Essential Security Checklist

(Download Computer Security PDF for detailed instructions.)

Here is a list of the steps you should take to protect your computer and your personal information. If you want more details about any of these steps, or need advice from a small business perspective, please download the full Computer Security PDF document on this site.

Take These Steps NOW!

1) Windows Computers: Run antivirus, antispyware, and a software firewall, (such as Bitdefender’s Internet Security, ESET Internet Security, or McAfee Internet Security.) - Note: On Windows 10: The built-in Microsoft Windows Defender Antivirus is adequate to protect against malware; if you want a free product, then it is already installed on Windows.

2) Mac Computers: Run Mac versions of Antivirus software: Bitdefender, ESET, or Sophos.

3) Encrypt your computer’s hard drive. If your computer is lost or stolen, even when you have a password, it is trivial to get all information on a computer if the disk is not encrypted. Both Windows and Macs have free encryption; just make sure it is turned on.

4) Backup your Data (regularly!) Try the online Acronis, BackBlaze, iDrive, Carbonite, or CrashPlan. Or use external hard drive with Acronis. (Or search online for best online backup solutions.) Encrypt your backups.

5) Patch: Keep your Operating System and other software updated/patched (e.g. install "Windows Update" or “Security Updates”).
- Remove unnecessary software from your computer as it creates security holes. Especially: remove Adobe Flash and Java if you can. If they are absolutely needed, then keep them updated!

6) Use strong passwords for all online accounts (especially financial ones) and
- DON'T use the same password for all your accounts. (See suggestions below for creating strong passwords/passphrases.)
- Use a Password Manager program that encrypts your passwords, such as LastPass, 1Password, Dashlane, RoboForm, or KeePass. Don’t keep passwords in a Word or Excel file!
- Don’t let your web browser store your passwords; these are easy for any hacker to steal! The only place you should store your passwords is in a Password Manager.

- If you leave your computer unattended, make sure to lock your computer or logout of your Password Manager program.

7) Implement Multi-Factor Authentication (MFA) [also called Two-Factor Authentication (2FA)] on all your important accounts!

Other Critical Items

8) Add a hardware firewall for home Internet connection. Change all hardware default passwords.
- If you are especially security conscious, then please see my document on "
Secure Routers for Home and Small Business"

9) Wireless networking: do wireless encryption (WPA2) and change the default password on wireless access point/router at your home or business.
- Consider purchasing a whole-home Wi-Fi solution that has built-in security features (for subscription) such as Netgear's Orbi or Eero's Armor/Parental Controls.

10) Be very careful when using public Wi-Fi; only connect to known providers. You should use a VPN if doing banking, online purchases, downloading software, or sending personal information in a public location.

11) Take care of physical security of devices, especially in public locations. Your computer should have a password, and always lock it when you leave it unattended. (Consider using a physical lock.)

Critical – Beware of Social Engineering

Remember, YOU (your actions) are the most vulnerable aspect of a completely secure computer. :-)

12) Don't open attachments or click on website links in emails from people you don't know! And be cautious about email attachments & website links from people you do know, especially if you are not expecting an attachment or the email seems out of place.

13) Understand Phishing and don't fall for it; cyber-criminals are trying to steal your passwords. E.g. your bank will NEVER email you asking for your password!
- The same is true for a random text/SMS message. Don’t click!!
- Never give out a text/SMS "verification code" to anyone! Your bank will not ask you to confirm the numbers they just texted to you!!

14) Don't believe a website pop-up that tells you that you have a virus, an outdated program, and urges to you "click here" to scan/clean/update. Use your already-installed, trusted antivirus program.

Be Smart Online - Other Important Security Considerations

15) The most vulnerable program on your computer, even for Macs, is your web browser. Consider using a script blocking program: Google’s Chrome with uBlock Origin or Firefox with the NoScript plug-in.
- Don’t let your web browser store your passwords; these are easy for any hacker to steal! Use a Password Manager.

16) Consider the answers you use to password recovery services (i.e. "Forgot your password?"). Consider "lying" for any site that does NOT need to know that truth! :-) (Just remember your fake answers; store them in your encrypted Password Manager.)

17) Only make online purchases from reputable sites (usually providing a phone number) and that offer purchases with "https". Use Credit Card or PayPal or digital payment methods (e.g. Apple Pay or Google Pay), not a Debit Card, for all online purchases.

Protect your Children (and other Loved-Ones) - Online Accountability

18) Children are vulnerable, and their innocence may lead them to give out personal info online to those seeking to harm them. Furthermore, we all need protection from the dark side of the Internet. Follow the steps recommended below to be aware of your kids' online actions, especially on social networking sites like Facebook.

Further Suggested Measures - These may make your life easier!

19) Don't forward "urgent/important" emails without first verify the information, e.g. at www.truthorfiction.com  

20) Protect your computer and electronic equipment from electrical problems.

21) Recycle your computer the right way, deleting all personal information first.

22) Protect any sensitive data you keep on flash drives, external hard drives, or backups - encrypt it.

23) Special considerations for traveling with a laptop or tablet.

24) Consider signing up for an Identity Theft Protection service.