I am going to use this page to keep track of all my security tips so I can have them in one place.
– Run as a Standard User
Create a new Administrator account and then change your regular account to Standard/Limited. Use this Standard account all the time. If you get a popup asking for your Administrator password – that’s a key that something is trying to be installed – don’t do it.
– Use Anti-Virus Software – I just use Microsoft Security Essentials – and keep it updated.
Make sure Windows Update is set to Automatic. Many updates are done at night so make sure you leave your computer on Sunday night.
If you get a popup to update something, rather than clicking on the popup, go to the site and download the update. Clicking on popups is an easy way to have your computer compromised.
Advanced browser features include “click to play” options. Set it up as your default.
Don’t download/open documents from sources you don’t trust.
Use NoScript or something similar in your browser.
Sandboxie – use this program to keep all your Internet behavior boxed up.
Set the browser to “always ask” what to do about things such as PDF files.
– Use an alternative browser like Firefox or Chrome instead of Internet Explorer. I like Chrome since it updates Flash automatically.
– Chrome – check the box to “Check for server certificate revocation.”
– Don’t use Internet Explorer!
Don’t click on links in email 99.9% of the time.
Don’t open up attachments in email.
Have a Gmail account to help filter out spam and have HTTPS.
If you use Yahoo email – change the setting to HTTPS – you have to do this manually.
Only Login to Yahoo from Yahoo.com. Some sites want you to use Yahoo to login to their site. That’s an easy way for bad guys to steal your login credentials. This applies to Facebook etc.
Don’t login to your Yahoo email from work. It can’t be trusted. If it’s infected it will steal your password.
– Use a password manager like LastPass and use its “Generate Secure Password” function – 20 characters.
– Use LastPass Secure Notes for sensitive information.
– Use difficult and long passwords. I prefer 20 character passwords. Length is better than complexity.
– Have a different password for every website.
– Don’t answer Security Questions with commonly known answers. If they ask for your mother’s maiden name – don’t use the one that can be easily looked up on the web. Make up a name. Obviously you need to keep track of those answers – use LastPass.
Don’t put your password on a note on the computer.
Don’t put your credit card information on a sticky note on the computer.
Add your phone number as an extra security measure for your email account.
Always use a router in your home or business.
Setup your router with WPA2 encryption.
Turn off UpnP
Turn off WPS
Change the default Admin sign-in.
Have your firewall turned on.
Backup Your Data -Do a weekly or monthly backup of all your data. It’s best to have at least two backups.
Make sure Microsoft Office is fully patched.
Backup your data locally and in the cloud.Crashplan seems to work fairly well and inexpensively. I use SyncToy to backup data locally.
Cover up your webcam with a sticky note. Here’s a good article from ArsTechnica.com
Don’t use Adobe Reader – try Sumatra PDF.
Get a Gmail email account. It is a bit safer than Yahoo email.
Leave your computer ON Sunday night.This is when the computer is scanned for viruses – Microsoft Security Essentials.
Make sure Flash is updated on a regular basis.
Make sure Microsoft Office is updated regularly.
Don’t use Open/Free Wifi – Starbucks/MacDonalds
Don’t visit “scary” websites.