title: ‘Secure Your Computer’ slug: secure_your_computer
Whether you are setting up a new machine or using your day-to-day computer, it’s a good idea to check your settings. In this section, we lay out some basics of computer security for both Macs and PCs. This section is broken down by operating system. In later editions, we hope to include sections on Linux, ChromeOs, and more, so stay tuned.
It is good practice to set up different user accounts on your computer. For example, if one of your accounts is compromised by malicious software you can delete it so that it does not spread. This process helps to compartmentalize damage, allowing you to sandbox different activities on your machine. In general, we recommend having an administrator account and several user accounts.
The Administrator account should be used to make large-scale changes, such as installing software or changing important settings. Only you or your organization’s system administrator should have access. You can use another standard account for other everyday actions.
When using the Standard account, your computer will typically request an administrator’s password as a permission when a user attempts to download, add software, or make changes. This approach will allow you to assess the risk.
Once you have set up different accounts it is important to set up strong and different passwords for each account. Many organizations skip this step but a srong password is the first line of defense when protecting your Mac.
Do you know what makes a good password? A good password has to be easy enough for you to remember but also complex enough that it is not easy to guess, particulary when it might be a computer on the other end attempting to make the guess. To be safe here are some good rules for passwords:
- The password should contain around 20 characters.
- The password should combine upper and lowercase characters, numbers, and symbols.
- The password should be unique to your computer and should not use the same password for other accounts.That way if one passphrase is compromised hackers won’t be able to exploit the rest of your accounts because you used your password for all of your online services. A good way to keep track of many unique and complex passwords is to use a password managers like Keepass X, Last Pass, 1password, and Dashlane.
- The password should be kept secret. Do not share your passphrase with anyone unless it is absolutely necessary. And, if you must share a passphrase with a friend, family member or colleague, you should change it to a temporary passphrase first, share that one, then change it back when they are done using it. Often, there are alternatives to sharing a passphrase such as creating a separate account for each individual who needs access.
- The password should be changed at least every three months or more frequently based on your risk assessment.Some people get quite attached to a particular passphrase and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out. Also, if someone is able to use your stolen password to access your information and services without you knowing about it, they will continue to do so until you change the password.
<div class="well none" style="border-radius:0">
<span class="warn-icon"><i class="fa fa-exclamation-triangle" ></i></span> <span class="warn-highlight">WARNING: </span><span class="warn-text" markdown="1">If you did not select strong passwords, you will underride all other efforts to secure your computer. See the Secure Your Identity Password section for what makes a good password on page.</span>
</div>
</div>
Automatic login is the default setting on your computer. However, we highly recommend that you disable it, because anyone who has access to your computer will then be able to access your files. Don’t leave yourself vulnerable, particularly if you work in an open office or in a space where multiple people might access your computer.
You can change this and tell your operating system to display a login screen when you start your computer.
The foundation of protecting the data on your computer is encryption. Encryption protects your mac’s data if it is stolen, seized, or confiscated. Encryption in the simplest of terms means the scrambling of data with complex math. The purpose of encryption is to ensure that only someone who is authorized to access your Mac will be able to read it.
When your computer is encrypted, data is stored in an unreadable jumbled form. If your Mac is stolen, confiscated, or lost, this feature can protect data like your home address, email, bank accounts, communications, and other sensitive data because your phone cannot be used unless the encryption is unscambled by your PIN/Password.
While there are many ways to encrypt your hard drive Apple offers FileVault full disk encryption as an easy option for you to begin encrypting. FileVault can encrypt your entire hard drive using a secure encryption algorithm. 1
With FileVault enabled, as soon as your Mac shuts down, its entire drive and data are scrambled and rendered inaccessible without your password. The drive’s contents only unlock when an authorized user powers up the Mac and logs in. File Vault encryption is an absolutely necessary layer of protection so let’s get started in activating it on your computer!
How comfortable are you with sharing your physical location with different apps? Do you even know which apps are receiving the changing details of your locations? A quick visit to System Preferences can reveal all.
As always, it is important to keep your software up to date to thwart new security threats.
Do you know what the difference is between malware and a virus? Malware is a broad term used to describe all sorts of unwanted or malicious code while computer viruses are a specific type of malware (designed to replicate and spread).Further a lot of people think that because you have a Mac you dont have to worry about Malware or viruses on their computer. We hate to be the bearer of bad news, but that is a myth created by Apple Marketing. Mac’s do get Malware and so you have to be careful and protect yourself
Now here is no silver bullet to protect yourself from these attacks so what we recommend is to install one security tool (like Bitdefender, McAfee or Norton) that scans for as much as possible, and that has an on-access scanning engine that protects you from threats while you surf the web, install applications, and open files. Then, install another anti-malware tool (like Malwarebytes Anti-Malware) that you can occasionally use on demand to make sure nothing got through or has been overlooked. With this combination, you’ll protect yourself from as much as possible. Also key to this combination is that you must keep both softwares updated otherwise you will find yourself struggling.
In the end, good browsing habits and common sense should be your first line of defense against malware, spyware, and viruses. However, we recommend running a good security suite in the background and an on-demand malware tool to cover everything else. That way you’re always protected, and you can scan your system for malware whenever you want to.
It is good practice to set up different user accounts on your computer. For example, if one of your accounts is compromised by malicious software you can delete it so that it does not spread. This process helps to compartmentalize damage, allowing you to sandbox different activities on your machine. In general we recommend having an administrator account and several user accounts.
Windows grants a certain level of rights and privileges depending on what kind of user account you have. You may have a standard user account or an administrator user account.
The Administrator account should be used to make large-scale changes, such as installing software or changing important settings. Only you or your organization’s system administrator should have access. You can use another standard account for other everyday actions.
We recommend using standard accounts for your computer to prevent users from making changes that affect everyone who uses it, such as deleting important Windows files necessary for the operating system.
When using the Standard account, your computer will typically request an administrator’s password as a permission when a user attempts to download, add software, or make changes. This approach will allow you to assess the risk.
If you want to install an application or make security changes, Windows will ask you to provide the credentials for an administrator account.
Once you have set up different accounts it is important to set up strong and different passwords for each account. Many organizations skip this step but a srong password is the first line of defense when protecting your Mac.
Do you know what makes a good password? A good password has to be easy enough for you to remember but also complex enough that it is not easy to guess, particulary when it might be a computer on the other end attempting to make the guess. To be safe here are some good rules for passwords:
- The password should contain around 20 characters.
- The password should combine upper and lowercase characters, numbers, and symbols.
- The password should be unique to your computer and should not use the same password for other accounts.That way if one passphrase is compromised hackers won’t be able to exploit the rest of your accounts because you used your password for all of your online services. A good way to keep track of many unique and complex passwords is to use a password managers like Keepass X, Last Pass, 1password, and Dashlane.
- The password should be kept secret. Do not share your passphrase with anyone unless it is absolutely necessary. And, if you must share a passphrase with a friend, family member or colleague, you should change it to a temporary passphrase first, share that one, then change it back when they are done using it. Often, there are alternatives to sharing a passphrase such as creating a separate account for each individual who needs access.
- The password should be changed at least every three months or more frequently based on your risk assessment.Some people get quite attached to a particular passphrase and never change it. This is a bad idea. The longer you keep one password, the more opportunity others have to figure it out. Also, if someone is able to use your stolen password to access your information and services without you knowing about it, they will continue to do so until you change the password.
<div class="well none" style="border-radius:0">
<span class="warn-icon"><i class="fa fa-exclamation-triangle" ></i></span> <span class="warn-highlight">WARNING: </span><span class="warn-text" markdown="1">If you did not select strong passwords, you will underride all other efforts to secure your computer. See the Secure Your Identity Password section for what makes a good password on page.</span>
</div>
</div>
One important defense for windows users is a Firewall, it is a piece of software and/or hardware that sits between a computer (or local network) and other networks (such as the Internet), controlling the incoming and outgoing network traffic.
Without a firewall, anything can pass through your network. With fairewall, the firewall’s rules determine which traffic is allowed through and which isn’t.
This prevents people on the Internet from connecting to local network services on your computer. It also controls access to network services from other computers on your local network. That’s why you’re asked what type of network it is when you connect to one in Windows. If you connect to a Home network, the firewall will allow access to these services. If you connect to a Public network, the firewall will deny access.
