These are the rules for being safe using a Windows computer in 2016.
We are required to be paranoid and vigilant. We run our businesses and manage our personal lives online, and the bad guys are endlessly inventive in their effort to find ways through our defenses.
The consequences are greater if you make a mistake. Adware can take down your computer, and there are more variations on viruses like Cryptolocker that destroy files. It’s hard to protect yourself against hackers that attack large companies (Sony, Target, Home Depot), but it’s up to you to keep the bad guys out of your own computer.
The rules cover these categories:
Computers | Phones & tablets | Online safety
Antivirus programs | Adware
Passwords | Phone scams
Make sure Automatic Updates is turned on in Windows. Control Panel / Windows Update (Windows 7) and Settings / Windows Update (Windows 8) should be set to Install updates automatically. The only exception is in larger companies where updates are controlled by IT. Windows 10 always installs updates automatically.
Install updates to Acrobat, Adobe Reader, Flash, Java, and Quicktime promptly. Each will alert you from the lower right corner. Malware can be installed by poisoned web sites exploiting an out-of-date version of one of these programs.
• The best way to keep up with updates: sign up for the Bruceb Remote Management service.
Never, never, never open email attachments unless you know with 100% certainty that the attachment is something you expected and want to receive.
Back up your computers. Choose a backup strategy, understand how it works, and keep your backups up to date. Windows 8/10 users can use File History. Windows 7 users can use the built-in backup program.
Also back up your computers online. Use Bruceb Cloud Backup or another online backup service in addition to your local backup to an external hard drive. It will be your fallback if Cryptolocker or a similar virus gets on your computer and destroys your files.
If a web site brings something up on your screen that might be malware, turn your computer off with the power button. Get your hands off the mouse and do not click on “OK,” “Cancel,” or the X in the upper right corner! Anything that you click might lower the defenses on the computer and install malware.
Phones & tablets
Set a PIN code, password, or fingerprint authentication to unlock your phone or tablet. Smartphones and tablets are easily misplaced or stolen. Do not keep confidential or privileged information on a mobile device in an unprotected app.
Hover over links in email messages or on web sites to make sure they lead where they appear. The address that appears above the link or at the bottom of the browser window when you hover over a link should look like something you’d expect.
Don’t click on links to web sites unless you know exactly where you’re going. Almost all malware starts from a link to a poisoned web site.
• Don’t click on links that arrive in spam e-mail, instant messages, or that start from an untrustworthy web site.
• Don’t click on links in email messages unless you deeply trust the judgment of the person who sent the message.
• Don’t click on links in forwarded messages.
• Shortened links are frequently used in Twitter, Facebook, blogs, and social networking sites. You can’t tell where they lead by looking at them. Don’t follow them unless you trust the person who created the link.
Just because something is listed in a Google search doesn’t mean it is safe. Make a judgment about where you’re going before you click.
Run antivirus software on your computer. Windows 8/10 have built-in security protection, Windows Defender. Windows 7 users should use Microsoft Security Essentials. There are also security programs from Norton, McAfee, and others, of course, but they are not recommended; most of them are poorly written and cause more problems than they solve. Many IT professionals suggest periodic scans with Malwarebytes as a supplement to Windows Defender/Security Essentials.
Antivirus software will not protect you against malware if you click OK at the wrong time. Use your common sense. Read and think before you click OK.
Know the name of your security software. If you get a “security warning” that does not display the exact name of your security software, it is phony; if you click on anything, you will probably install malware.
Don’t download “free” programs. Adware is distributed with “free” games, PDF programs, media players, and even with quite legitimate utilities like Java and Adobe Reader. Your security program will not stop you from installing adware, but adware can bring down your computer just as thoroughly as malware from bad guys.
Do a custom install of any new program and decline unnecessary extra software. When you’re downloading and installing a program – especially a free program – scrutinize every screen that comes up. Look for checkmarks that can be unchecked. Look for weasel words that might conceal a disclosure that other programs are coming along. Always do a custom install and study the options.
Choose passwords carefully. Your passwords are your defense against identity theft, financial loss, compromised computers, and breaches of confidentiality and privilege. If you use a weak password, or if you use the same password over and over every time something calls for one, you are jeopardizing yourself and your business.
• The best way to manage passwords: use LastPass to create and manage your online passwords. If you’re not already using LastPass, install it only if you are willing to spend time learning about the program and how it works.
Consider using two-factor authentication. Two-factor authentication combines a password and a second check, typically a code sent to your phone in a text message. Many services are adopting two-factor authentication and it drastically improves security. It’s more difficult to use than a simple password, but it’s much less trouble than being hacked.
Microsoft does not call to fix your computer. There is a resurgence of fraudulent phone calls from criminals trying to steal your credit card and install malware on your computer. The scammers play on our fears about online security, just like the poisoned web pages that bring up phony onscreen security warnings. Don’t lower your defenses!
Be careful out there!
(You can download a PDF version of the rules here.)