As a tech professional, it’s my job to clean up after computer “accidents.” But a more important aspect of my job is keeping them from happening. There is a lot of information on the web directed at cyber safety, and most of it is good. But there is one thing that you can do more to keep you safe than any other single thing: Run as a non-administrative user.
I consume a LOT of news about cyber security and cyber safety. A research paper presented at a tech security conference recently showed something interesting. The list of security tools used by non-tech professionals was upside-down from the list of tools used by tech professionals.
Here are the top five things that non-experts (with regard to digital security) do to try and stay digitally safe:
- Use antivirus software
- Use strong passwords
- Change passwords frequently
- Only visit websites they know
- Don’t share personal information
Those are all good things to do. And to some extent, most security professionals do those things. However, here are the top five things security experts do, and recommend that you do:
- Keep your systems and software updated
- Use unique passwords
- Use 2-Factor authentication
- Make sure to use strong passwords
- Use a password manager
The items with links are things I’ve talked about here in my blog. The rest of them I will address soon and show you how to put in place.
But Wait–There’s More
The same security expert that led me to this study also has said, repeatedly, that a huge majority of exploits are coming in through the users’ browsers running with administrator permissions. As a result, you should run on your computer as a standard user, and not as an administrator, for normal, everyday use.
For Windows 7, do this:
1. Go to the Start button, click once on it, and in the box that pops up, type “User Accounts” without the quotes. In the list of items that pop up, click on the one that says User Accounts.
2. Select “Manage User Accounts.” The computer should ask if you want to make changes to User Accounts, or something like that. Select YES. If you see the User Accounts dialog box immediately, you are running as an administrator. Or if you don’t get a question about if you want to do it, you have User Account Control turned off—and this is a BAD idea. If you get a prompt for a user name and password, you are running as a standard (non-administrative) user. And that is a GOOD idea.
3. If you are set up as an administrative user, create another account for yourself as a standard user and use that for day-to-day use. You can use your administrator account to move or copy your documents either into the Public documents folder. There is another way to do this. Log into your standard account once and created a standard user profile. (The profile creation happens automatically.) Copy into that standard user My Documents folder, same for photos, videos, etc. Note: If you are dealing with documents you absolutely cannot lose, you should have a backup anyway. But if you haven’t backed up yet, or in a while, do a COPY of the documents, not a MOVE of them. Then, when you are certain you have all of them (by comparing the folder sizes), then you can delete the originals.
On a Mac, do this:
In the upper right corner of the screen, click once on your name, then click on User & Groups Preferences. You’ll see your name, then what type of user you are. If it doesn’t say Admin, you’re fine. However, if you see Admin, go ahead and create a Standard user account for yourself, and again, do the copy of the documents.
If something coming through the browser has to install to do bad things, doing this will make it ask you for permission. When something asks for a user name and password for something you didn’t ask for, you know something is wrong.
How have your security practices changed or evolved over time? Are you afraid of some things online? What do you wish you could do better to be more secure online?