer with a shield and lock on the screen indicating protection from malware


One of the truly basic things everyone can do is to install and keep up-to-date an AV/AM/AR solution.  There are many out there that do everything.  I won't be recommending one over another, but look and do something.  Doxware is another potentially devastating infection.  In this scenario, the online malware artist will steal documents from your computer before encrypting them and then threaten to publish them online unless you pay a ransom.

image of computer with the word "UPDATE" on the screen and a bar below indicating update progress


Many times the way malware artists find their way into systems is through outdated software.  By keeping all system and non-system software patched and up to date one can lessen the chance of anything untoward happening.

image showing different types of multi-factor authentication


 Wherever and whenever possible use 2FA (two-factor authentication).  This puts an extra layer of protection on the account in question.  Whether the 2FA is by receiving a text using a 2FA app or receiving a phone call does not make a difference.  Whatever you do have backup codes to disable two-factor authentication on all accounts you enable it on and save those codes to a secure location.  Make sure that someone else has access to this location.  It may add an extra layer of complexity as well, but it is worth it.  

image of hands holding up different electronic devices


Use the bio-metrics on your phone to lock it and unlock it.  Most phones require that you enter a password as well in order to use bio-metrics.

8. LEGAL ITEMS YOU SHOULD HAVE IN PLACE - In the USA many states have different laws concerning each of these

  1. A WILL - Most people already have this in place, but it doesn't hurt to repeat it.  Also, you should have a physical copy of this somewhere handy as well as a digital copy if it is securely vaulted (LegalZoom does secure vaulting)
  2. Any trust or trusts should be revisited and re attested (are they still needed?)
  3. Put a living will into place if it applies in your area revisit and adjust as needed
  4. Who is your Health Proxy?  Generally, you don't want this person and the person in #5 to be the same, but I am not an attorney.
  5. Put a limited Power of Attorney in place and spell out exactly what you want taken care and what you want to be left alone (like not allowing the sale of a house while someone still resides there is fairly common)

Executing The  Plan

In discussing this with my siblings, we discovered that there is one thing above all that you should do, have a plan A and a plan B and make sure your plan B takes everything into account that plan A did.  Make your plan, whatever it may be, easy to execute so that if anything happens, it is easy to "take the reins" for a couple of days (or however long the need exists).  Like a good backup, this type of plan is no good unless it works, so test it after you have completed it.  Make sure it works, if it doesn't, change it so it does and retest.  Keep changing and retesting until everything works smoothly. (kind of like the Deming principle, kind of ...)

Thomas Zucker-ScharffSolution Guide
Veteran in computer systems, malware removal and ransomware topics.  I have been working in the field since 1985.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.