Pinterest Stumbleupon Whatsapp
Ads by Google

You have a password and you know how important it is to lock your computer or smartphone. But is it enough? Are you really savvy to the variety of threats that can impact your data security and privacy, or are you just going through the motions just in case you get caught out by scammers?

It isn’t enough to just want to be secure; you have to actively ensure your digital security, day in, day out. Beyond setting passwords and locking devices, you need to ensure that security becomes as instinctive as preparing a meal, driving a car, or even breathing.

The following five security tips will help you to focus on your digital security.

Don’t Lock: Turn it Off!

It’s convenient to lock your computer, isn’t it? Windows users can just tap WINDOWS+L to lock their workstation (one of many useful keyboard shortcuts Windows Shortcuts 101 - The Ultimate Keyboard Shortcut Guide Windows Shortcuts 101 - The Ultimate Keyboard Shortcut Guide With so many shortcuts built into Windows and its software, it might seem impossible to learn them all. Here's the ultimate guide to the most useful keyboard shortcuts. Read More ) and go and fix a cup of tea, or even let the device go to sleep if the power management settings are configured appropriately.

muo-security-5tips-shutdown

However, while your computer remains connected to the Internet, it remains a target from online attackers. While operating systems have protections against unauthorized file installations, browsers that have been compromised through dodgy extensions do not.

Ads by Google

One way to avoid problems is to ensure you shut down your computer when you’re done with it. If you’re concerned about the length of time it takes to restart, don’t be. Windows 8 and later has a faster boot than previous Windows operating systems. (Issues booting can typically be traced to hardware faults or the presence of malware.)

Remember the Principle of Least Privilege

Are you using the administrator account on your computer as your day-to-day login?

Many people do this, and as you might have guessed it isn’t a very good idea at all. Doing so leaves your machine vulnerable to risks and exploits; should you miss something obvious (a fake pop-up informing you of viruses on your PC and insisting you download a removal tool, for instance) or visit a non-secure website, there is scope for remote scripts on that site to cause problems.

muo-security-5tips-admin

Files might be deleted, and drives can be reformatted. A new secret administrative account might even be created without your knowledge, and used by an attacker to monitor your activity, record keystrokes (anti-keylogging tools are available Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools Don't Fall Victim to Keyloggers: Use These Important Anti-Keylogger Tools In cases of online identity theft, keyloggers play one of the most important roles in the actual act of stealing. If you’ve ever had an online account stolen from you - whether it was for... Read More ), steal your data and even your identity. The ultimate malware attack.

Unless you require administrator rights for a particular task (such as installing hardware or software) make sure you’re logging into your computer with a standard user account. Don’t worry about losing the Administrator password through under-use – it can often be recovered Lost Your Windows Administrator Password? Here's How to Fix It Lost Your Windows Administrator Password? Here's How to Fix It You've lost control. All the accounts you can access on your Windows computer aren't Administrator accounts, meaning you're helpless to install software, update drivers or do any kind of administration whatsoever. Don't panic. There are... Read More .

Passwords vs. Passphrases

Over the years you will have been using a password, typically a single dictionary word with one or more numbers or punctuation characters incorporated.

muo-security-5tips-password

Words, however, are not all you have. Instead, consider phrases and short sentences, song titles and lyrics, favourite quotes or even something a child might have said to you. Once you’ve done this, take the first letter (or pair of letters in some cases) from each word in the passphrase and add in numbers where relevant to create your passphrase. This is passwords evolved.

Better still, using this tactic to create your passwords means an end to writing them down – which is a terrible habit to get into.

We’ve given a great deal of advice on the creation of passwords and passphrases over the years. Ryan’s look at creating secure and memorable passphrases How To Create A Safe Password That You Can Actually Remember How To Create A Safe Password That You Can Actually Remember Passwords are a tricky beast. You want a password that you can remember, but you also want to make sure it's secure. How do you find the balance? Read More is a great place to look into this topic in further detail.

Out of Sight, Out of Mind

Where do you keep your hardware when it is not in use?

If you’re based in an office where hot-desking is employed, then your employer or the workspace owner should provide a secure cabinet for your hardware to be stored in. If this isn’t possible, then you’ll need to keep your laptop or tablet in a bag that you keep with you at all times. Secure bags for mobile devices are available – consider them.

muo-security-5tips-locker

Storing hardware in your car should be a last resort. If left in view of anyone looking through the window, it won’t take long for a thief to break the glass and make off with your notebook, smartphone or tablet. Worse still, if you leave it in a parked car for too long on a hot day there is a potential for your portable device to break due to extreme heat.

Avoid leaving your portable hardware unattended anywhere.

Easy Data Encryption

Everyone should use data encryption, and everyone can. From setting up a PIN for your smartphone’s SIM card to creating an encrypted partition on your computer’s HDD TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows Read More the use of encryption will ensure that your data will remains utterly secure.

muo-security-5tips-encryption

Ten years ago, data encryption was niche, available only to those with the technical skills to set it up and implement. Recently, this has changed, with encryption available in the shape of native operating features on phones and desktop computers.

Android, iPhone, Mac OS X, Windows, Windows Phone and Linux users can all encrypt their device storage, either completely or in part (USB drives can also be encrypted How To Password Protect Your USB Sticks: 3 Easy Ways How To Password Protect Your USB Sticks: 3 Easy Ways USB thumb drives are small, portable, and can be read on any device with a USB port. These features make them the perfect vehicles to transport data between computers. Due to their portability, however, they... Read More ). Should these devices be lost or stolen, they will not divulge any data stored on an encrypted partition.

