Computer Security Best Practices

This is a concise list of recommended practices to ensure the security of your computer(s).

  1. Use an unprivileged account for normal activities.
    Every system needs at least one administrator account, but that account should not be used for anything other than administrative functions. (By default, the first account created will be an administrator.) Users should normally use an unprivileged (non-administrator) account for most activities. This reduces the potential impact of malware or user error.
    If your current account is an administrator, you can create another administrator account, if necessary, and use that one to downgrade your own account.
     
  2. Give each a user his or her own account.
    If possible, each user should have his or her own account. This reduces the potential impact of user error.
     
  3. Use unique, robust passwords.
    Users should use a robust, unique password for their login accounts. That holds true for all accounts, including web accounts. There really is no good way to do this without using a password manager. I really like 1Password, but LastPass and others offer free versions. Just do it.
     
  4. Enable autolock.
    Users should configure their screensaver to automatically lock after some period of time – 15 minutes at the most – and to require a password to resume activity. This reduces the chances that a passer-by can access the machine. In case the machine is stolen, it prevents easy access.
     
  5. Disable auto-login.
    Configure the machine to require a username and password before gaining access. This prevents a thief from gaining easy access to the machine. (On Windows 10, run the “netplwiz” command to manage this setting.)
     
  6. Enable automatic system updates.
    Configure the system to automatically download and install system and application updates.
     
  7. Turn on the firewall.
    Turn on the firewall. This helps prevent network attacks.
     
  8. Enable full-disk encryption.
    Full-disk encryption (FDE) is recommended if there is any sensitive information contained on the system; otherwise, it may be skipped. In reality, virtually every computer contains some information that you would not want shared with total strangers. Understand that an unencrypted disk can easily be accessed even if the system is not running.
     
  9. Install and automate antivirus software.
    Ensure that the system has antivirus software and that it automatically updates. Windows 10 includes an adequate antivirus package. Even Macs should use antivirus software.
     
  10. Enable device tracking.
    Both Apple and Microsoft provide a free service to locate and optionally lock a stolen computer. This should be used for obvious reasons. Apple uses your iCloud account. For Microsoft, it requires creating and using a Microsoft account; see https://support.microsoft.com/en-us/help/11579/microsoft-account-find-and-lock-lost-windows-device for details.
    This applies to both laptops and desktops; both can be stolen.
     
  11. Configure and maintain automatic backups.
    Backups are essential insurance for many problems. Depending on what the system is used for, either system- or application-level backups, or both, may be needed.
    To be most effective, backups should be performed automatically, without human intervention. It is also important to periodically test backups to make sure that data is, in fact, recoverable – before any disaster strikes.
    It’s also important to ensure that backups are stored separately from the source system; otherwise, a disaster, such as a fire, could destroy both. Online (cloud) backups are an option that should be considered.
     

    1. System-level
      System-level backups make copies of all or a subset of the files on the system. While it’s okay to backup the entire system, the operating system can typically be reinstalled from scratch if necessary; eliminating that from backups can save space, time and cost.
       
    2. Application-specific
      Some applications, especially any that use a database, may have their own backup procedures. Typically, database/application backup files are included as part of a system-level backup.

If you have any comments or suggestions for this post, please comment below.

Leave a Comment

Your email address will not be published. Required fields are marked *