For those of us who have been around computers for decades (I used my first computer in 1976!) there are some things users do to stay secure digitally speaking that seem obvious. But, those things are not necessarily obvious to new users or even those who have been using computers for a while but nobody has mentioned before. So, here are some tips:
1. Keep your system and software updated
Updates fix security vulnerabilities that hackers find and exploit. So, make sure your computer is set to update its operating system automatically. Similarly, antivirus software, web browsers, and all your applications should be regularly checked for updates. Sometimes they do this automatically, but not always. It’s also worth checking your hardware, like printers and routers, for updates to the built-in software that runs those.
2a Use a strong password
It’s important to use strong passwords ones that cannot be easily guessed or generated by software. Do this for all your accounts. There are huge lists of hacked passwords on the internet and software can easily run through simple passwords and find the weak ones.
2b Use a password manager
A good password manager such as 1password or KeePass, can help you generate strong passwords and manage them securely.
2c Don’t use the same password more than once
Don’t use the same password on different sites, if one site is compromised, then your password on those other sites will be compromised too.
2d Use two-factor authentication
Enable two-factor authentication (2FA) on your important accounts (email, banking, social media). With 2FA or MFA, instead of just using your username and password to login, you have to enter a PIN, or one-time passcode, from a trusted device, like your phone, which is sent to you via SMS or from an authenticator app on your phone. Even if a hacker gets your password, they cannot login without the passcode. Make sure you store a 2FA backup code in case you lose your phone.
3. Be wary of phishing attacks, online scams, and dodgy phone calls
Never click a link in an email or open an unknown attachment even if you think you know who it came from. There are lots of ways fake emails, websites, online messages, and even phone callers will try to trick you into entering login and other details into a dodgy site. Be more than cautious of anyone asking or trying to persuade you into giving out a password, PIN, date of birth or other details. Don’t be suckered by con artists and social engineering where someone contacts you and claims to be from Microsoft, Amazon, Google, or IT support etc. Nobody from any company will call you to help with your computer, ever.
4. Install & maintain security software
Windows and other operating systems often have inbuilt antivirus and firewalls, make sure they’re running and kept up to date. There’s generally no need to install a third-party antivirus on Windows computers and it will be set to keep itself updated by default.
5. Backup your important data regularly
Keep a copy of your documents, photos, and other files on an external drive or in cloud storage (Google Drive, OneDrive, Dropbox, iCloud). This means you don’t lose your data if your computer is stolen or fails, or you get snagged by ransomware. Better still, use two external drives and keep one in a different room from your computer and one in a different building, if you can and used cloud storage too.
Bonus tip: Be cautious on public Wi-Fi
Hackers can sometimes intercept your computer or logins if you’re connecting to an unsecured network in a hotel, cafe, or other site. If you’re out and about, use a VPN, like ExpressVPN, to hide your connection. It’s best to avoid logging into banking or sensitive accounts on public Wi-Fi unless you really have to. Even then, there’s always the option of using your phone as a personal hotspot instead of connecting to public Wi-Fi, but remember that will use up your phone data.
It’s worth adding that you might imagine a site to be unimportant and so not worry about 2FA or strong passwords. But, hackers hoping to steal your identity and then gain access to your bank account and other important sites can use tiny pieces of information they glean from hacked logins to your less important sites.
Glossary
Antivirus Software – A program designed to detect, prevent, and remove malicious software (malware) from a computer.
Authentication – The process of verifying a user’s identity before granting access to a system or account.
Authenticator app – A mobile phone app that generates a one-time password or PIN as part of 2FA, that you enter after username and password, as an extra security layer. Google, Authy, MS Authenticator are the well-known ones, but some password managers have an inbuilt authenticator app too.
Backup – A copy of important files stored separately (e.g., on an external drive or in cloud storage) to prevent data loss.
Baiting – Offering something tempting (e.g., a free USB drive infected with malware) to lure victims into compromising security.
Browser – A software application (e.g., Firefox, Chrome, Edge) used to access and navigate the internet.
Cloud Storage – Online storage services (e.g., Google Drive, Dropbox, OneDrive) that allow users to save and access files from any internet-connected device.
Encryption – A security measure that scrambles data so that only authorized users can read it.
Firewall – A security system that monitors and controls incoming and outgoing network traffic to block threats.
Hacker – More properly, a cracker. A person who attempts to gain unauthorized access to systems or data, often for malicious purposes.
Hardware – The physical components of a computer (e.g., motherboard, processor, memory, hard drive).
Malware – Malicious software designed to harm or exploit a computer, including viruses, spyware, and ransomware.
Multi-Factor Authentication (MFA) – A security method requiring multiple verification steps (e.g., password + phone code, and passcode device) to access an account. Banks often enforce username-password login, with 2FA, but also require a one-time passcode from a digital device, like a USB stick or keypad they provide.
Operating System (OS) – The software that manages a computer’s hardware and software (e.g., Windows, macOS, Linux).
Password Manager – A tool that securely stores and generates strong passwords for different accounts.
Phishing – A cyberattack where hackers send fake emails or messages to trick users into revealing sensitive information.
PIN (Personal Identification Number) – A short numeric code used for security (e.g., banking or unlocking devices).
Pretexting – Creating a fabricated scenario (e.g., pretending to be IT support) to trick a victim into providing information.
Public Wi-Fi – Wireless internet networks in public places (e.g., cafes, airports, hotels) that can be insecure.
Ransomware – A type of malware that locks or encrypts a user’s files and demands payment to restore access.
Router/Modem – A hardware device that connects a local network (home or office) to the internet.
Scareware – Displaying fake security alerts to trick users into downloading malicious software.
Social engineering – We used to call this a con, or confidence trick. It’s a manipulation technique that exploits human psychology to trick people into revealing confidential information or taking harmful actions.
Software – Programs and operating systems that run on a computer.
Spam – Unwanted or unsolicited messages, usually advertising or scams, often sent in bulk via email.
Spyware – Malicious software that secretly gathers information about a user’s activities.
Tailgating (Piggybacking) – Physically following an authorized person into a secure area without proper credentials.
Two-factor Authentication (2FA) – A security feature that requires two forms of verification before logging in (e.g., password + SMS code).
Virtual Private Network (VPN) – A service that encrypts internet traffic and hides a user’s location to improve privacy and security.
Vulnerability – A weakness in software or hardware that can be exploited by attackers.
Windows Defender – Microsoft’s built-in security tool that protects against viruses and malware.
Wi-Fi – A wireless network that allows devices to connect to the internet.