With more and more people working from home, keeping your personal computer safe and secure is essential. There is always somebody out there that will want to get your information and data. So here are five (5) things to look at to protect your computer when working from home.

It is hard not to be paranoid when it comes to the security of your computer at home. You hear about all the ways that the bad guys can get access to your data. But with a few simple changes, you can harden the security of your personal computer.

E-mail

E-mail is the most popular way for the bad guys to get access to you. They will try and infect your computer with a malicious attachment or get you to go to a compromised website to get your information. Sometimes they just want you to respond to their e-mail with your personal information.

Either way, e-mail is currently the largest source of attacks and scams. But there are some simple things you can do to protect yourself. The first thing you want to look at is how you view your e-mail.

Now e-mail can be written using two (2) different formats: plain text (like in a .TXT file) or HTML (like the code used for websites). Plain text e-mail cannot have any special formatting, but HTML e-mail can.

Just like malicious websites can have hidden code that can download and install malware, adware, and viruses, so can malicious HTML formatted e-mail. There is no difference between the two.

So, just like if you went to a malicious website and viewed an infected web page that had a malware payload inside of it, displaying a malicious HTML formatted e-mail has the same effect.

The best way to avoid downloading the contains of an HTML formatted e-mail is by not using the preview feature in your mail program. Most of them, like Outlook and Thunderbird, can turn off the preview pane. If the HTML formatted e-mail can not be rendered, it cannot execute the code inside.

One thing to remember is that if you do not know or recognize the person or company that sent you a questionable e-mail, just delete it. It is not worth the trouble a malicious e-mail can cause just to see what is in the e-mail.

While on the subject of malicious e-mail, knowing how to spot a piece of junk mail is essential. I go into more detail on how to do it in the following article I wrote a little while back.

How to spot a piece of spam e-mail

There is another option when it comes to e-mail security, and that is using an anti-spam program. Since I get hundreds of e-mail a day, I started using the anti-spam program MailWasher almost two decades ago. It is perfect for getting rid of junk mail.

For more information on MailWasher, check out this article I wrote a couple of years ago. They have a paid version and a free version.

Eliminate spam from your inbox with MailWasher 7.5

Tech scams

Tech scams have seemed to lose there popularly with bad guys. I guess is it because consumers are getting smarter and not falling for them anymore. But you still get them from time to time, so here is a link to an article I wrote about avoiding them.

How to handle a tech scam

The bottom line is, don't give them any information and, whatever you do, do not provide them with access to your computer!

Software updates

Allot of people don't apply updates to Windows and other programs because they are afraid that the upgrades will break the software. Yes, it does happen occasionally, but not regularly.

Sure, I have had my fair share of repairing computers that have experienced a failed update. But more often than not, updates install flawlessly. With all of the testing that software manufacturers do to updates, a failed upgrade is kind of rare.

But recovering from a virus or malware infection that could have been prevented by applying software updates can be expensive. And kind of embarrassing too.

Then there is using an operating system, like Windows XP, Windows Vista, or Windows 7 that has reached its end-of-life and no longer gets security updates. I get the "I just like the way it works" or "My software won't run on the latest version of Windows" arguments.

I have found solutions to those arguments, and many like them. When there is a will, there is a way. But running unpatched software is just way too dangerous. Bite the bullet and apply updates or upgrade your software.

Anti-virus software

This is another piece of software you have to keep an eye on. The biggest problem I encounter is expired anti-virus licenses. A customer will get a new computer with anti-virus software preloaded that has a 30 or 60-day trial license.

When the trial license expires, they just ignore the pop-ups telling them about the expired license. Luckily, Windows 10 has a highly rated anti-virus program (Windows Security) built-in. It will usually take over when a trial anti-virus license expires.

Typically when I set up a new computer for a customer, I ask them what they want to do about anti-virus software. The majority of them tell me to remove the pre-loaded trial version of anti-virus software.

If they don't have a preference for a particular anti-virus program, I have them go to an independent, third-party website like AV Test and check the ratings for the different anti-virus software.

A lot of people are surprised that Microsoft's Windows Defender / Windows Security is rated so high. Microsoft has worked hard over the years to improve its anti-virus software.

Now the cool thing is even if you have installed another companies anti-virus software on Windows 10, Windows Security will see it and set it as the default. But you can still have Windows Security do periodic scans.

Routers

This security tip may or may not affect you. If you lease your router from your Internet Service Provider (ISP), then this topic is not relevant to you. If you own your router, then this will be of interest to you.

Home Internet routers have always been a target for the bad guys. There are two reasons for that: First is the fact that home users don't usually change the default administrative passwords. Luckily, a few years ago, router manufacturers started to install complicated default passwords.

The second reason is that once people set up their routers, they have a tendency not to think about them anymore until something goes wrong. Its as I like to call it, the set it and forget it syndrome.

Just like I discussed updating software earlier in this article, your router also has software that gets updated. It is called firmware, and it is the operating system for your router. Think of it as what Windows is to your computer; the firmware is to your router.

Now the problem is that the firmware in your router does not get automatically updated. You have to do this manually. And sometimes it can be kind of hard to determine what version of firmware your router is running, if there is an updated version of firmware for your router and how to go about upgrading the firmware of your router.

The first place to start is to log into your router and find out what version of firmware it is running. It is usually listed right on the first screen. From there, you go to the manufacturer's website and find the product page for your router. What you are going to need is the manual for your router.

