by: Helge, published: Apr 14, 2021, updated: Apr 18, 2021, in

Top 10 IT Security Tips for Individual Users

Contents

This is a list of simple things that will protect you from nearly all the real-world IT security issues affecting individuals and SOHO users.

1. Install All the Updates

What Should You Do?

  • Enable automatic updates wherever possible
  • Don’t use obsolete software versions

Why Is It Important?

Older software versions often have known security issues for which exploits are readily available. This means that even script kiddies can easily attack large numbers of users.

Most at risk: OS (Windows), browsers (Chrome, Firefox, Edge, IE), MS Office (Word, Excel), PDF reader (Adobe Acrobat)

Configuration Tips

Your OS, your browser, and applications like Adobe Acrobat all come with automatic updates enabled. There is really not that much to do – except not disable this essential functionality.

2. Completely Disable MS Office Macros

What Should You Do?

  • Block Office Macros (VBA code) from running

Why Is It Important?

Office macros contain code written in Visual Basic for Applications, a full-blown programming language. Macros are embedded in Office documents (Word DOCX, Excel XLSX, etc.) and can be executed when a document is opened. This is one of the most popular initial attack methods.

Configuration Tips

Manually Disabling Office Macros

To manually disable the execution of Office macros go to File > Options > Trust Center > Trust Center Settings > Macro Settings and select Disable all macros without notification.

Important: there is another setting, Disable all macros with notification. This won’t do! It is the default, and it shows a button that enables blocked macros with a single click. Every single phishing campaign out there tries to coax users into clicking that button.

Centrally Managing Office Macro Blocking

This blog post explains how to block Office macros via Intune on Windows and macOS. It contains procedures and scripts that are useful even if you are using some other systems management product.

3. Use a Simple PDF Reader Like Sumatra

What Should You Do?

  • Open and view PDFs in Sumatra instead of Adobe Acrobat Reader

Why Is It Important?

Many attacks target Adobe Acrobat Reader because it’s so widely used. By switching to a different app for viewing PDFs, those attacks are defused.

Bonus: Sumatra PDF is much faster than Adobe Acrobat, saving you precious seconds every time you open a PDF.

Configuration Tips

4. Do Not Reuse Passwords

What Should You Do?

  • Never reuse passwords across websites or applications
  • Generate a unique strong password for each individual site

Why Is It Important?

Data breaches have become a common thing, user/password databases are stolen from websites regularly. Even though passwords should never be stored in plaintext, it’s easy enough to make mistakes with the mandatory hashing and salting steps that many sites get it wrong. Assume that any password can be stolen at any time.

Configuration Tips

Use a password manager application like KeePass to store your passwords (see below).

5. Enable Two-Factor Authentication (2FA)

What Should You Do?

  • Enable two-factor authentication (2FA) for any account on the internet
  • Avoid SMS as second factor if possible (but use it if there’s nothing else)

Why Is It Important?

The level of protection offered by passwords alone is simply not good enough, they can easily be stolen (see above). You need something in addition to a password for authentication, a second factor.

Configuration Tips

Most sites offer TOTP-based 2FA. These are the ones showing a QR code during setup. Use an authenticator app like Authy that comes with an (encrypted!) backup functionality so you don’t lose all 2FA configs when you switch phones.

6. Use a Password Manager

What Should You Do?

  • Don’t memorize passwords (except select few, e.g., for your email account)
  • Store your passwords in an encrypted password manager application
  • Protect your password manager app with a very long passphrase and a second factor

Why Is It Important?

A password manager enables you to do two things:

  1. Securely store passwords and other sensitive information (e.g., credit card data)
  2. Generate strong passwords

Configuration Tips

Do not use your browser’s password manager.

KeePass is an excellent free password manager. Its database file can be synchronized with any cloud storage service. On your phone, use an app like Keepass2Android for read/write access to the password data.

If you store your password database in the cloud, consider adding a key file (a second factor) as additional protection. The key file needs to be available on your phone, too. Sync it with a different cloud storage provider than the password DB.

If you prefer a cloud-based password app, take a look at Bitwarden.

7. Antivirus: Windows Defender is Good Enough

What Should You Do?

  • Don’t spend money on a third-party antivirus product
  • Use Windows Defender (which comes with the OS)

Why Is It Important?

Long gone are the days when the protection built into Windows was insufficient. Defender has excellent detection capabilities, is part of the OS, updated and improved regularly.

Configuration Tips

Take a look at the little shield icon in the taskbar’s info area. There should be a green checkmark on it. If that is not the case click the icon and follow the recommendations.

8. Offsite Backups

What Should You Do?

  • Perform regular backups (ideally scheduled, so you don’t forget)
  • Store backups offsite (in a different building or city)

Why Is It Important?

Backups protect from accidental deletion, theft, disaster (e.g., fire), and ransomware (malware that encrypts your files).

Configuration Tips

Out of the innumerable backup tools and techniques I recommend encrypted backups to cloud storage with the free Duplicati 2.0. Don’t worry about the “beta” label. Duplicati 2.0 has been stable for many years.

9. Encrypt Your Laptop’s Disk Drive

What Should You Do?

  • If you’re using a laptop, enable full-disk encryption

Why Is It Important?

Your data is safe even if the device is lost or stolen.

Configuration Tips

BitLocker Drive Encryption comes with every edition of Windows 10, including Windows 10 Home. Its performance impact is negligible, there are no downsides to enabling it.

BitLocker makes use of a recovery key (a kind of password) that you may need occasionally. Store it in your password manager app (see above).

10. Protect Your Email Account

What Should You Do?

  • Enable all available safety measures for your email account

Why Is It Important?

Email is often used for password reset. Anybody with access to your email can simply click a site’s password reset button and configure a new password via the link in the email.

Configuration Tips

Take all the advice in this article to heart. Use a strong password for your email account and enable two-factor authentication. Don’t log into your email account on someone else’s computer. If you have to, make sure to log out once you’re done.

About the Author

Helge Klein (ex CTP, MVP, and vExpert) worked as a consultant and developer before founding vast limits, the uberAgent company, which was acquired by the Citrix business unit of Cloud Software Group in late 2023. Previously, Helge applied his extensive knowledge in IT infrastructure projects and architected a user profile management product, the successor of which is now available as Citrix Profile Management. Helge is the author of the popular tools Delprof2 and SetACL. He has presented at Citrix Synergy, BriForum, E2EVC, Splunk .conf, and many other events.

Read more

Previous Article Royalty-Free Images for Blogs, Websites & Social Media
Next Article How to Check the TPM Status & Enable the CPU's fTPM/PTT