Data privacy is a hot-button topic lately, but most people aren’t taking even basic steps to protect themselves.
The good news is that it’s relatively easy to secure your computer and devices, using free tools and a bit of common sense.
We spoke with a handful of privacy experts and put together a list of their top tips for protecting your accounts and devices from malware, viruses and hackers.
Our top tips:
- Keep windows updated
- Updated your software
- Backup your Data
- Use a standard (non-admin) account
- Be careful with executable files
- Get a real-time Antivirus
- Use a firewall
- Secure your wifi
- Use a quality email client with spam filter
- Use a VPN
- Encrypt data at rest
- Use common sense
1. Keep your operating system updated
Operating systems like Windows and Mac OS (to a lesser extent) are major targets for hackers. A feasible exploit in Windows 10 could give a hacker access to billions of PCs worldwide.
And if you’ve been delaying the latest Windows update, you shouldn’t. Sure, there have been some botched updates in the past, but don’t let this dissuade you.
Why do it: The main reason for OS updates is to push fixes for known bugs. Sometimes these flaws are extremely serious, and once made public are easy targets for hackers.
It’s a good idea to just leave auto-update on. Patches will be installed while you sleep and you can rest easy.
2. Keep your software updated
Your OS isn’t the only thing you need to keep updated. Unpatched software and apps can also leave your system vulnerable so it’s a good idea to update to the latest version immediately instead of just dismissing the notification like you usually do. The most important software to keep updated is anything internet connected. This is especially true of browsing plugins like Shockwave/Flash, Java, or your web browser.
Tip: If you use other Microsoft products like Office, it’s a good idea to have the ‘give me updates for other Microsoft Products’ option enabled as well.
3. Use a Backup Solution (just in case)
Despite your best efforts, you still might accidentally install a virus or malware so destructive that you can’t recover your data or figure out how to eliminate the threat.
Life is so much easier when you have a reliable backup solution that makes images of your data at regular (frequent) intervals. If you get hacked, virused, or Microsft’d you can just turn back time and restore your computer to its former glory.
And you don’t need to go out and buy some expensive cloud backup solution or premium software. There are free tools that do a great job. You’ll need an external hard drive though.
Free Backup Solutions (Bundled with OS)
Free Backup Solutions (3rd-party software)
4. Don’t use an Admin account
Stop using an Admin user account as your default profile on your computer. Use a standard user account instead.
This is a simple mistake that almost everyone makes, and making one change can dramatically reduce your risk from malicious files.
Why: When you use an admin account, the OS is always running with full system privileges so if you accidentally click a bad link or run an infected executable, the malware gets admin privileges too.
But if you’re using a standard account, you’ll be prompted for the Admin password every time a program wants to change computer settings. This has helped me avert disaster more than once.
5. Be careful with executables
Don’t go downloading executable files from dodgy sites willy nilly. And definitely don’t run executable files that you get as email attachments. If you’re smart about where you source your software from, you’ll be at lower risk of installing malware yourself.
Pro Tip: When installing software on windows, uncheck ‘Always trust programs from…” You never know when a small software company will get sold to a bad actor and exploit this easy vulnerability .
If you’re not sure whether you can trust a program, run it in a Sandbox and see if it misbehaves. Avast Antivirus pro includes a sandbox that detects malicious behavior. You can also use the included Windows 10 sandbox.
6. Use real-time virus protection
To actually prevent an infection, you need realtime scanning to alert and stop malicious files and links when you’re browsing the web or installing software. Realtime scanning is usually only available in the paid version of Antivirus software such as Avira, Avast and Malwarebytes premium.
7. Use a Firewall
Trojans and viruses are just one of the ways hackers can get at your system. But if you don’t use a firewall, you’re leaving yourself wide open to even easier access.
Your computer connects to websites, apps, and games using TCP and UDP ports. When in active use, it can make dozens or even thousands of connections an hour. If you leave these ports open you’re looking for trouble. Hackers can easily scan the web for any open ports from any IP address.
To protect yourself, use a firewall that monitors your in/out traffic and will alert you or automatically block connections when there is suspicious traffic. Windows firewall is better than nothing but you can also try:
The best Free Firewalls:
8. Secure your wifi
Most of us are guilty of using short, weak wifi passwords. But you really only need to set up your devices once there’s not excuse for sacrificing security. In fact, a noob hacker can sniff your encrypted wifi traffic and crack passwords of up to 9 characters in minutes.
Once someone has your wifi password, they can wreak all kinds of havoc like:
- Download from sketchy websites your IP address
- Sniff your traffic to steal account credentials
- Access your network drives and shared files
So be smart, use strong passwords and make sure it’s at least 12 characters and not a dictionary word.
9. Secure your email
Businesses and freelancers often receive hundreds of email attachments a week and it only takes one mistake to get crypto-jacked. So make sure you use an email client that can weed out most of the dangerous stuff for you.
Gmail does a great job at this and is totally free. You can even use it with your own domain name.
But you can use gmail as the client for almost any POP or IMAP email address, by using gmail aliases.
If you’re not sure about an email: Check the metadata to see if it was really sent from the right domain. Many phishing emails imitate the look of your bank’s mailings but can’t spoof the actual domain.
10. Use a VPN
We use our devices on public networks all the time, often without thinking. But anyone sharing an unsecured network can easily sniff your traffic and pull account passwords from non-https sites.
A VPN encrypts all your internet traffic, even on public networks you don’t control. And that’s just one of the things you can use a vpn for.
11. Encrypt your data
Even if you use a password on your computer, the data on your hard drive may still be unencrypted and vulnerable to anyone with physical access to your drive.
You probably keep all kinds of sensitive documents on your laptop, including medical records, saved passwords, photos, and tax files. And if your laptop gets lost or stolen, whoever finds it can easily extract the files from your hard drive without ever cracking your computer password.
Unless the drive is encrypted.
Fortunately, there are free tools that make this possible for almost any computer.
- Filevault (Mac): Filevault is built into mac OSX, and turning it on enables full disk encryption for your startup drive. You can also encrypt portable drives and USB sticks if you want.
- Bitlocker (Windows): Bitlocker is Microsoft’s disk encryption tool. The good news is it’s totally free. The bad news is it’s only available for Windows 10 Pro users. Anyone windows 10 home is S.O.L. and will need to use a 3rd-party solution.
- Veracrypt: Veracrypt is the most trusted free 3rd-party encryption tool. It is multi-functional and can either create an encrypted volume within a drive or encrypt the entire drive. You can even enable full disk encryption on your system drive. Just make sure you backup your encryption key, because if you forget your password you’ll be locked out of your files for good!
If you’re nervous about full disk encryption (losing your password SUCKS) there are still options.
You can encrypt specific files or folders with tools like 7-Zip or Axecrypt. Alternatively, Veracrypt lets you create encrypted volumes (like a drive within a drive) instead of encrypting the whole disk.
12. Use common sense
You can run all the antivirus and firewall software you want, but if you keep clicking malicious links and installing sketchy files, you’ll eventually get malware (or worse).
So use common sense when you browse the web. If it looks fishy, don’t click the link. It’s not worth it. Be on the lookout for the common types of scams and malicious links.
Check email attachments that look suspicious. Use a sandbox to run apps from unverified sources. Don’t email that Nigerian prince back. Stop connecting to every free wifi network to save a few MB of data.
Did I mention use anti-virus software?
It’s the first, last and best line of defense. Don’t skimp.
Wrapup & Resources
It’s really not that hard to secure your devices online and off. But most people don’t take even the most basic precautions. Go through our checklist above, and you’ll be way ahead of the crowd.
Remember, your security doesn’t have to be flawless, just better than the next guy.
Did we miss any tips? Let us know in the comments.
July 20, 2020
- Added 7-zip and Axecrypt for file encryption