There are a few things that are guaranteed to keep your computer and data safe. Don't connect to a network – ever. Keep the machine physically secure in a lead-lined room. Remove the hard drive and store it in a safe. Glue up the USB ports and pull out the DVD drive. Keep the keyboard locked in a drawer. Guard the room with dragons. The PC itself should be kept behind the starting defensive line-up of the 1976 Pittsburgh Steelers.
Most of us, however – those who consider PCs necessary, and unconnected PCs pointless – strive to find a balance of utility, convenience, and safety.
Of course, there are simply loads of computer users out there, connected to one another via the Internet and local networks. In this article, we’ve highlighted some different types of users and examined their security needs – although it wouldn't hurt anyone to read through all the sections.
We have tips for less experienced users (and the ITProPortal readers who offer them technical support), and for people who need to share files, giving others access to their hard drives. We’ve got tips for parents, whose children may be savvier users than they are, but who know that kids tend to be less concerned about security.
We’ve also written sections for online gamers, and for Mac users, whose systems are inherently more secure than those of PC users – and who can be frightfully careless as a result. Finally, because any type of user can own a laptop, we’ll finish with some tips for people whose PCs are definitely not kept in lead-lined rooms guarded by linebackers.
Tips for newbies
Some security rules don't change. Here are our basic, don't-go-online-without-them tips:
Use strong passwords for your operating system, email, and all online accounts.
A strong password:
- Is eight or more characters long
- Contains a mix of letters, numbers, and symbols
- Is not the name of your dog or cat
- Contains words not found in the dictionary
For more detailed tips on passwords, see our article on making sure your passwords are up to scratch.
Keep your system patched – let your operating system and apps update themselves regularly.
Disable file and printer sharing – unless you know you’ll need this, of course. To do so, in Windows XP, open Network Connections from the Control Panel. Right click on the connection and choose Properties. In the resulting dialog box, uncheck the box labelled File and Printer Sharing for Microsoft Networks.
In Vista, right click on the Network icon in the system tray or open Network and Sharing Centre from the Control Panel. Under Sharing and Discovery, choose Off for File sharing or Printer sharing, depending on your needs.
With Windows 8, head to the Control Panel, click on View Network Status and Tasks, and then click Change Advanced Sharing Settings. Under File and Printer Sharing, you’ll see the Off button.
Never open email attachments from people you don't know – and always ask and check about attachments you weren't expecting from people you do know. Equally, don't forward email attachments from people you don't know. Attached malware does not pop up and triumphantly announce itself. If you've opened an infected attachment, you won't necessarily know it right away.
Realise that the Internet is a dangerous place. Be suspicious. Don't visit bad neighbourhoods or places claiming to give away things you'd normally have to pay for.
Never give out personally identifying information, or your password, to a stranger (this includes someone claiming to represent tech support).
Make sure that all shopping and banking transactions are SSL encrypted. You should see an icon of a lock in the bottom of your browser window or next to the URL when it comes time to type in your personal and credit card information. Also, the site should be using HTTPS for security (not just plain HTTP at the start of the web address).
Make regular backups of important files and folders. Keep them on an external drive, or for even more safety off-site in the cloud using Google Drive, SkyDrive or similar. (Do note that you keep sensitive files in the cloud at your own risk, of course).
Encrypt important files and folders. We’ve just mentioned sensitive files, and the best thing you can do with these is encrypt them. For more on hiding important data on your PC, see our article here.
Tips for file sharers
Any general security information should include a warning to disable file and printer sharing unless you need them enabled – we’ve just discussed how to do that in the section above. However, for those people who share files within their own networks, here are some precautions to take:
Never share more than you have to. Never, ever share the root directory or the Windows directories.
Start shares when you're going to use them and stop sharing when you're done. You don't leave a door open when you're not walking through it.
Create a restricted account and let other users connect using that username and password. This prevents you from having to give out your username and password, and separates others' privileges from yours.
Give specific users privileges to read, write, or both, on a directory-by-directory, or even file-by-file basis.
Limit the number of simultaneous users allowed to a realistically low number, like one or two.
Peer-to-peer (P2P) sharing
It's none of our business what you download from the Internet, but you should know that while there’s certainly genuine content out there, and plenty of it, there’s also a ton of malware. Also, just as the huge base of Windows users makes that platform particularly ripe for attack, the large "community" of file sharers makes file-sharing environments appealing for exploitation.
The simplest way to stay safe is to not share files with people you don't know. Torrent technology is awesome for wide-scale sharing, of course, but you can also set up torrents for your friends' eyes only. To make a torrent, first package whatever you are sharing into a single directory or archive file. Then, in your Torrent client, click File, and then Create a new torrent (or Make Torrent, or something along those lines depending on your client). Select File or Directory and then browse to the location of the file or directory you would like to share.
From here the options should be clear. Create a private (or non-public, or embedded) tracker, which is intended for people wishing to share with a small group for a short period of time. The embedded tracker URL is http://your_ip_address:port/announce (where “your IP address” is your computer's IP address and the “port” is your P2P software's listening port). Your client will have more specific information available online. You will also have to enable private trackers, which will depend on your client. For example, in uTorrent, the embedded tracker must be enabled by the following process: Click Options, then Preferences, then Advanced, and then set bt.enable_tracker to true.
If you must download from an unknown source, be sure to scan the files for malware before viewing or listening to them.
If you try to open a downloaded video and get a prompt that you need to download a proprietary codec from a specific site, don't do it. Delete the file.
Finally, keep your anti-malware and P2P software updated – especially the P2P client, because they tend to need frequent patches to address security vulnerabilities.
Tips for parents
No technology is a substitute for sitting down with your kid and discussing how to browse the web, send IMs, play games, and email safely. Better to explain about the birds and bees – and online predators – than have him or her learn it all anywhere else. These tips assume you're already protecting the PC with a standard security suite.
Create a separate log-on ID for each child. Give the kids restricted privileges.
Get to know parental controls. Windows (from Vista onwards) has had parental control features included in the OS (check under Family Safety in the Control Panel of Windows 8). However, your Internet security suite may well have much more robust parental control features – so be sure to check.
Although it can be daunting, don't neglect web, email, and instant message content filtering. If filtering isn't part of your parental control solution, try OpenDNS, which is free and lets you block sites known to have adult content. Some home broadband routers come with built-in content filtering options. They may be found on the Security tab, under Access Restrictions, or in another section, depending on your exact router. If you can't find them, try your router's help file, or contact the vendor for tech support.
Tips for gamers
If you play online games like Battlefield 4, then you’ll want a security suite that functions well when it comes to gaming. Many suites these days have a “game” mode which suppresses alerts and resource hogging scans while you’re playing, so you don’t get bouts of lag that mess up your perfect kill-shot. Be sure to turn these modes on before you suit up and head online to the battlefield – and equally, to turn them off when the war is won.
Also, be aware that security violations and hacking are on the increase in online games. Avatars and names don't represent actual gamers; just because you're there to have fun doesn't mean you can let your guard down.
Be very careful about the sort of add-ons you download for any online games – and particularly the source you get them from. Some obscure Asian website offering wonderful UI mods for World of Warcraft is best steered clear of – unless you want a keylogger packaged in with your add-on. Download a bad mod, and the next time you log your character on, you might find yourself stark naked in the bank with everything you own having been sold, and all your money nicked.
Tips for Mac users
Contrary to popular belief, Macs are not immune to malware and hacking. Believing that you’re safe with a Mac is a very dangerous view to take – especially seeing as in the past few years, there's been increasing interest in malware targeting Apple Mac users. Fake antivirus programs like Mac Defender, and its variants, were spotted about five years ago. Just in 2012, Mac users were quaking in their boots after the Flashback Trojan appeared to have a huge infection base. There’s an increasing amount of Mac malware out there, so make sure protected and have a good antivirus solution. For more tips, see our article on Mac security and how to protect your data.
Also note that malware isn’t the only threat. Mac users are no more immune than anyone else from social engineering attacks, and they still need to protect themselves from direct attack either over a network or directly from a console. Furthermore, Macs can carry malware that doesn't affect them, spreading it to friends via email attachments.
Finally, remember that Keychain is a great place to store passwords. It's also the first place someone would look if they wanted your password. Open Keychain Access, then press Edit and Change Settings for Keychain. Set an idle timeout to protect your passwords when you walk away, and enable Lock on sleep so that if you suspend the machine and start it up again, your passwords will be safe. Use a different password for Keychain than your account password, so if someone gets one they won't necessarily get both.
Tips for laptop owners
Any one of the types of computer users we’ve mentioned above might own a laptop, and portable computers come with their own set of security issues, because they can easily be lost or stolen. With physical access to a PC, a whole new raft of problems arises. Here are some things you can do to prepare for the worst – namely, your laptop falling into someone else's hands.
Set a system password using your laptop's BIOS. When you boot your PC, you'll see a screen quickly pass by that says something like "For system settings press F2 [or F10 or Delete]." Press the key, then poke around until you find the system password setting. Enable it, then enter and confirm your password. Then save changes and reboot – and don't ever lose that password!
Set a Windows password. Enough said.
Use a cable lock or store your laptop in the safe in your hotel room when it's not on your person.
Keep an eye on your laptop in transit. Don't put the bag down and walk away – always make sure your notebook is with you.
Keep your passwords in your head. Don't write them down on a piece of paper and leave it in a pocket or your laptop bag or – seriously – taped to the laptop itself.
Run tracking software so that if the laptop is stolen and connected to the Internet, it can be retrieved. Some of these programs can wipe the hard drive clean if ordered to do so remotely. For more on this, see: 5 security apps that can help with the recovery of a stolen laptop.