Personal Computer Security Guidelines
Computer security is becoming more important all the time. United States' businesses spend over $300 million annually to prevent hacking. $13-15 billion dollars are spent annually by United States' businesses cleaning up after cyber crimes. More than 62,000 viruses exist today. If you want some more frightening statistics: over 600,000 web pages about hacking are in existence, 48,000 of those have tools you can download. Many of these tools don’t require any real expertise to use.
We are attempting to provide a baseline set of resources and guidelines that can be implemented by you with as little difficulty and expense as possible. This is not meant be a complete solution for all of your computer's security needs. The following measures are not the electronic equivalent of time-lock safes, motion detectors, and armed guards, but are comparable to "locking your doors and windows before you go to bed at night." These measures are listed in order of importance. We do not intend to advertise or guarantee any upgrade to or modification of any hardware product or software package.
Any data that you consider valuable should have a reasonably up-to-date copy (also known as a backup) stored somewhere other than your computer's hard drive. Copying your important files to a USB drive or a cloud storage provider such as Dropbox or Google Drive would be good enough for most home computers.
A patch is software that fixes a bug in a program. Having your system properly patched is the single most effective thing you can do to increase the security of your computer. Patches are released frequently and should be kept current.
Operating System patches
For most computers, you can select Windows Update from the Start Menu or Settings Menu. Modern operating system have an automatic update function. Make sure it is enabled. Consult your operating system vendor for details.
Browser, email, and virus protection applications publish patches on a regular basis. Many of these have an automatic update function. Contact the software vendor for details. Updating Java and Flash are critical as these are the most often exploited apps. Update items in the Apple App store, Google Play store, and other vendor application repositories.
Virus protection software attempts to keep malicious code from running on your computer. Having virus protection software installed and updated is the second most important step you can take to protect your personal computer.
Encryption makes it more difficult for unauthorized persons to read the data you send and receive from or store on your computer. Make sure your browser has 128-bit encryption installed and TLS version 1.1 and 1.2 are enabled before shopping or banking online. Consult your browser vendor to determine the strength of your encryption. Make sure the site is using encryption. Look for the closed lock on your browser before you enter any sensitive data or passwords on a web site. If you have files with sensitive data, consider encrypting the files.
A firewall is a device or program that attempts to prevent access to a computer system or network from outside of that system or network. If you have a Broadband connection such as cable modem or DSL, it is strongly recommended that you have some sort of software or hardware firewall installed. Most modern operating systems and home networking devices have firewall software installed. Make sure it is enabled and configured properly.
You should never share your password with anyone else. Any default passwords or passwords received via email should be changed, especially passwords for administrator accounts. Good passwords are long -- the longer the better. Also it should contain upper and lower case letters, numbers, and symbols and are something you can remember. Bad passwords are words found in dictionaries, alphabetical or numerical sequences, or keyboard sequences. Other bad passwords are easily guessable or learnable information. MiraCosta College's Required and Recommended password criteria is also available for review.
Effective Password examples
- High school locker combination: 42r-36L-7r
- ATM pin number inserted in a word: Do#7942g
- First letter in each word of a phrase: E2b&E2r=hww (early 2 bed & early 2 rise...)
- A very long phrase (4 or more words): trytoguessthisone!
Bad Password examples
- None: [Enter]
- Numerical sequence: 5678910
- Keyboard sequence: qwerty
- Name of you, your spouse, your kid, or your pet: bob
- Dictionary word: password
Unless you are expecting an attachment, don't open it. Even if the email is seemingly from a trusted source such as a bank or a good friend. As a simple check, you can send the person a message to confirm if they really sent you the email with an attachment(s).
The term 'spyware' can be applied to other things as well, but for our purposes it is malicious software that isn't detected by virus scanners. In some cases spyware is nearly impossible to remove. The best way to avoid spyware is not to install software unless you are sure that it doesn't have spyware bundled with it. This can be complicated due to the sophisticated nature of modern spyware. There is more information available in the links below, but much can be gained by maintaining a skeptical attitude towards software. If you are not 100% sure that you should install that 'nifty' software, don't do it. If you do have spyware, there are programs available that can remove most spyware (see the Links section below.)
- Phish is spam email that is “fishing” for information such as your logon name and password.
- Phish might insist you take some sort of action or there will be a consequence, such as your password expired, some sort of upgrade, your account being disabled or similar.
- Phish may appear to come from people and organizations you trust.
- It will most often include a link for you to click. Usually, the link takes you to a form where it would like you to enter your name and password which are then sent to criminals where your identity may be stolen and malicious email will be sent from your account.
- If you are unsure whether or not the message is legitimate, either delete the message or open a helpdesk ticket.
- If you fall prey to phish by giving up your name and password, it is important you change your password right away. Please call our helpdesk at 760-795-6850.
Other Precautions -- more things you can do to improve your security
Consider Email Public and Instant Messaging. Any email sent to or received from an external (non-MiraCosta) address is transmitted in clear text and could potentially be intercepted in transit.
Wireless Networks. Unless you are using WPA2 and the latest firmware on your access point(s), wireless networks are difficult to properly secure. Unless you're sure you've properly secured your wireless network. limit your exposure by leaving your wireless router off when not in use and consider anything transmitted without end to end encryption public. Make sure to change the default password to you wireless access point and disable management over WiFi.
Review you Web Browser's security and privacy settings.
Turn Off Unused Services. Any operating system services or other programs that aren't needed should not be running. This not only increases your risk but may impact performance as well. NOTE: Use caution when turning off services. Some services are required for your computer to operate.
Use a Surge Protector or UPS. You can avoid damage to your computer equipment by plugging it in to a surge protector. A UPS (Uninterruptible Power Supply) will use batteries to keep your computer running during a short power outage. The cost of a UPS isn't normally worthwhile for a home computer, but it is an option to consider.
For more in-depth information, please see US CERT's Tips web page.
- Good Security Habits
- Understanding Anti-Virus Software
- Check SSL/TLS Capabilities of Your Browser
- Understanding Firewalls
- Choosing and Protecting Passwords
- Avoiding Social Engineering and Phishing Attacks
- Securing Wireless Networks
- Evaluating Your Web Browser's Security Settings