Safe computer use is a compromise between convenience and security, depending on how far you want to go with it and how much inconvenience you are willing to tolerate. According to my IT guy (thank you, Dave!), the best thing for you to do is to use Linux. But if you use Mac or Windows, then read on.
While security on your mobile devices is important, we’re just focusing on your main computer here. After (1) physically keeping your computer safe, the next safety concerns are dangers from: (2) Weak passwords, (3) Viruses, (4) Malware and scam attempts via email and texts, and (5) Lax web browser settings.
1. Physical security
Whether for a laptop or an external drive, the first concern is physical security: make sure nobody can pick them up and walk off with them. And in case they do, use strong passwords to lock them. That said, if someone steals your computer, even if they are not able to log in, they can just take the hard drive out and copy the data. To protect against that you would need to encrypt your hard drive, but this may slow down your general use of the computer so is probably overkill. Unless you are storing the nation’s nuclear warhead codes it’s probably not worth the hassle it would add to your daily use of the computer.
2. Be a robust password user
Weak passwords are a welcome mat for bad players who want to steal your data.
- Use a different and very robust password for each site or app that requires a password, and never reuse them.
- Your passwords should be so insanely random/long/complex that you will need to store them in a way that will let you copy/paste them. Dave uses an encrypted/password-protected text file, and I use a program called 1Password (here’s a review of 1Password from PC Magazine). There are other password-management software packages out there that are good — just be sure to research your options carefully to make sure the software you select is secure and highly rated.
- Whenever possible, set up 2-factor authorization (2FA). This way, even if a hacker has somehow gotten your password, they might still be stopped from accessing your accounts. Here is more about 2FA.
3. Virus scanning
There was a time when every computer user was told to install a virus scanner, but there are so many protections built into MacOS and Windows these days that this is no longer as robustly encouraged. If you are a Windows user, the built-in Windows Defender software should be sufficient. If you are a Mac user, then I argue no virus scanner is necessary, as MacOS has a pretty good record against viruses and most viruses target Windows.
That said, if you are not on a tight budget and want to install a virus scanner, definitely do it. But whether you use a virus scanner or not, follow safe computing practices as described below.
4. Malware and scams via email and texts
Scams are definitely on the rise, and it’s only vigilance that will keep you safe. These can be extremely serious and can result in completely draining your bank account, or worse. These phishing scams, where the sender pretends to be legitimate but is only a thief, used to be easy to spot, with numerous misspellings, obviously incorrect URLs, and more. But these attempts are getting more and more sophisticated (more on this below), so you should suspect every single email you receive. Here are some general tips:
- Slow down. As you scan your emails, be sure to read each one critically. The more an email tries to make you see it as urgent, the more likely it is a scam. Put another way: Never respond to an urgent email urgently.
- Never click on a link in an email or text. Most scam emails will appear to come from a company you have heard of, like PayPal, Netflix, Amazon, etc. In most scam emails, depending on the features of your email software, you can hover over a link with your cursor (don’t click!) to see the URL behind it. For a simple example, here’s a screenshot of the link in a scam email claiming to be from Spotify. Note how the text above the link tries to make it urgent, and that the link, when the cursor is hovered over it, is very definitely not to Spotify:
But as obvious as the link is in this example, note that some scammers do a very good job of disguising their links, to the point that even if you hover over a link and it looks okay, it still might not be. So back to the Spotify example, unless you were on the phone with them and were literally just-now waiting for them to send you that email, don’t click the link, even if it looks okay. Put another way: if you did not initiate the communication that led to receiving the email, don’t click it. Instead, if you get an email saying there is something wrong with your account, ignore the email and go log into your account in the normal way and check things out there.
When you get a scam/phishing email, instead of deleting it or adding it to your junk email box, forward it as an attachment to reportphishing@apwg.org. This is the Anti-Phishing Working Group of the US Federal Trade Commission (FTC). They will not go after the scammers, but, as they say on their website, they “…collect, analyze, and exchange lists of verified credential collection sites, like those used in phishing.”
- Never call the phone number in those emails. If you get an email claiming to be from your bank, or Microsoft, or someone else and they claim there is an issue with your account and they give you a phone number to call, DON’T! If you are really unsure if it is fake and want to check, then independently look up the number to call.
- Never reply to the email. Replying to an email, even if to tell them you know they are scammers, is telling them that they have a valid email address to keep trying to scam.
- Never download or open an attachment. It goes without saying that if there is an attachment in the suspicious email, do not download or open it as it is highly likely that this will load malware or something else onto your computer.
Get ready for scams that are harder to spot! Using AI, hackers will be able to send you a phishing email that appears to be from somebody you know and about a subject that you are personally involved with. If you do only one thing discussed in this blog post, never click a link (or open an attachment) in an email or text.
5. Web browser settings for better online safety
After mobile apps, our main connection to the online world is through a web browser, so your browser settings make a big difference to your online safety.
- Encrypted web browsing. All of the major browsers have a setting to enable HTTPS-only mode, which will encrypt your content going to and from your computer. With this setting, even if you are using public web access that a malicious person has hacked into, nobody can steal your info. Here’s an article that goes into detail on how to do this in various browsers.
- Turn on ad-blocking. While not common, these days some web ads can deliver malware just by being displayed. Ad blocking can be done with a browser extensions. Two of the most popular are uBlock Origin and AdBlock, and in fact we suggest avoiding others unless you first do rigorous research, because there are some malicious ad blockers that contain malware. After installing the extension, it should work silently in the background, but some websites don’t like it when you block ads (e.g., YouTube may degrade your video quality if you block ads), so you may have to disable the ad blocker for specific websites.
- Do not let your web browser save passwords. I know it’s convenient to let the sites you visit regularly save your log in passwords, but to have your passwords autofill means if someone steals your computer and is somehow able to login, then they will have easy access to all those accounts.
- Close your browser to reduce cookie vulnerability. If someone hacks into your computer, they will have access to the cookies saved by the websites that you visit, which may have your passwords and other personal information about you and your online activities. Even if your browser provides a plugin or other way to block cookies, some sites may still save what they consider to be required cookies. To really be safe, close your browser at the end of each day. Some sites keep those cookies only until the browser is closed, so rather than accumulating tabs for weeks at a time, close then re-open your browser every day.
Details about cookies: A login session cookie is deposited on your computer when you successfully log in so that a new browser tab can detect its existence and not ask you to log in again. If you tell the website to remember you, the cookie will remain. If you don’t, the cookie might or might not remain on your computer depending on whether the website deposited a temporary cookie or a persistent cookie with an expiration time.
Persistent cookies have an expiration time set by the website, and even if you told the website to remember you, most banking websites set their cookies to expire in a few days or weeks. Non-sensitive cookies are sometimes set to never expire, for example, if you select “dark theme” on the Google search engine preferences, it might leave a permanent cookie that remembers your preference. Those are harmless.
So, the simple guidelines are (1) don’t tell a website to remember you, (2) close the browser when finished using a sensitive website, and (3) set the browser to delete cookies when the browser closes.
To be blunt, there is a legion of bad actors out there trying to get into your accounts, so your vigilance is important. This blog post discusses ways to improve your safety on your computer, but you should also investigate ways to stay safe when using your phone and tablet.