Home computer protection tips everyone should know

While professionally I only work on business accounts we all have home computers that need attention, many desperately.

Backup and Recovery- Home computer backups are more neglected than that windshield wiper on your car’s rear window. People just don’t think about it and don’t want to pay a huge investment on a computer that “just has a few pictures on it” and “I only use for browsing the internet”. Let’s look at this another way. What if you lost all of your pictures, email and personal documents on that PC. How much stress would that cause you? How many of those pictures are your favorite photo of Gam Gam that passed away, or your kids first day at school, ... While a lot of those memories can be shares on social media or cloud storage such as One Drive many people don’t have another copy. Many online services also limit the amount you can store including cloud backup solutions so read the fine print. I recommend you buy an external USB3 hard drive such as a “Passport Drive” and then download and use the FREE Veeam endpoint protection. You can then backup your computer at your convenience and store that drive in a safe place.

Now let’s have that uncomfortable conversation. If you have anyone working on your computer whether family or business you need to know you have a good tested backup before they start working on it. If you do not, you should have them backup your data and test it if possible before they do anything. Too many times someone will say “I don’t care what is on that computer” then a week later says “I can’t find Gam Gam’s secret pie recipe and that was the only copy we had”. Maybe not that exact scenario, but you get the idea. It is your computer, your data, thus your responsibility to ask those questions and be comfortable with the repair plans. If you ship in your computer for repair expect your operating system to be wiped first with no questions asked.

Security- We will have to break this down into a few separate categories:

Antivirus-

You should always have an active anti-virus program running on your home systems. While you can get antivirus freeware do you really want to trust your data and system to the bare minimum free software. Many of the free versions are restricted to the entry level protection, but to get comprehensive protection you have to pay a few dollars. They hope you will like it at home and then convince the IT guy at work to buy it for the office. I personally recommend Trend Micro’s home suite of products. Trend Micro’s products are relatively inexpensive and depending on the licensing you purchase can include remote support. Their Trend Micro Maximum suite not only has antivirus protection it also has protections for about everything from child controls, website filtering, encryption protection to secure password management. Most home users will be happy with its security and performance. Trend has a suite “Antivirus for Mac” that protects Mac’s as well and yes Mac computers should have antivirus protection too. They have full feature trial versions available for most of their product line.

Encryption-

Most operating systems now include hard drive encryption for free or you can buy a trusted third party tool. Your hard drives should be encrypted to protect your data if your computer is stolen. Print out and store the encryption keys in redundant safe places. Without the proper decryption keys your hard drive and data is safely out of reach of prying eyes. The same holds true especially for USB flash drives. Those are easily misplaced and if they are not encrypted anyone that picks it up in a parking lot, coffee shop, or wherever can plug it in and read it. It just takes a few minutes to turn it on to protect your data.

Passwords-

Do not store important passwords in your email contacts or on a spreadsheet called “passwords”. If your computer is ever compromised, you just gave them the keys to your whole life on a silver platter. Use a password manager with encryption and/or go old school and have a notepad and pen and store that in a safe place at all time. Never on post it notes on your monitor, under your keyboard, or on your desk. Your home computer is likely used to access taxes, credit reports, banking, shopping, and other sites that with the proper password list could cause life as you know it to come to a stressful halt as you fight identity theft and financial ruin. If you do store the data on a spreadsheet make sure it is on an encrypted flash drive with redundant copies and always stored in a safe place. USB flash drives are cheap to purchase and will give you peace of mind.

Data at rest-

So you did your taxes on your computer last year. Is the data still sitting on your computer? What about those emails regarding that refinance that had a copy of your credit report and tax information? If the answer is yes, you need to get that data off of your home PC and onto redundant storage instead. Similar to the passwords above, leaving that data on your PC makes it vulnerable to intrusion. Do your taxes then copy that off to a couple encrypted flash drives. Store one in a safe at home and put the other in another safe location such as a safe deposit box (non-magnetic). That way it is available for you, but not to malicious entities that gain access to your PC. Always encrypt your hard drive see above.

Data in the Cloud

Similar to the data at rest above know that what you store in the cloud is data you or anyone can typically access with a simple username and password. If that password was compromised what information would be exposed. While the cloud is a great way to backup or have redundant copies of day to day data be careful what you put in there. Many cloud services even include wording in the agreement you accepted that you allow them to mine your data for information. That is how they can afford to give you “free storage”. If offered by your cloud provider or any online service you use, always enable two factor authentication. Such as once you input your password you get a text code on your phone. That will help prevent a simple stolen password intrusion.

Unsolicited Pop Ups, Email and Phone calls-

You get a pop up that says you are infected click here or call this number to fix it. (see fake alerts below) Step 1 know your antivirus, know what it’s pop ups look like. Never assume they are legitimate and verify before you click ok or click next. ALT-F4 is your friend and it will close the fake windows safely. If your computer is talking to you, it has not become self-aware it has a virus it is a scam. There has been a rash of these types of attacks. It looks legit you call the number, give them access to your PC. They then tie you up on the line showing you basic computer information and convince you to pay them to fix it while they are stealing your data in the background. If they say “your IP address has been compromised” you are talking to a scammer. If you give them your credit card number to “fix it” they immediately go shopping.

Software companies like Microsoft will not call you at home because you “have illegal software” and must activate over the phone or face jail or stiff penalties. Don’t get me wrong if you are stealing software you will know it and you will have multiple legitimate legal forms of contact to know. You won’t get a random call at home. Same with “you computer has a virus” phone calls. No one will ever call you at home to tell you “your home computer is infected I need access now to fix it.”