A firewall’s main security purpose for home users is blocking unsolicited incoming network traffic, but firewalls can do much more than that. It can analyze all traffic reaching or leaving the network, making decisions on whether to block it or let it pass. For example, a firewall could also be configured to block certain types of outgoing traffic, it can also log suspicious traffic or all traffic.
Firewalls can be anything from a piece of software running on your laptop (like the firewall included with Windows) to dedicated hardware in a corporate network. Such corporate firewalls could analyze outgoing traffic to ensure no malware was communicating through the network, monitor employee’s Internet use, and filter traffic—for example, a firewall could be configured to only allow web browsing through the firewall, blocking access to other types of applications.
Many users have the tendency to turn off User Account Control (UAC) after installing/reinstalling the Windows operating system. We don’t recommend this. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.
UAC monitors the changes made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for administrator-level permission.
Should your user account be infected with malware, UAC helps you by keeping suspicious programs and activities from making changes in the system.
The first important step is checking whether you have the latest security updates and patches available for your Windows operating system.
To get these security updates automatically, go to Control Panel and check whether automatic updating is enabled. Or, follow the steps below:
After the initial installation of available updates for your Windows operating system, keep the automatic option turned on to download and install important updates that can help protect your computer against new viruses and security threats. It’s essential to install the latest security and stability fixes for your operating system, as hackers always try to benefit from these gaps.
Do you know what the difference is between malware and a virus? Malware is a broad term used to describe all sorts of unwanted or malicious code while computer viruses are a specific type of malware (designed to replicate and spread).
Now here is no silver bullet to protect yourself from these attacks so what we recommend is to install one security tool (like Bitdefender, McAfee or Norton) that scans for as much as possible, and that has an on-access scanning engine that protects you from threats while you surf the web, install applications, and open files. Then, install another anti-malware tool (like Malwarebytes Anti-Malware) that you can occasionally use on demand to make sure nothing got through or has been overlooked. With this combination, you’ll protect yourself from as much as possible. Also key to this combination is that you must keep both softwares updated otherwise you will find yourself struggling.
In the end, good browsing habits and common sense should be your first line of defense against malware, spyware, and viruses. However, we recommend running a good security suite in the background and an on-demand malware tool to cover everything else. That way you’re always protected, and you can scan your system for malware whenever you want to.
The foundation of protecting your computer is encryption. Encryption scrambles your data so that
no one can read its contents unless you have your password. While there are many ways to encrypt your hard drive many new PC’s that ship with Windows 10 will automatically have Device Encryption enabled. This feature was first introduced in Windows 8.1 and comes with specific hardware requirements.
With Windows Device encryption enabled, as soon as your PC shuts down, its entire drive and data are scrambled and rendered inaccessible without your password. The drive’s contents only unlock when an authorized user powers up the PC and logs in.
This feature also has another limitation—it only encrypts your drive if you sign into Windows with a Microsoft account. Your recovery key is then uploaded to Microsoft’s servers. This will help you recover your files if you ever can’t log onto your PC but also allows Microsoft to have access to your content as well . (This is also why the FBI likely isn’t too worried about Window’s Device Encryption, but, for now, we’re just recommending encryption as a means to protect your data from laptop thieves If you’re worried about the NSA, you may want to use a different encryption solution like Veracrypt. We will have a separate unit on Veracrypt in the future so stay tuned.
** PC ENCRYPTION USING VERACRYPT **
VeraCrypt is free software you can use to encrypt a whole disk, as well as a partition on a disk. You can download VeraCrypt from https://veracrypt.codeplex.com/releases/view/629329
Full disk encryption ensures that your whole computer cannot be turned on or accessed without a password. Read on to start using Veracrypt. As always with encryption processes please back up all your data and plug in to be safe.
Create a Virtual Partition with Veracrypt (recommended for beginners)
Here, we will create a Virtual Encrypted Partition—a file on your hard drive that acts as a completely new, encrypted disk. You can think of this partition as a disk with a password—you can store whatever you like in the disk and the password will give it an additional layer of security.
** FULL DISK ENCRYPTION WITH VERACRYPT **
