Working from home? You'll want to make sure your computer is secure
When I set out to write this post, I was hoping some of my cybersecurity friends would give me some of their hottest tips on how they keep their computers secure.
I didn’t quite get what I expected — but, truthfully, I should have expected what I got.
Basically, most cybersecurity experts don’t want you to know what they do to protect their computers.
Obscurity always assists security.
So said GeistM CTO Michael Sprague, when I asked him a while back.
And he’s right. You shouldn’t share your routine with other people, not even family. Maybe especially not family. The less other people know about how you secure your data and machines, the harder it is for others to reverse-engineer access to it.
That doesn’t mean there aren’t some basic things you should do to decrease the chances of being hacked, downloading a virus, or being phished.
Make sure all your software is up-to-date, particularly browser plugins such as Java or Flash (better yet, maybe don’t use Flash, but that’s another issue entirely). You'll want to find a program similar to the now-deprecated Secunia PSI that can help you find programs on your computer that have not been updated. Lots of debate over what platform to use since Flexera shut down Secunia in April 2018.
UC Berkeley’s InfoSec department has that as one of its most important secure computing tips (second only to “everyone’s a target”).
Don’t leave your computer unattended — go to the bathroom while you’re working in the coffee shop? It may seem goofy to do so, but you should take it with you if you’re alone. Bad actors can install malware or keylogging software while you’ve stepped away briefly.
Related: Don’t use other people’s flash drives or other devices to plug into your computer. You don’t know where they’ve been. Just because you practice good computer hygiene doesn’t mean your friends and family do. This even goes for those flash drives you get for free at conferences. Shout out to Cisco for the advice.
Good tips from Secureworks include:
If you have a Mac, make a user account that is not an admin account where you do the majority of your web browsing and other work. Just use the admin account for installing or updating software or other administrative functions. If someone gains access to your computer through your web browsing, it’s easier for them to wreak havoc if that’s done on an account that is the admin for the computer
If you’re on Windows, encrypt your computer with Bitlocker or a third-party application that will make it harder for hackers to get your information.
My tidbit (also available from most tips lists):
Don’t use public wi-fi hotspots unless you have a VPN. Most public wifi is insecure and easy for hackers to get into your computer or accounts. If you have to use public wi-fi, make sure you have a VPN installed and turned on. Frankly, you’re better off if you just carry your own hotspot and never sign on to any wi-fi.
I’m not even going to remind you not to click on links from strangers who email you claiming to have a bunch of money they want to give to you for no apparent reason.
One piece of advice Michael was willing to offer: Back your machine up regularly and store it offline. If your machine becomes irrevocably sick, you can destroy it and get a new one. This is, obviously, a worst-case scenario. But if it’s become infected to such a degree that it can’t be fixed, there’s not much else you can do. And at least you’ll have a safe copy of what was on there, hmm?
I published an earlier version of this post on Medium.