Phone call vigilance is important. Just like email can be faked to look like it came from someone else, phone calls can be as well. If a company calls you for any information or verification, I would recommend you get their contact information without sharing yours and then tell them you will call back. Then do your own detective work and go to the company’s website and call those numbers back.

Wireless-

If you are using wireless on your computer, only use the wireless connections you know are secure and trusted. If you go into a coffee shop or the airport or just park in front of a wireless hotspot. Don’t assume your data is secure. As you type accessing websites, typing up an email, or anything related to web traffic your data may be exposes to malicious people monitoring your connection. Use those “free” internet wireless connections as if someone was standing behind you looking over your shoulder, because someone virtually can be. Never do anything financial on a non-trusted non-encrypted connection. Don’t leave your home wireless wide open either or you are inviting spying. Out of the house I would recommend you use either your mobile phones hotspot or a trusted third party VPN solution to encrypt and protect your network data flow and privacy such as NordVPN.

Lost and Found Flash Drives-

You see a flash drive in a parking lot. It’s like finding a $20 bill just lying there winking at you. Seems innocent enough but these are used by malicious third parties to gain access to your computer or network. As soon as you plug it in it starts running software in the background to infect your PC. If you didn’t buy it or know it is safe leave it at lost and found. Again the money you save from a “free” flash drive may cost you a lot more. Jumping into the business aspect of this, many companies have policies forbidding any flash drives in company systems. Plugging in a free one found in the parking lot could cost you your job. As USB flash drives are a dime a dozen these types of vulnerabilities are a cheap and easy way to gain access to systems.

I got Scammed! Now what

So you got the phone call and you start to feel uncomfortable. Hang up! I can’t stress this enough hang up and if you gave them access disconnect your computer from the network immediately. Turn off your wireless on your laptop or unplug the network cable. If it is legit you can call “customer service” back after you verify they really are who they say they are. Don’t feel like you have to continue to give them information or access to your system. Most people after they are scammed tell me “ I knew better”, “something didn’t seem right”, ”I got this funny feeling” listen to your feelings. If you hang up on me as a technician because you think it may be a scam, I won’t be mad as would any legit technician. YOU have to feel safe and comfortable with what is happening on your computer with your data.

If you gave them your credit card number call your credit card company immediately before they buy anything. If you think your social security or other identity information was gathered. If you haven’t already done so, freeze or lock your credit at the 3 major credit monitoring companies. Transunion, Equifax, Experian. Change any online passwords that you feel may have been compromised especially financial.

Recycling or Donating

The hard drive of your home computer should always be wiped of data and preferably destroyed before donating it or disposing of it. See above for all the reasons why. Unlimited physical access to your hard drive means unlimited time to gather data off of it. Files deleted are not really deleted. Think of it as a filing cabinet and your data is files in folders. When you “delete” the data, even from the recycle bin, all you have done is take the names off the folders. The files are still sitting in the cabinet they are just harder to find. If you do some multi-pass rewrite of those folders that is like shuffling the files in the drawer without folders. It is messy but if someone really wants to spend the time they will find the file they are looking for or another one just as valuable. Have the drive professionally destroyed. Many recycle centers will do that for you for free before they throw your PC in the pile. Don’t trust the non-profit you gave your systems to have the resources or time to properly dispose of the drives before they give them to staff or they dispose of them. Make sure you know the data is gone. Hard drives have dramatically come down in price so they can easily be replaced if the computer is good enough to be reused. Most the times donated PC’s are so old they are junk anyways. Full PC Recycling is typically the right way to go.

Summary

Any inconvenience these process above cause are a drop in the ocean compared to the hassles and harm that can be done if you don’t follow them. Home computers are neglected though many times they store more personal and private data that could bring your life and finances to a halt. Yet people concentrate all their energy to that work computer. Don’t just trust your cousin Jimmy, that computer repair shop down the road or that big box store to follow these rules either. Trust but verify.

Here are a couple fake scam alert screenshots:

clip_image002

clip_image004

Comments

Post a Comment

Popular posts from this blog

Office 365 Deployment Tool Office Download fails “Could not Install”

Image
Problem: you run the setup.exe /download download.xml and fails immediately with “Couldn’t install” You make sure all the settings are correct (see other blogs) and find nothing wrong Solution: Change drives and run it as an administrator again. For example above i am in the F:\OfficeDeploy directory which is the same directory I have the download.xml directing the download to. If i Change to the c: and run the same command again it works The Office Data folder was created and updated as shown below:
Read more

FRS to DFSR Post Cleanup “File Replication NtFrs Stopped”

Image
After successfully migrating from FRS to DFSR you get the File Replication NtFrs service is Stopped error on the local servers AD DS Services list. In the Event logs you may see Event id 13575 13577. You can confirm your migration completed by opening a cmd prompt as administrator and typing in: dfsrmig /getmigrationstate After your migration to DFSR is completed and you have given your servers ample time to propagate this service is no longer required. Since it is set to “Automatic”, as shown below” it shows in logs as a false positive error. Edit the File Replication Service and change it to “Disabled”, as shown below: Once it is listed as “Disabled” it will no longer show in the Console as an “error” Note : it may take some time to clear from the active view
Read more

Domain Migration SubinACL /Migratetodomain How To:

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a
Read more