Simple steps to keep your computer and data secure

In the current crisis you may suddenly be working from home, possibly using a personally-owned computer rather than your employer’s. Here are some simple tips to help keep your computer and data secure.

I originally wrote this a few weeks ago for a friend at Awards for Young Musicians, a small charity which supports talented young musicians from low-income families across the UK. If this document is helpful for you, please consider supporting AYM.

1. Keep your computer updated

It is essential that your computer gets updates. If it doesn’t then an attacker can exploit bugs in older software to take over your computer. To check your computer is updating properly see the instructions for Windows or Mac at the bottom of this page.

In addition to getting updates for the operating system you also need to get updates for third-party software. E.g. if you have Adobe Acrobat or Google Chrome on your computer you need updates for them too. Third-party software often has its own mechanism for updates. Chrome installs updates automatically without you even noticing. Adobe Acrobat may prompt you to install an update.

2. Use anti-virus software

Windows has a built-in antivirus programme, Windows Defender. Apple Mac OS X has built-in anti-virus software called XProtect. They are both pretty good – there’s generally no need to pay for extra third-party anti-virus software. Most of the third-party anti-virus software for home users is quite annoying with unnecessary bells and whistles that just get in the way. The built-in anti-virus is quiet, unobtrusive and does a decent job of recognising viruses and stopping them getting onto your computer.

Attackers are increasingly ingenious, and no anti-virus programme is 100% effective. If you are unlucky enough to get a virus or other unwanted programme on your computer you may need further tools to remove it. The free version of Malwarebytes anti-malware is one the best tools for removing viruses.

3. Store your documents somewhere backed up 

You must always ensure that your documents are backed up. If you simply save documents in one place (eg on your computer, or on a USB hard disk) you can lose huge amounts of work if – or rather when - that location breaks. Manually copying documents to a second place occasionally isn’t much better, as your manual backups get out of date very quickly. So don’t rely on manual copies.

Thankfully it’s now easy to make automatic copies of your documents using file sync to the cloud. Ask your employer what you should use for cloud document storage. Many organisations use Microsoft OneDrive (part of Office 365) or Google Drive File Stream (part of GSuite). Both of these automatically sync documents from a special folder on your computer to the cloud, so there is always a second copy of the document.

4. Encrypt the data on your hard disk

Every computer with sensitive data should be encrypted. The huge benefit of encryption is that if you lose the laptop, nobody can access the data stored on it. Once encrypted the only way to access data on it is to enter the password you use to log on (so even you could be locked out if you forget your password).

Modern computers and recent versions of Windows or Apple Max OS software make it easy to encrypt. See the appendix at the bottom of this document.

5. Use good passwords, and consider using a password manager 

Passwords are the biggest weak point in computer security. If someone knows your password they could access your data, send emails which appear to be from you, remove money from your bank account – anything you could do yourself.

A good password should be difficult to guess and not based on a dictionary word. This means it should have a mix of uppercase letters, lower case letters, numbers, and perhaps a symbol too. It should be at minimum 8 characters long, ideally 10 characters or even longer.

The traditional advice is that people should create a different password for every service you need to log in to. People are also told not to write down passwords. But there are now so many things which need a password that you couldn’t remember that many different ones.

One pragmatic solution is to have unique passwords for the most important purposes. For your critical services you should have unique passwords. Start with one password for your employer. Use another password for your personal email. Maybe another password for Facebook. For other, low value things – eg websites you log in to rarely – you could reuse the same password on multiple sites. Just don’t reuse a password for a critical service on a low value service.

A password manager is a tool to store passwords for you. A password manager is an app for your smartphone or computer that stores your passwords in a secure encrypted fashion. To read the passwords you first type in a master password or pass phrase. LastPass and 1Password are two good password managers. Handle your password manager carefully and don’t let other people access it, just as you would keep your wallet securely.

For very high-value services, eg a bank account, you should have more than just a password. Two-factor authentication is the best answer. Two factor means that you need two things to log on – eg you need a password plus your phone, or password plus a bank card.

6. Be aware of scams and attempts to manipulate you

Attackers and scammers use any and every trick to gain access, and sadly some are exploiting the current crisis for their own ends. If a scammer gains control of your computer or password then they could hold all your files to ransom or empty your bank account.

How do you know if something is a scam? It can be difficult to be sure. But here’s two ways to spot them:

1. Be cautious about anything unsolicited and unexpected. If you initiated the contact, the person at the other end is likely to be genuine. If they contacted you, you don’t know who they really are. So be careful with emails, Facebook messages, phone calls, texts or any contact that you didn't expect to get - even if you think you know the sender. 
2. Think again if you’re given a short deadline, or warning that you must act now or something terrible will happen. If anyone tells you that you must act now, then the pressure tactics should ring a warning bell that this is not what it seems. If you have even the slightest doubt about whether something is a scam, then pause for a moment, and ask your IT help desk or another friend or colleague for their thoughts.

Appendix: Instructions for Windows 10

To check you have automatic updates on:

1. Click Start and choose Settings. Choose Update & Security. Selected Advanced Options. 
2. Make sure the various update options are all set to on. In particular “Receive updates for other Microsoft products” and “restart this device as soon as possible” should be set to on.

To encrypt data on your hard disk:

1. Open Windows Control Panel. Type BitLocker into the search box in the upper-right corner, and press Enter.
2. Click Manage BitLocker, and on the next screen click Turn on BitLocker. Follow the instructions on screen. The encryption process takes several hours, and you will need to restart the computer during the process.

Appendix: Instructions for Apple Mac

To check you have automatic updates on:

1. Click the Apple menu, select System Preferences, and click the Software Update icon. 
2. Make sure Automatically keep my Mac up to date is ticked. Click Advanced and make sure that all the suboptions are also ticked.

To encrypt data on your hard disk:

1. Click on the Apple menu and select System Preferences. Select Security & Privacy. Click on the FileVault tab, then click the lock in the bottom left corner of the window. Enter your administrator name and password and click Unlock.
2. Click Turn On FileVault. Follow the instructions on screen. The encryption process takes several hours, but you can still use your computer while it is happening.