1. Keep it up-to-date
Make sure your operating system is up to date by downloading and installing all available patches. These days, Windows and MacOS can do updates by themselves. That said, it is best to spot-check for pending updates in case something fails to install. On top of updating the core O/S, update software like Outlook, PDF viewer, Word, Firefox, and Chrome since these can be exploited along with the core O/S. Lastly, do not forget plugins for browsers and apps, which are on both main O/S’s.
2. Encrypt sensitive data
Data which is moving around, like emails, can be intercepted or stolen from the receiving end. Smartphones, laptops, tablets, USB devices and SD cards can be lost or stolen easily. At a minimum, all drives should be encrypted, and BitLocker or FileVault for MacOS can do this. If you have sensitive files on your laptop, desktop, Mac Mini, or MacBook, encrypt them one by one as well. This makes it harder for a stolen file to be viewed.
3. Use a user account
This is something I learned in my first real job back in 2004, and it stuck with me. Login as a user account, not an administrator or domain admin. Why? Hand out admin access, and users can install what they want or make malware infections worse. If you need to perform an admin task, login as the admin or do ‘run as’ from within the user session, which saves you logging in and out again.
4. Go beyond standard antimalware
Personally, I feel paying for something gets you more. Free antimalware does have decent ratings at times, and if you are going to use just basic or free antimalware, beef up your security with a basic malicious website blocker like Bitdefender Trafficlight. The latter blocks known malicious websites in your browser and is a sizeable infection vector. Paid products usually include a basic web filter, anti-spam, basic vulnerability scanner, firewall augmentation, anti-exploit and host intrusion prevention module. To know what to buy, look at AV-Test, AV-Comparatives or VB 100 for independent scoring.
5. Secure your Wi-Fi
Securing your W-Fi is not only to stop neighbours or guests from pinching your bandwidth. Once someone is in, they can eavesdrop on your traffic, change your router settings, or frame you. In the 2009 Mumbai terror attacks, a terrorist of LeT sent an email from a poorly secured Wi-Fi network in Mumbai, India. No one fancied the anti-terror squad kicking down their door!
6. Be careful what you open
Email is a sizeable infection vector, and though methods have changed, attackers still use it in a high percentage of cases to get you to enter your credentials on a bogus website or infect your device. Addresses, attachment names, and file extensions are not to be trusted. These days, QR codes are used to bypass file or URL filtering. Email security defences are not 100%, so whatever the contents are, think twice and check with the sender to see if they are real.
7. Be wary of public Wi-Fi
Public Wi-Fi hotspots are often unsecured with no encryption, which means that someone with criminal intent and the right skills could be logging your data as you type or re-directing traffic as you browse. Ideally, try to avoid public Wi-Fi, and if you need to use one, try to find one with encryption. If not, use a full VPN, which is an improvement if not perfect. It is better to use your phone as a hotspot than to use public Wi-Fi at airports, coach stations and cafes.
8. Backup
Countless families wished they backed up their computers after a power surge, ransomware attack, flood or hardware failure. Think of the poor families who lost everything in the Palisades Fire of January 2025 – data loss is not something which is reported much in the media, but I am sure it hit families afterwards. Backups need to consider ransomware which can encrypt backups. It is best to have a backup offline, on-site, and with you.
9. Use two-factor authentication
2FA helps with phishing, password guessing, and password brute forcing. Numerous options exist depending on your risk level and budget. Google or Microsoft Authenticator apps offer a simple and free option. Just scan the QR code presented to you on setup and enter the six-digit ever-changing code when you log in next time. If strength is your aim, use a Yubikey or security key, which is a token with no battery. Such options need to be stolen physically to be used. On top of this, they are harder to capture by phishing attempts.
10. Chose a strong password
The ideal password is long, complex, and easy to remember, but hard to break. Good passwords are often hard to remember, so the examples below may help.
First pick a group of words - perhaps could be a passphrase by itself
|
Take each first character and make a word
|
|
| Add a random word at the end
|
Further strengthen
|
On top of this, pick a username (which these days is your email address) that is not publicly known; i.e. use a different email address for critical logins.