Due to the age we live in, where the internet is a dangerous place and identities are for sale, we need to take extra precautions in everything we do. There are several categories of things that can immediately be tackled. And there are a bunch of things you should always do.
A year ago, I wrote this article about a true horror story my mother encountered when she received a call supposedly from Apple support. Unfortunately, it has happened again. So I started speaking with my siblings and my brother made some excellent suggestions. One of them was to create a protocol for what to do with stuff, computer and otherwise, just in case the primary person was not available.
Before I get started, I think it is important to restate what is obvious to some of us but not so obvious to others. I have been cleaning malware from computers for too many years to count. When I do it nowadays, I always tell the end user the same thing when I am done. The only safe computer is one that has hardened cement inside it and the only clean computer is one that has never been infected and never been connected to the internet (and even then there is a question). So is your computer clean after I am finished with it, yes and no. It is clean enough to use for most things, but don't do anything financial on it. I wouldn't put any PII (personally identifiable information) on it either.
Above all, since we seem to keep so much of our lives on our electronic devices, protect yourself from yourself by putting some type of warning system on your device. Something that will warn you if you have encountered malware. Since I am most familiar with the Windows operating system, I can say what I use on that. I use HitmanPro.Alert (predecessor to InterceptX by Sophos) and WAR (Winpatrol AntiRansomware from BillP studios). Between these two, I have either been informed of or stopped from doing many dubious things.
I can't possibly address everything in one article, so I won't try. Suffice it to say that this is only an outline of the basics. I will be both adding and subtracting from this as I go along.
There are several categories we can easily address (they are Bolded and CAPITALIZED). Here are a few of the basic categories and a little information on each one.
1. CREDIT CARDS
Before reacting, think carefully and ask yourself the simple question, "Do I actually NEED every credit card I carry?" I know I don't, if you do not, then, by getting rid of a single credit card you are shrinking the threat landscape that an outside perpetrator can use against you. This includes any cards you no longer use. You could probably combine some cards as well - ones that are used for the same or similar purpose. DO NOT forget to completely destroy the old cards and cancel the accounts! (Someone is going to get mad at me for that one)
2. BILL PAYING
In many families, including my own, one person takes the responsibility of paying the bills. If the relationship is a long one and the same arrangement continues, there may come a time when the other partner would feel completely lost if they had to step in to pay the bills. This is a problem. If the responsible party is laid up for a couple of days, everything can go to hell-in-a-handbasket, so to speak. So what can you do? Start simply. Ask and answer the following questions:
Mostly non-billing questions:
For some time now I have been writing about passwords and passphrases. I posted this piece on my work webpage: http://www.einstein.yu.edu/centers/cancer/default.aspx?id=39576. The most common recommendation is to use either a long and complicated password - which includes numbers, symbols, lowercase, and uppercase characters - (not P@$$w0rd or 1234567), or a memorable but extremely long passphrase, preferably without any punctuation.
It is also recommended that you use a DIFFERENT password/phrase on each and every website you visit and application you use. The solution that many of us have found to this seemingly inexplicable dilemma is the password manager. Andrew Leniart wrote an excellent article on review the best password managers here. It should be noted that NIST guidelines now suggest that requiring users to change passwords often results in easier to guess passwords or, worse, reused passwords.
One of the truly basic things everyone can do is to install and keep up-to-date an AV/AM/AR solution. There are many out there that do everything. I won't be recommending one over another, but look and do something. Doxware is another potentially devastating infection. In this scenario, the online malware artist will steal documents from your computer before encrypting them and then threaten to publish them online unless you pay a ransom.
5. KEEP ALL OTHER SOFTWARE UP-TO-DATE
Many times the way malware artists find their way into systems is through outdated software. By keeping all system and non-system software patched and up to date one can lessen the chance of anything untoward happening.
6. USE MULTI-FACTOR AUTHENTICATION
Wherever and whenever possible use 2FA (two-factor authentication). This puts an extra layer of protection on the account in question. Whether the 2FA is by receiving a text using a 2FA app or receiving a phone call does not make a difference. Whatever you do have backup codes to disable two-factor authentication on all accounts you enable it on and save those codes to a secure location. Make sure that someone else has access to this location. It may add an extra layer of complexity as well, but it is worth it.
7. PHONES AND OTHER DEVICES
Use the bio-metrics on your phone to lock it and unlock it. Most phones require that you enter a password as well in order to use bio-metrics.
8. LEGAL ITEMS YOU SHOULD HAVE IN PLACE - In the USA many states have different laws concerning each of these
Executing The Plan
In discussing this with my siblings, we discovered that there is one thing above all that you should do, have a plan A and a plan B and make sure your plan B takes everything into account that plan A did. Make your plan, whatever it may be, easy to execute so that if anything happens, it is easy to "take the reins" for a couple of days (or however long the need exists). Like a good backup, this type of plan is no good unless it works, so test it after you have completed it. Make sure it works, if it doesn't, change it so it does and retest. Keep changing and retesting until everything works smoothly. (kind of like the Deming principle, kind of ...)