The first security question to consider is what is being protected?
For a low-risk situation such as when your PC is never in an area where the public or grandkids have access – small, easy or even no logon password may be needed.
Alternatively, if you have confidential data for multiple clients on a laptop which you carry with you wherever you go, the strongest security measures should be considered. Not only passwords but perhaps even data encryption.
If, like most of us, you fall somewhere in the middle with regular use of email, social sites and on-line financial accounts, your security controls should rely on good password strength with regular changes.
Today’s serious attackers have the sophistication to piece together bits of personal information from multiple public internet sources which can be used to trick us into trusting them. Even though this can allow them back-door or forgotten-password recovery without our knowledge, please read below for the real source of the problem.
The breaches of customer computers we most often see at our shop originate at the owner’s keyboard or phone, not from password failure. A malicious link is unintentionally clicked or a phone scammer’s story is believed starting us down the path of allowing them access to our PC. Quite literally we have just invited them in, no password will prevent that. AND, no antivirus will stop it from happening.
It is up to us to exercise due diligence. Practice careful examination before clicking on internet search results (is that really Alaska Airlines?). Within Google’s Search, click on the 3 dots to the right of site names for the full disclosure of site information. Practice minimizing factual disclosures on social media (does that photo show a street name?). Keep our computer’s software up-to-date. Practice regular password changes for our on-line financial accounts. Hang up on scammers. The IRS, Microsoft and Social Security will NOT call you unless you pre-arranged it.
Lastly, call Right On Computers (503-538-0270) and ask us before you click on something.
- Never open an email if you do not recognize the sender – delete the email and then permanently delete the email from your deleted file folder. If you accidentally open the email – NEVER open the attachments. Attachments often carry executable files that will launch a virus.
- Never open an attachment that you are not expecting. Especially anything that comes from a shipper like FedEx.
- If you receive an email with an address from someone you know, but the subject line seems odd, delete the email and then permanently delete the email from your deleted file folder. Many viruses come through high-jacked email addresses.
- If you receive an email from a company that seems on the up and up but you did not solicit information directly from that company – delete the email and then permanently delete the email from your deleted file folder. Again, hackers use well-known company names with an associated bogus website as Trojan horses
- NEVER click on a link in an email unless you are certain that the email is from a current employee and you recognize the file path
- Never forward a suspect email and report all suspect emails to us at email@example.com
- When using the internet, never download, click on any pop up boxes, ads, links or updates (especially driver updates). If you need to update from the Internet, clear with your supervisor/manager first and always cc us at firstname.lastname@example.org.
- If you accidentally open a suspect email or accidentally hit the wrong button on the internet, even if it seems harmless, shut your computer off and communicate the situation to us immediately to 503-538-0270
- Execute a monthly virus scan. An example, this week, upon scanning a shop computer, a new virus popped up from an OLD email.
- Always keep company files in network drives
- When your computer is unattended, always hit Ctrl-Alt-Delete to ensure no-one can access your computer. We frequently have suppliers, maintenance, sales people, etc. on the company premises. Each employee is charged with ensuring no-one has access to their computers. It is unbelievably easy for someone to access an unprotected computer and copy/steal confidential contents.
- Lastly, our computers are a window into our intellectual property; the very thing that ensures we all stay employed. Treat your computer like the precious asset it is.
The “DARK WEB”
Although the AARP article below is over a year old and therefore somewhat dated, security experts agree that many of its points are relevant now and will remain so into the future.
- Our identity information is likely already for sale on the “dark web”
- Just like wearing seat belts in a car, it is up to the internet user to exercise due diligence
- Account passwords are essential but not infallible
We agree with the recent PC Magazine article about the anti-virus protection built in to Windows 10. And, Max Pc’s February 2021 article below compared Windows Defender to a respected (BitDefender) paid for AV and Avira’s free version. The conclusion remains the same: