User Tools

Site Tools


securing_your_computer

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
securing_your_computer [2019/08/04 15:32] – created neilsecuring_your_computer [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 4: Line 4:
  
 She stored personal data, on her shared home computer, with no encryption, on a generic account, and it was accidentally uploaded to a cloud server. She stored personal data, on her shared home computer, with no encryption, on a generic account, and it was accidentally uploaded to a cloud server.
 +
 +====Key points: ====
 +  *[[#Don't share user accounts on your computer|Don't share user accounts on your computer]]
 +  *[[#Use a strong password for your computer account|Use a strong password for your computer account]]
 +  *[[#Enable the firmware password|Enable the firmware password]]
 +  *[[#Turn on disk encryption|Turn on disk encryption]]
 +  *[[#Don't use an administrator account|Don't use an administrator account]]
 +  *[[#Take backups regularly and automatically|Take backups regularly and automatically]]
 +  *[[#Enable your computer's firewall|Enable your computer's firewall]]
  
 ====Don't share user accounts on your computer==== ====Don't share user accounts on your computer====
Line 14: Line 23:
 If the option is open to you financially, it is safer to have physically separate machines. If the option is open to you financially, it is safer to have physically separate machines.
  
-====Use a strong password====+====Don't use an administrator account==== 
 + 
 +Make your everyday user account one without administrator privileges. 
 + 
 +This may mean you need to jump through some extra hoops to install software, but it mitigates the risk of malware. 
 + 
 +Increase your privileges only when you need them (for example, to install software). 
 + 
 +====Use a strong password for your computer account====
 Create a strong, but memorable, password for your account. Create a strong, but memorable, password for your account.
  
 Here's some [[passwords|guidance on passwords]]. Here's some [[passwords|guidance on passwords]].
  
-====Encryption==== +====Enable the firmware password ==== 
-Full disk encryption v file level encryption+ 
 +Some computers will let you set a separate password for their firmware, which is the initial piece of software which runs when you boot your computer. 
 + 
 +Some systems require you to enter this password before every boot, while others only require it if you try to boot from a different device (such as from as USB stick). 
 + 
 +Use a different password to your user account, and make it a [[passwords|strong password]]. 
 + 
 +[[https://support.apple.com/en-us/HT204455|Apple's instructions for macOS]] 
 + 
 +====Turn on disk encryption==== 
 + 
 +If your computer offers disk encryption, turn it on.
  
-====Backups==== +Depending on the software you are using, you may only get the benefit of this when your device is powered off, so turn off your devices (rather than just putting them to sleep) when you are not using them.
-Ensure that you are in control of where your data are residing. Not backing up to a cloud service without you realising it.+
  
-====Don't trust anyone else's USB sticks==== +===FileVault for macOS ===
-If you decide to allow staff to store information on USB sticks - and there may be perfectly good reason for doing so — ensure that they are encrypted.+
  
 +For macOS, this is FileVault. You can turn it on through System Preferences / Security & Privacy / FileVault. 
  
-===Free USB sticks at conferences=== +Make a note of the recovery key which it shows you. Keep this securely in your password manager, or on a piece of paper in a safe. Someone who has access to this password can decrypt your drive, and access the files and other content on it.
-Strongly suggest forbidding any USB sticks given away at events. Nothing found on the ground or in the carpark or â€śleft over” in a meeting room.+
  
-Yes, it might suck to feel that you could be a good Samaritan and return someone’s vital information or backup of family photographs, but you have absolutely no idea as to what is on that memory stick, and there’s a chance, perhaps even a strong chance, that it might be an attack.+===Windows === 
 +BitLocker?
  
-USB sticks might seem like good giveaway items at conferences, but a really bad idea: encourages poor security practice.+====Take backups regularly and automatically==== 
 +[[backups|Here]].
  
-===But it’from my friend…=== +====Enable your computer'firewall ====
-Even if it is coming from your friend, or a trusted colleague, do you know what security they have on their computer? Do you know what state their anti-virus protection is in?+
  
-Get them to transfer you the file some other wayand take precautions when opening it.+If your computer has a firewallswitch it on, and only allow access from sources you trust.
  
 +You could also restrict outbound traffic, but this is more likely to cause you problems.
securing_your_computer.1564932728.txt.gz · Last modified: 2021/07/06 09:26 (external edit)