The only perfectly secure computer is turned off, disconnected, and kept in a safe. This is true but of no use. If you are looking for something a little more useful, start by considering what kinds of data you are protecting. Most of us are protecting banking, tax and credit card data, medical data, memorabilia such as pictures and movies, and access to the Internet. If you are protecting data more sensitive than that, you probably ought to consider whether this data is appropriate for your personal computer. If there is no choice but to keep that particularly valuable data on a personal computer, you might want to consider keeping that computer off the Internet or use a thumb drive to keep the data isolated when not in use. Along the same lines, I still do not feel comfortable keeping any banking or healthcare data on a mobile phone.
With respect to your personal computer though, the first key to security is to use an operating system that is still being supported by the manufacturer. The continued support allows you access to updates that are essential to long-term security. The same is true for all the other software on your computer – make sure you update everything at least on a monthly basis. Every couple of months you should also figure out if there are new patches for your hardware such as the Basic Input Output System (BIOS), video card, and other network devices such as printers or routers.
Having verified that you are fully up to date on software and hardware, you should ensure that you are not doing your day-to-day business as the administrator of your computer. The administrative account has unlimited access to configure your computer and gives the same rights to the software you run—whether you know it or not. If you hit malware on a website or in an email, that malware runs as administrator if you have that role at the time. I usually set up a new computer as administrator. When I’m done with the configuration, I create a new administrator account and convert the one I used for the setup into a regular user account.
Part of the default installation on computers should be a reputable anti-virus (AV) solution. Reputable basically means a software solution that is well regarded in the technical press and that you pay for. If it isn’t good enough to charge for, you shouldn’t use it. No AV software detects all the malware that is in existence, and they can also be behind the curve in detecting new malware. Nonetheless, it is a critical part of a wholesome security posture.
You should also use a password manager to manage all your passwords as this is critical to good security. Good passwords are nearly impossible to remember and having a password manager is a good way to reduce the number of hard passwords you have to remember. In case you forgot, a good password is at least 12 characters and incorporates all four character sets on your keyboard: lower case, upper case, numbers, and special characters in a pattern that appears as close to random as possible. At a minimum, you should use a unique hard password for your administrator account, for your password manager, and for each of your financial accounts and no two of them should be similar or identical. This prevents a hacker from stealing one password and reusing it on a sensitive account. It’s OK to let your browser store your passwords for less sensitive accounts.
Hard disk encryption is a choice. If you have a portable computer that is of enhanced risk of being stolen or lost, you should definitely encrypt the hard drive. If your machine stays in your home and you live in a low-crime neighborhood, encryption might not gain you much in security. As part of your consideration on encryption, consider your back-up strategy. If you encrypt your hard drive but not the back-up of the data it doesn’t make sense as a strategy. The objects you back up should be the things that you most want to keep access to. The operating system on your computer is easily replaced but your financial data and memorabilia might be irreplaceable. Keep in mind that hard drives do fail occasionally and have an average lifetime of about three years. It is possible to copy everything from one functioning hard drive to another, but it might be worthwhile to replace your entire computer as your hard drive gets close to end-of-life. Make sure you have a good back-up strategy if you plan on running your computer until it stops working.
None of the above will render your computer or data perfectly secure. It will take care of some fundamental vulnerabilities and force hackers to use a more sophisticated tool to steal your valuables. Too much of the Internet still uses unencrypted data transmission protocols, and your browser as well as your ISP generally are funded at least in part by selling data about your habits and interests. Understanding this allows you to determine how much you want to allow a networked computer to store data of significant value to you.
Note that I did not tell you “how” to do things. Computers are complex tools and require some measure of understanding to use securely. All of the things I recommend are easily within the capabilities of the average person, but there is a learning curve that people must overcome to achieve elementary security. After all, no computer can be more secure than its user.
Hans Holmer will be presenting a free webinar with ITMPI on June 8! Sign up here: Cybersecurity Fundamentals for Everyone