Use these basic but oft-forgotten tips to maintain the security of your hardware and data. If you have any you would like to add to the list, tell me about it in the comments.

Image Credits: Login box via Shutterstock, Password postit via Shutterstock, Locker via Shutterstock, Encryption via Shutterstock, Man pointing via Shutterstock

  1. John P
    April 28, 2015 at 6:52 am

    @Kevin M: Methinks you are confused about security in general and/or Security 101 "best practices". Your "two hole" responses make no sense whatsoever (highly over simplified).
    While I don't necessarily agree with the justification the author provided for turning it off, doing so does provide an additional layer. It does not mean you are already infected. It simply means that a device that is turned off can not be connected to from the outside. Yes, that happens.
    The principle of Least privilege is a well documented and solid layer of security. You seem to have misread or misinterpreted at least some of what the author is suggesting. To increase your understanding of the security "best practice" I recommend the following article. True, it's aimed at the enterprise but it's still good/valuable reading.
    http://www.sans.org/reading-room/whitepapers/bestprac/implementing-privilege-enterprise-1188
    Until such time as you actually understand what you're talking about, probably best to read/research the issue first.
    Note to the author: while I applaud the effort, unfortunately your over-simplification of the situation leaves too much of a gap for misinterpretation. I highly recommend including links/references to applicable definitions or use case examples so people can better understand the topic (they don't have to be PhD level details, but comprehensive enough to provide context etc). My $0.02 CDN for what it's worth.

  2. Kevin M
    April 28, 2015 at 1:28 am

    Two holes in your idea of security...

    Don’t Lock: Turn it Off!: While the computer is setting idle it does not make choices on its own and if someone needs to turn it off to be secure while they are away then they are already infected obviously!

    Remember the Principle of Least Privilege: The idea that using a user account is somehow more secure from those nasty popups is secure how? You mean if I use the non admin login I am not vulnerable to risks and exploits, Say What? WRONG!

    Really everything you listed here is just a stronger illusion of security and regardless what we do we will NEVER be as secure as we should be. I did not feel this article touched on anything relevant to security other than the pass-phrase password idea and to some degree the encryption. All of this makes working with our digital lives harder and take longer to do and for those two reasons alone this topic will go on and on and be ignored by most people.

  3. Jan F.
    April 24, 2015 at 11:48 am

    Regarding the first and the last point (combined):
    Encryption too is most efficient if you shutdown your computer or at least enter hibernation.
    When in standby or sleep, your computer usually does not "lock" the encryption. The drive as well as data in the memory remains unencrypted and therefor vulnerable.

    Also if you are an owner of a laptop that came with a SSD chances are it does support Full Disk Encryption (i.e. Self-Encrypting Drive). It is usually just a matter of setting a hard drive password in the BIOS/UEFI. But that should be detailed in the laptops manual.

    https://www.pugetsystems.com/labs/articles/Introduction-to-Self-Encrypting-Drives-SED-557/

  4. Mandrox
    April 24, 2015 at 1:02 am

    I place a shortcut on my desktop to "disable" and "enable" my internet connection.
    I click to "disable" when I do not need access to the internet.

  5. Hildy J
    April 23, 2015 at 8:43 pm

    Doc points out my pet peeve. The W3C (or some standards body) should develop a minimum standard for password storage by sites. If they don't have the time, I'll propose 16 characters each of which can be any printable EBCDIC character (essentially your keyboard). I am eternally frustrated that my brokerage account doesn't accept any special characters in the password.

  6. Doc
    April 23, 2015 at 4:59 pm

    "Passwords vs. Passphrases" - This is great where there's a decent character limit to the password; my bank's website only allows 8 character passwords! I'm seriously considering changing banks...

    Another problem with passphrases is that they're usually made up of a string of short, common words. Adding spaces, digits, and symbols is required to avoid "dictionary attacks" - and you need more than "l33t sp3@k" (swapping letters for common numbers and symbols, used by teenagers) to avoid this, because hackers know these, too!

    The best password will use a random mixture of uppercase, lowercase, digits, and punctuation, with as many characters as the site will allow. Storing your passwords in a heavily encrypted password manager is the best bet, but don't use one that is known to be hackable (and I don't trust online password storage like 1Password or LastPass; feel free to disagree).

    • Godel
      April 27, 2015 at 11:30 pm

      "my bank’s website only allows 8 character passwords!"

      An interesting test with this kind of restriction is to use the "I've forgotten my password" feature and see if they send you back your original password instead of a temporary placeholder.

      If so, then they're probably storing their passwords unhashed, or even (shudder) in plain text.

    • Christian Cawley
      May 1, 2015 at 5:20 pm

      Shudder indeed! Good tip, Godel

  7. ReadandShare
    April 23, 2015 at 2:21 pm

    I am the sole user of my desktop PC and I give myself admin rights. I also have the UAC set to stop and dim the screen and wait for my approval prior to executing certain functions. Is that good enough??

    • Doc
      April 23, 2015 at 5:00 pm

      I turn off the "screen dimming," myself, but if you're ever asked to approve something by UAC, you're not the "hidden super administrator" - which is perfect.

Leave a Reply

Your email address will not be published. Required fields are marked *