With more and more people working from home, keeping your personal computer safe and secure is essential. There is always somebody out there that will want to get your information and data. So here are five (5) things to look at to protect your computer when working from home.
It is hard not to be paranoid when it comes to the security of your computer at home. You hear about all the ways that the bad guys can get access to your data. But with a few simple changes, you can harden the security of your personal computer.
E-mail
E-mail is the most popular way for the bad guys to get access to you. They will try and infect your computer with a malicious attachment or get you to go to a compromised website to get your information. Sometimes they just want you to respond to their e-mail with your personal information.
Either way, e-mail is currently the largest source of attacks and scams. But there are some simple things you can do to protect yourself. The first thing you want to look at is how you view your e-mail.
Now e-mail can be written using two (2) different formats: plain text (like in a .TXT file) or HTML (like the code used for websites). Plain text e-mail cannot have any special formatting, but HTML e-mail can.
Just like malicious websites can have hidden code that can download and install malware, adware, and viruses, so can malicious HTML formatted e-mail. There is no difference between the two.
So, just like if you went to a malicious website and viewed an infected web page that had a malware payload inside of it, displaying a malicious HTML formatted e-mail has the same effect.
The best way to avoid downloading the contains of an HTML formatted e-mail is by not using the preview feature in your mail program. Most of them, like Outlook and Thunderbird, can turn off the preview pane. If the HTML formatted e-mail can not be rendered, it cannot execute the code inside.
One thing to remember is that if you do not know or recognize the person or company that sent you a questionable e-mail, just delete it. It is not worth the trouble a malicious e-mail can cause just to see what is in the e-mail.
While on the subject of malicious e-mail, knowing how to spot a piece of junk mail is essential. I go into more detail on how to do it in the following article I wrote a little while back.
How to spot a piece of spam e-mail
There is another option when it comes to e-mail security, and that is using an anti-spam program. Since I get hundreds of e-mail a day, I started using the anti-spam program MailWasher almost two decades ago. It is perfect for getting rid of junk mail.
For more information on MailWasher, check out this article I wrote a couple of years ago. They have a paid version and a free version.
Eliminate spam from your inbox with MailWasher 7.5
Tech scams
Tech scams have seemed to lose there popularly with bad guys. I guess is it because consumers are getting smarter and not falling for them anymore. But you still get them from time to time, so here is a link to an article I wrote about avoiding them.
How to handle a tech scam
The bottom line is, don't give them any information and, whatever you do, do not provide them with access to your computer!
Software updates
Allot of people don't apply updates to Windows and other programs because they are afraid that the upgrades will break the software. Yes, it does happen occasionally, but not regularly.
Sure, I have had my fair share of repairing computers that have experienced a failed update. But more often than not, updates install flawlessly. With all of the testing that software manufacturers do to updates, a failed upgrade is kind of rare.
But recovering from a virus or malware infection that could have been prevented by applying software updates can be expensive. And kind of embarrassing too.
Then there is using an operating system, like Windows XP, Windows Vista, or Windows 7 that has reached its end-of-life and no longer gets security updates. I get the "I just like the way it works" or "My software won't run on the latest version of Windows" arguments.
I have found solutions to those arguments, and many like them. When there is a will, there is a way. But running unpatched software is just way too dangerous. Bite the bullet and apply updates or upgrade your software.
Anti-virus software
This is another piece of software you have to keep an eye on. The biggest problem I encounter is expired anti-virus licenses. A customer will get a new computer with anti-virus software preloaded that has a 30 or 60-day trial license.
When the trial license expires, they just ignore the pop-ups telling them about the expired license. Luckily, Windows 10 has a highly rated anti-virus program (Windows Security) built-in. It will usually take over when a trial anti-virus license expires.
Typically when I set up a new computer for a customer, I ask them what they want to do about anti-virus software. The majority of them tell me to remove the pre-loaded trial version of anti-virus software.
If they don't have a preference for a particular anti-virus program, I have them go to an independent, third-party website like AV Test and check the ratings for the different anti-virus software.
A lot of people are surprised that Microsoft's Windows Defender / Windows Security is rated so high. Microsoft has worked hard over the years to improve its anti-virus software.
Now the cool thing is even if you have installed another companies anti-virus software on Windows 10, Windows Security will see it and set it as the default. But you can still have Windows Security do periodic scans.
Routers
This security tip may or may not affect you. If you lease your router from your Internet Service Provider (ISP), then this topic is not relevant to you. If you own your router, then this will be of interest to you.
Home Internet routers have always been a target for the bad guys. There are two reasons for that: First is the fact that home users don't usually change the default administrative passwords. Luckily, a few years ago, router manufacturers started to install complicated default passwords.
The second reason is that once people set up their routers, they have a tendency not to think about them anymore until something goes wrong. Its as I like to call it, the set it and forget it syndrome.
Just like I discussed updating software earlier in this article, your router also has software that gets updated. It is called firmware, and it is the operating system for your router. Think of it as what Windows is to your computer; the firmware is to your router.
Now the problem is that the firmware in your router does not get automatically updated. You have to do this manually. And sometimes it can be kind of hard to determine what version of firmware your router is running, if there is an updated version of firmware for your router and how to go about upgrading the firmware of your router.
The first place to start is to log into your router and find out what version of firmware it is running. It is usually listed right on the first screen. From there, you go to the manufacturer's website and find the product page for your router. What you are going to need is the manual for your router.
An effortless way to find it is by just searching on Google. Just search for manufacturer model manual, and the product page for your router should be in the top three (3) results. Once you have the manual, you can search it for Firmware Update, and it should explain where to go inside of your router to look for and upload a new version of the firmware.
Now that we have looked at the firmware of the router, let's take a look at the security of your router. The bad guys regularly scan an ISP's range of IP (Internet Protocol) addresses looking for open ports to attack. An IP address is a unique string of numbers that identifies each device on the Internet.
We now want to check and see if your router has any open ports that can be used by the bad guys to gain access to your router or any of the devices inside your network. For this, we want to do an unintrusive scan of all of the service ports on your router.
Gibson Research Corporation has a fantastic tool for doing this called ShieldsUp!. Just go over to the website, and under the Services pull-down, you will find ShieldsUp.
Once you get to the ShieldsUp! page click on the Proceed button. From there, you can select from several different types of scans. I recommend the All Service Ports scan.
Once the scan is complete, the webpage will display the scan results. If you score a perfect rating, you are good to go. If any ports that require attention, the webpage will tell what you need to do.