I apologize if this isn’t the best exchange to be asking in, but I’m a little new at this.
Problem: A close relation outside my local area with declining cognitive function is demonstrating increasingly poor infosec practices. I have a plan to try preserver their online freedom while keeping them reasonably safe, but have no idea if it’s any good.
Details: Relation has issue with poor impulse control, and frankly a long unaddressed history of terrible infosec. They have multiple email accounts, some dating back decades, and little to no hesitation about opening extremely questionable attachments. I am aware of at least one successful remote access phishing attack. They are prone to visiting sites that pose security threats.
Devices: The user works mostly on a windows machine,and has an iOS phone. The residence also has an OSx (x86) machine, other iOS devices, and a small number of networked devices. (printer/smart tv/etc.)
My Skill Level: Technically competent w/ limited coding skills, but decent hardware skills. Little to no experience with network management or Linux. I do have an embarrassing abundance of free time at the moment.
Current Plan:
- Toss the users current system after an expert retrieves critical files from it
- Hardware authenticator & password manager
- Purchase a subscription-based anti-virus program
- Implement DNS filtering via PiHole to block malicous IPs
- Setup remote access behind a VPN. (Preferable with a simple hardware switch to start & stop the service that also shoots an sms to me)
- Harden the Pi with something like Tripwire IDS & Rkhunter
- Wipe/factory reset all networked devices to the best of my ability
- Find/implement a method to segregate the users computer from other networked devices
- Attempt* to migrate the user to a new set of email address, or at least retire the most dangerous ones
- Attempt* to revoke the user’s administrative access
- Attempt* to migrate the user’s from windows to OSx or even Chrome OS**
*I say attempt, not due to a lack of technical knowledge, but with regards to user buy-in.
**The user has previously resisted a proposed migration to a chromebook, on the basis they will lose access to excel.
I would greatly appreciate any and all feedback this community could offer. As a novice, I’m well aware I may be missing low hanging fruit or pursuing wildly impractical solutions.