The importance of addressing these suggested tips is dependent on the usage of different platforms. For example, my work platform is Windows 8.1 and some of the tips are addressed. My MacOS isn't used that much, only for business purposes, more of a necessity forced on me by clients since some of them use this platform. As such, I rely on the builtin security protection.
My take on some of the tips...
"Don’t Get Phished" - In another word, don't take the bait. This used to be a good advise, however, it's not that easy nowadays with the prevalence of malwertisement, especially on the Windows platform.
"Use Two-Factor Authentication" - Agree Dave... This is just a pain to implement at home and/or small businesses. On the other hand, it should be a must for financial services access over the web, recommended for cloud based storage and/or critical web based other accounts. Yes, most of them utilize text messages to your cell phone and it is vulnerable to exploits. Not to mention the privacy implications of providing your cell number to the site in question.
"Use Secure Web Browsers" -
Really, is there such a thing? The closest to this requirement is the ToR browser, my standard browser. I only open IE/FF/Safari if and when I need to access financial and other sites.
"Use Strong Passwords" - This is an overkill in my view and unnecessarily complicates the end user's life. As long as one does not use easily guessable password on local systems, that should be just fine. People tend to forget that in order to crack a password, they'd need the password hash. In order to get the password hash, one would need admin/root access to the system and if they have this level of access, cracking is not necessary.
The web based account password isn't much different either. Most places don't encrypt the passwords as we learned in number of cases, when web services had been hacked. And even if they do, they use easily breakable encryption. So other than making it hard for the end users to remember passwords, the strong password really doesn't provide much protection.
"Use a Security Program" - One is not enough for the Windows platform, while one is too much for the MacOS... ;D My Windows systems have 4-5 different security protection and my MacBook has none...
"Use Encrypted Messaging Software" - Encryption is easy... On the other hand, decryption is hard... This is why encryption isn't as prevalent as it should be. I can send anyone an encrypted document and the chances are that the recipient cannot decrypt it. Yes, SSL/TLS makes it easy for over the web connections, but they are also vulnerable to MITM attacks. Then there's the MITB (Man in The Browser) attacks that can circumvent other type of encryption as well. Yeah, encryption isn't that simple...
One tip that I did not see is user accounts on systems. Admin/root accounts should not be used as standard user account for every day's tasks. Any malware getting on the system, where the end user have admin/root access, will be executed at the access level of the logged on user. In another word, the malware will have unlimited access to the system. I am not certain, if there are reports on the impact of this for the MacOS, but there are for the Windows:
http://learn.avecto.com/ms-vulnerabilities-report-14#download-defendpoint-form
The report states that "Of the 240 vulnerabilities in 2014 with a Critical rating, 97% were concluded to be mitigated by removing administrator rights". 'nuf said...
"Use a Land Line" - Um, use what???
;D
