Monday, October 20, 2014

Ten Safe Computing Tips

1) Do not install anything you don't absolutely need

  • The more useless junk you install, the slower your computer gets!
  • If you must install something, install from a reputable source. For example, if you want to install Adobe Reader, install it from adobe.com, not from any other site.
  • Be very suspicious of "free" software. Such software may be ad driven (i.e. pops up ads on your computer) or may track activity on your computer. At best, the site may gather and sell your information as marketing intelligence. At worst, a malicious hacker might use this information to learn more about you.
  • Pay close attention to all installation options as you install any software, even from a reputable company. Read carefully what is about to be installed on your computer. Instead of simply choosing "Default (or Express/Common)" installation option, choose "Custom".  As you install, look for "options" that are pre-checked such as "Make search engine X the default" or make "Site Y my home page" or "Send diagnostic data to Z". Be sure to un-check all options you don't need or understand.
  • Web-based applications are a good alternative to installing software on your local drive but be sure to use applications from reputable sites (such as Google docs and sheets or Microsoft 360).

2) Secure your computer

  • Set a login password for your computer. This is the least you can do. This is your first line of defense, if you lose or misplace your computer.
  • Keep your computer updated with security updates. For example, Microsoft updates Windows Defender frequently to guard against the latest malware. Make sure you get these updates.
  • Do use the built-in security of your operating system. For example, in Windows make sure you have the Windows Defender and Windows Firewall turned on. You may want to install a dedicated virus protection software but bear in mind that such software may slow down your computer.
  • Secure your computer with a physical lock (such as a cable lock for your laptop).

3) Use a strong password, do not use the same password for multiple websites

  • Longer the password, the better. Use a phrase you can remember as a password.
  • Don't use the same password for multiple sites. If one password is leaked, a hacker can use that password to access your confidential information on other sites.

4) Do not store unencrypted passwords on your computer

  • Do not store passwords in clear text or in a Word document on your computer. Use a program such as KeePass to save passwords in encrypted form.
  • In addition, you may want to store your encrypted KeePass file containing passwords in Dropbox, SkyDrive, or Google Drive. That way your passwords are backed up (in encrypted form) and you can access them from multiple devices. (KeePass is available on multiple devices.)

5) Do not communicate passwords or social security number through email

  • Email is not secure; information present in an email can be stolen in transit. 
  • In addition, copies of email are stored on email servers for a long time. If an email account is comprised, you don't want your passwords or social security number to be compromised as well.

6) Do not store unencrypted personal information in the Cloud

  • You do not know where your data will end up once you upload it to the Cloud (e.g. Dropbox, Google Drive, iCloud, or Sky Drive). Do not store unencrypted confidential information in the Cloud.
  • You can zip and encrypt sensitive files with a program such as 7-Zip before storing them in the Cloud.
  • Store personal information (such as Social Security number, Driver License Number, etc.) in an encrypted form using a program such as KeePass. The encrypted file containing personal information can then be stored in the Cloud (See the advice in item 4).
  • MS Word and Excel documents that contain confidential information (such as list of financial assets or account numbers) should be secured with a password (MS Office allows you to set a password for a document or spreadsheet). You should store document or spreadsheet passwords in KeePass so you don't forget them one year from now.

7) Browse the Web cautiously

  • When you visit a site, ensure you are visiting a legitimate site. Look in the Url box. If you are intending to visit your Wells Fargo banking site, the Url box must say wellsfargo.com. Look closely at the spelling of the Url. In addition, make sure there is a green padlock icon in the Url box. This padlock indicates that the communication between your computer and the website is encrypted.
  • When you visit a website, that website can leave behind bits of tracking information called cookies. Cookies have legitimate uses but some of the sites use these cookies to track your activity and sell the marketing intelligence they glean from your activity. Don't visit or linger on a website you don't trust.
  • Some sites have big, flashy buttons that invite you to install "free" games or productivity software or offer free virus scan of your computer. Others offer to make your computer faster by running diagnostics. Don't do it. Trust reputable websites only. If uncertain, go to google.com and type in a search term to do your own investigation first, for example, type: Is abc free game malware

8) Control your digital footprint

  • Do you run around the mall blurting out personal information, what you like or dislike, where you have been or where you are planning to visit? Incredibly, people have no qualms about putting such information on the Internet where 8 billion people can access it.
  • Do you really need to sign up for that many social networking sites? The more information you divulge about yourself online, the more information about you is available to bad guys.
  • Whatever you put out on the Internet lives on forever and may come back to haunt you when you apply for your dream job or college admission.
  • There are, of course, good reasons to have presence on the Web such as a professional blog to promote your expertise in a certain area.

9) Be wary of clicking any link in an email

  • As a general rule, do not click links sent to you in an email. This is perhaps the most common way in which bad guys try to steal your personal information by misdirecting you to a malicious website.
  • Instead, start the Web browser and go to the website directly. For example, let's say you receive an email that says you have received money in your PayPal account: Click here to see your new balance. Do not click the link. Instead, start the Web browser, type in paypal.com in the Url box and log into PayPal to check your balance.

10) Be alert when using your computer in public places

  • When using your computer in public, look who is behind you, next to you. Is someone watching as you type in your password?
  • If possible, do not visit your banking or financial sites in public places. Even from a distance, a bad guy can see which bank site you are visiting (and thus know where you bank) and can use that information to do harm. 
  • Do not use public computers (libraries, hotels, airports) to access your personal information (banking, email, etc.). If you must, make sure to uncheck the box on the login screen that says "Remember Me" or "Sign me in automatically". When done, explicitly log out of the account. To be sure not to leave any personal information behind, you may want to clear the browser cache and cookies after you are done using the computer (this option is in browser Settings in Chrome and File | Tools | Options in IE). Then, close all browser windows.
Posted by at
Labels: