These are a handfull of simple and easy recommendations that I have pulled together over the years to improve your home security on a windows PC and help you feel confident and safe online.
Background: I have been working in the IT Industry for a little over 6 years, covering roles from Helpdesk support, Network Engineering and more recently Cloud Security and consulting. As such I have worked on a wide variety of platforms, applications and tools. This guide is a collection of some of the basic recommendations which I would make to anyone who wants to have a bit more control over their own personal security and their online footprint.
NOTE: This is a work-in-progress and I will be adding more content to this over time. If you see any errors or mistakes, please feel free to create a PR or contact me directly. My details are in my Bio.
Furthermore, if you are looking for some more advanced recommendations, be sure to check out the Advanced Guides folder. I will be periodically adding new guides and recommendations here individually.
Re-using passwords is a very quick way to have all your accounts hacked, If so much as one service is breached you might find yourself in a lot of trouble very quickly. I strongly recommend using a password manager, to store passwords and ensure you create unique passwords for every service.
- Bitwarden (Cloud Service, Paid, Open Source)
- Dashlane (Cloud Service, Paid)
- KeePass (Stored on your PC, Free)
DO NOT keep passwords in a text file/word document/etc on your PC, this is the first thing potential hackers will look for.
Good passwords are suprisingly hard to come by, but they don't need to be difficult. Here is a very simple formula for creating complex and memorable passwords.
- Two words
- One symbol between the words
- One words in all CAPS
- 2 numbers at the end
Examples:
- summer-CAKES88
- GREEN@clouds44
- bright!GLASS23
These passwords will meet 99% of requirements and are easy to remember.
DO NOT:
- Use sequential passwords (password1, password2)
- Use dates or birthdays
- Use names of people you know personally
If it is available, you should ALWAYS use Multi-factor authentication (AKA: 2-Factor Authentication). This should be either an SMS, code or notification on your phone.
Passwords will inevitably get breached, but MFA is the No.1 method to prevent account breaches and has saved me more than once.
Its very easy to lose track of how many websites and services you have signed up for in the past, any one of these could prove a possible vulnerability and opportunity for someone to get hold of your data or initiate identity theft.
When you ar no longer using a website or service, you should delete your account, this is the best way to ensure it cannot be used against you.
A good tool to find websites you are previously signed into is WhatsMyName.app which will take your username and locate any website or service where that username was previously used to create an account.
These improvements are for your home computer and include recommendations for security settings and antivirus features.
Many of these will not affect your day-to-day use but will greatly improve secuirty and reduce your chances of being affected by malware or ransomware.
Every disaster recovery solution begins with backups, and keeping your important data backed up in a cloud-based storage platform is the best place to start. Many services are free for the first 5-10GB of storage, this should be more than enough for any of your important personal document.
As a bare minimum, you should have at least one cloud storage location for your most important files, this platform should also have:
- A Secure Password
- Multi-factor authentication
A general rule of thumb: If you cannot re-download it, it should be stored in the cloud
This should be for storing anything of critical importance:
- Medical Documents
- ID Documents
- Legal Documents
- Contracts/Certifications
- Family Documents/Photos/etc
Having a system like this is the best way to ensure that no matter what happens, you will always have your most important files.
Some good options are:
- OneDrive (5GB Free)
- Google Drive (15GB Free, 100GB @ $2.99AUD/month)
- Dropbox (2GB Free)
Bitlocker is a built-in feature for windows that allows you to encrypt your drives, this is important for laptops and portable devices. Unencrypted drives can be connected to a different computer and the files copied directly off them without any extra effort. Using bitlocker will ensure that your files are safe, even if your drive falls into someone elses hands.
To enable bitlocker:
- Open start menu
- Type
Bitlocker - Take the first option
Manage Bitlocker - For each drive, select
Turn on bitlocker - Follow the steps to enable bitlocker, make sure you make a copy of the recovery key.
You will be provided an opportunity to backup the "recovery key", this is important if you decide to move the drive to another computer, you will be prompted to enter the "recovery key" to get access to the drive again.
Your recovery keys are sacred, these should be kept offline and secure. For example, print them out and keep them safely stored away somewhere secure at home. Do not label them. Alternatively, create an Encrypted USB drive, and store keys within it.
Since Windows 10, Microsoft has developed a very strong and advance Antivirus/Antimalware platform built directly into windows, this is now one of the leading software options for AV solutions. Many large enterprises now use Windows Security as their primary AV solution.
To get the most out of this app, you want to ensure you have enabled it's settings correctly.
- Open start menu
- Type
Windows Security - Open the
Windows Security App
Navigate through the menus and enable the following settings:
- Virus and Threat Protection
- Real-Time Protection -> ON
- Cloud-Delivered Protection -> ON
- Tamper Protection -> ON
- Controlled Folder Access -> ON
Controlled folder access is a powerful tool to prevent damage caused by Ransomware, it will protect your personal files and folders in My Documents and other locations from unauthorized changes.
-
Firewall & Network Protection
- Firewall -> ON (for all three network types)
-
App & Browser Control
- Reputation-Based Protection
- Check apps and files -> ON
- Smartscreen for Microsoft Edge -> ON
- Potentially unwanted app blocking -> ON
- Smartscreen for Microsoft Store apps -> ON
- Reputation-Based Protection
-
Device Security
- Core Isolation
- Memory Integrity -> ON
- Core Isolation
Memory Integrity can have a small performance impact on gaming and other performance intensive tasks. Use as you feel comfortable.
Windows comes preinstalled with a large number of common applications, each extra application on a computer is more potential vulnerabilities to be exploited, A good rule of thumb is to only keep the apps installed that you need.
To remove apps easily:
- Open Start menu
- Type
Remove Apps - Click
Add or Remove Programs - Read Through the list of apps and remove anything that you do not frequently use.
UAC or User Account Control is a system in windows designed to help you prevent apps from making administrative changes without your awareness. UAC will prompt you to confirm whenever an application is trying to start or execute tasks that require administrator rights.
- Open Start Menu
- Type
UAC - Select
Change User Account Control Settings - Set the settings to "Always Notify"
- Click
OK
When you first setup your computer, you were likely given an Administrator account, this allows you to install and setup apps and software easily without needing admin permissions. However, this also means that when you run applications, they may be running as an administrator with more access rights then they need. It also opens the possiblility to make dangerous changes to the system unintentionally.
Generally speaking, you should only be using an Administrator account when you need to make Administrative changes, otherwise you should be using a "Standard" account.
This can be a little complex but it is a significant improvement to your computer security.
Firstly, check to see if your account is an administrator
Windows 11 Steps:
Steps for windows 10 are very similar
- Open
Settings - Go to
Accounts > Other Users - Check to see what type of account you are using:
- Administrator
- Standard
If you are using an Administrator account, we will need to create a new Administrator User and demote your current account to Standard
Creating a new Administrator Account:
- Open
Settings - Go to
Accounts>Other Users - Select
Add Accountunder Other Users
- Select
I don't have this person's sign-in information - Select
Add a user without a Microsoft account(This is for creating a local account) - Give the accounts a Username and a Strong Password (see Section 1.2)
- Setup some security questions
- Select the New Account
- Go to
Account Options>Change account type - Change
Account typetoAdministratorand clickOK
Once complete, it should look something like this:
Now finally, you need to demote your existing account.
- Log into the new Administrator you created (Start Menu > Switch user > Select
Other User) - Open
Settings - Go to
Accounts>Other Users - Select your Primary Account
- Go to
Account Options>Change account type - Change
Account typetoStandardand clickOK
You can now switch back to your Primary Account.
Once you have done this, when installing applications or changing settings, you may be prompted to enter Administrator details, you should keep your Admin Account login somewhere safe and secure, such as a Password manager as mentioned in Section 1.1
These rules apply to your home network, they are common issues and flaws people often miss when setting up home routers and other equipment.
Your home router likely came with a default username and password, for many devices, these are exactly the same eg: username/password or admin/password. This is a critical security flaw as many people do not know how to change this password or don't bother.
If someone was able to enter your home network, via malware or a bad wifi password, they can potentially infect your Router device with malware or simply create more openings and vulnerabilities to your home network.
You should change your router password to something unique and complex.
- Find out your Router/Modem Model (usually on a sticker on the device)
- Google the user manual for your Router/Modem
- Follow the manual to login to your Router/Modem
- Change the Router/Modem Administrator Password
Most routers/modems will also come with a guide in the box on how to login and chaneg settings on the router/modem.
If you have a seperate Wireless Access Point device, you should also ensure you change the default password on this device too, using similar steps to that above.
Im not going to do what most here and tell you that "you MUST be using a VPN to be safe on the internet" because frankly thats bullshit.
A VPN works by routing your internet traffic through a VPN server before spitting it back out into the internet, essentially a proxy server.
It is a common misconception that VPNs make your internet browser more "secure" because it's "encrypted"...
There are two major issues with this...
- Your internet traffic is ALREADY ENCRYPTED from End-to-End, its called TLS and if you see "HTTPS://..." you are using it. See Image
- VPNs do add extra encryption, but it is ONLY from your computer to the VPN's server, it still has to travel across the internet after that without the "extra" encryption the VPN provides, which makes it functionally pointless.
VPNs (the consumer kind) are NOT giving you extra security, they are giving you privacy in the form of obscuring your location, nothing more.
Regarding privacy however, your location is not typically something advertisers will use anyway, since your IP changes regularly and you IP geolocation is usually only accurate to the city.
If you want to have ACTUAL privacy, you need to look into your browser privacy settings, I will go into more detail on this further.