I was in Starbucks the other day and overheard a local computer tech helping someone with reinstalling windows on their notebook, the tech left and I started a conversation with him giving him some advice around making a good backup of the computer after he had finished so if something were to happen he would be able to make a quick recovery next time. That may not sound like security advice but it really was often the act of protecting data is done to protect our time and resources, if he had a backup of his new computer he would not have had to take the computer to a shop, spend his money on the time of the computer tech, wait in Starbucks whilst windows reinstalled onto a new hard drive.
Here is the collection of advice I wish I could have also given him but just did not have the time to, this is also advice I give to family members, coworkers, and people like you who stumble across my website.
A. Securing Online Accounts
- Use a password manager and avoid reusing passwords across sites like the plague, side not it is the plague. Lastpass is a great starting point don’t forget your master password. If you don’t like the idea of storing your passwords online keepass is a good option, so is password safe by Bruce Schneier.
- Enable 2nd factor authentication on all your accounts including your password manager if your using an online one.
- Setup haveibeenpwned.com for the email account/s you use.
- Recognize the human error factor, humans make mistakes, when your using the web make sure your using an adblocker to avoid malicious advertisements that might lead you to a spoofed site. Ublock origin is great for this. Using a 3rd party DNS is also a great help using quad9 or OpenDNS Greatly increases your security at no cost and is fairly easy to setup.
B. Securing Personal Computers
- Don’t use an admin account for every day computing this applies to mac, linux and windows no exceptions. Follow the Principle of least privilege.
- Data security is just as important as account security in most cases, having backups is the best way to secure your data from accidental deletion, loss, and ransomware. Veeam endpoint free is free and does a great job backing up your entire system.
- Run a up to date version of your operating system and ensure you have security updates installed.
C. Securing Data
- 3-2-1 Backups, If your data is not following 3-2-1 backups it does not exist and likely wont be recoverable if you loose it.
- If your storing sensitive data in the cloud use some form of “pre-internet encryption” for windows and mac and Linux veracrypt is probably the golden standard but there are other encryption tools even having a encrypted zip file is better than nothing. Note: password protected and encrypted are different things.
- If its unimportant data back it up, if its important data back it up again. The number 1 reason important data cant be restored is that someone didn’t think it was important. If you backup everything all the time this is an easy pitfall to avoid.
A note on antivirus: I did not mention antivirus here for the reason that consumer grade antivirus systems seem to change like the wind lately. In general if your looking for an antivirus system I would recommend looking at reviews from IT people as they will spend a lot more time than you can imagine looking at antivirus solutions for their respective companies. Nearing the end of 2017 I have begun to see a rise in malware that exploits antivirus systems to compromise the machine they were designed to protect, in general your best antivirus option is having an up to date computer with the most recent security patches installed and following best practices B.1 is your best bet.
- securityplanner.org is a great site that will walk you threw what you should be aware of.
- digital first aid kit is a great resource for reactionary advice.
- There are a lot of good insights from the Surveillance self defense page at the eff.