An effortless way to find it is by just searching on Google. Just search for manufacturer model manual, and the product page for your router should be in the top three (3) results. Once you have the manual, you can search it for Firmware Update, and it should explain where to go inside of your router to look for and upload a new version of the firmware.

Now that we have looked at the firmware of the router, let's take a look at the security of your router. The bad guys regularly scan an ISP's range of IP (Internet Protocol) addresses looking for open ports to attack. An IP address is a unique string of numbers that identifies each device on the Internet.

We now want to check and see if your router has any open ports that can be used by the bad guys to gain access to your router or any of the devices inside your network. For this, we want to do an unintrusive scan of all of the service ports on your router.

Gibson Research Corporation has a fantastic tool for doing this called ShieldsUp!. Just go over to the website, and under the Services pull-down, you will find ShieldsUp.

Once you get to the ShieldsUp! page click on the Proceed button. From there, you can select from several different types of scans. I recommend the All Service Ports scan.

Once the scan is complete, the webpage will display the scan results. If you score a perfect rating, you are good to go. If any ports that require attention, the webpage will tell what you need to do.

It happens to all of us. You get a pop-up on your computer screen or a phone call telling you that your computer is infected. More than likely, it is bogus. So here is how to handle a tech scam.

Tech scams have evolved over the years. They first started as random phone calls, but have quickly progressed to using pop-ups in web browsers. And the one thing they all have in common is that they try to scare you.

Who hasn't gotten a phone call from someone saying they are from Microsoft or Windows Support. At one point in time, I was getting 2-3 per week. But they started to slow down when Microsoft began to prosecute companies for using their company name.

So, then they started to use ads on websites to scare you. Since the majority of ad networks do not actively monitor the ads that get displayed, sneaking in a malicious ad is not that hard.

Now I am talking about ads that open up a new browser tab or window that claims your computer is infected. Some of them will have an animated image that shows files being scanned or even play an audio file saying your computer is infected.

The bottom line is they want to gain access to your computer. If a scammer can get remote access, they can hold your system for ransom. The following is a true story.

A customer called one day, telling me that they had a pop-up appear telling them that their computer was infected. Believing that they were from Microsoft, they called the phone number and gave them access to their computer remotely.

During the remote session, the customer realized it was a scam, hung up the phone and disconnected from the Internet. They then called me. I showed up and started to clean up their computer.

But the first time I restarted their computer, it came up with a system lock. The tech scammers had put a software lock on it to get them to pay to unlock it.

Luckily, I was able to restore the registry from a couple of weeks earlier and got the computer unlocked. But it could have been a whole lot worse.

Now there is one crucial thing you need to remember, Microsoft will never contact you, either by phone or a pop-up web page.

How to handle a telephone tech scam

This scam is easy to spot. The name on the caller id will usually be something simple as Tech Support or something similar. I have even seen scammers use disposable cellular phones that display a name, like Joe Blow.

Now the advice I always give for spam e-mail applies here, if you don't know the person, don't open the e-mail. The same thing applies to phone calls. If you do not recognize the name displayed on the called id, don't answer it. If it is essential, they will leave a message or call back.

If you do happen to answer the call, it is alright to hang up. The scammer cold-called you; you don't have to waste any time talking with them. Now if I'm feeling like having some fun, I'll tell them things like "I don't have a computer", "I don't have Internet access" or my favorite "Which computer are you talking about?".

But if you really want to know if they are bogus, do a search on Google for their phone number. Make sure to use the complete 10-digit phone number; 3 digit area code, 3-digit prefix, and 4-digit line number.

The phone number for a legitimate company will always appear right on top of the search results. You would be amazed at some of the results I have gotten.

How to handle a web-based tech scam

As I talked about earlier, web-based tech scams usually come from third party ads that get displayed on trusted websites. The ads bring up another browser tab or window. And sometimes, they will open a browser in what is called kiosk mode (full screen with no toolbars/title bar and no way of closing them).

Now you can close a browser in kiosk mode by using the keyboard combination Alt + F4 (closes the active window). Or you can close a browser by using Ctrl + Alt + Delete and select Task Manager. Once Task Manager appears, right-click on the browser name (Internet Explorer, Firefox, Chrome, etc.) and select End task.

Of course, if all else fails, you can always turn your computer off. Wait about 15 seconds or so before you start it back up. Once it is booted back up, open the same browser that you had the tech scam appearing.

You should get a warning about how it did not close properly, and it should ask if you want to open the previously opened tabs. Ignore the notice, do not open any of the previous tabs and you should be good to go. You can always run a scan with your anti-virus software to make sure everything is okay.

I get asked quite often why the installed anti-virus program did not stop the web-based tech scam. It is because the fraud was not a virus, just a malicious ad.

The bottom line

I can never say this enough, never give a scammer remote access to your computer! As long as they cannot get inside your computer, they cannot do any harm.

So, what can you? For phone tech scams: Use your caller id to screen incoming phone calls. If you do not recognize the name, let it go to voice mail.

For web-based tech scams: Install an ad blocker in your browser. Adblock Plus is probably the most popular ad blocker. If you encounter a browser page or pop-up that informs you that your computer's security is at risk, close the browser using one of the methods listed above. And whatever you do, never call the phone number shown on the page.

And if you feel like taking it a little further, you can always report the scammers to the FTC (Federal Trade Commission). The FTC has a relatively simple online complaint form. Just make sure you have the company name they used and the phone number they called you with or displayed on your screen.

Federal Trade Commission

FTC Consumer Information on Phone Scams