Some time ago I was asked to provide some simple advice for non-technical users on protecting their data and office computer systems. Most people are aware that computer security has become a huge problem in recent years, but the sheer amount of (often conflicting) advice on the subject often drives people to ignore it - after all, if you're just trying to do your job, you don't want to have to spend a lot of time learning obscure technical information. With that in mind, this article outlines five basic things to keep in mind to stay safe online. It's far from an exhaustive list, as computer security is such a huge topic, but following the suggestions below should make you significantly safer than the average computer user.
1. Don't use the same password for everything.
It's generally not practical to use a different password for everything, just because it's too difficult to remember.
However, it is well worth separating out your passwords into different groups. For example, your bank account login is much more important than, say, a web forum login. While you should be able to trust your bank, suppose you sign up for a forum on a website that asks for your email address. What happens if you use the same password for your email account and the forum? You don't know what the website does with your password - they or someone attacking their site might be able to get your password, and if it's the same as the one for your email then they also have access to that. If it's the same as for your bank, they may be able to get into that too.
2. Use an antivirus program and keep it up to date.
This probably seems obvious, but it's amazing how many people have non-functioning antivirus software. Often it's because they got a free subscription with their computer, which then expires, and they don't want to pay to renew it. Paying isn't necessary though, there are many good free antivirus programs out there. The best antivirus program tends to vary with time, but at the moment I am recommending Microsoft Security Essentials to people. It's free for home use or for up to 10 business computers, has good detection rates, and doesn't slow down your computer much.
3. Keep your other software up to date.
This is another fairly obvious one, but a lot of people don't manage to keep their software up to date. This is especially important with web related software such as your browser, Adobe Flash, Java and so on. If you're using Windows on a business network this is simplified as your system administrator can configure computers to automatically update. Most versions of Linux also come with good tools for automatically updating software built in. I also recommend uninstalling Java unless you really know you need it and replacing Adobe Reader (for PDFs) with an alternative such as SumatraPDF or Evince.
4. Don't click links in emails.
This is a fairly simple one: unless you're totally, 100% sure what something is, don't click on it. If someone claiming to be your bank sends you an email and you want to log in to your account, type the website address in or use a bookmark rather than clicking on a link. If someone you don't know sends you an attachment, don't open it. Even if someone you do know sends you an attachment, don't open it unless you were expecting it. People's email accounts get hacked all the time, and it's quite common for hackers to send spam and viruses to people on the contact list of the hacked account.
5. Don't log in as Administrator.
User accounts on Windows XP are administrators by default. This gives you complete control of the computer, but unfortunately also means that if you are hit by a virus, it also has complete control of the computer. It is much safer to log in with a standard user account for ordinary day to day use, and only log in with an administrator account when you need to make changes, e.g. installing new software. This is a bit of extra hassle but generally worth it for the extra security it offers. If you're running a more recent version of Windows, or using Mac or Linux then this is already taken care of for you.
If you have other good security tips to share or want more advice on a particular topic post a comment, I'll be watching this page to follow up.