I’ve been working within the IT trade for over 30 years, for many of this time as an editor at PC-WELT (PCWorld’s German sister publication), specializing in safety. I take a look at antivirus software program, give tips about easy methods to make Windows safer, am consistently looking out for the most effective safety instruments, and monitor the actions of cyber criminals.
Over the years, I’ve acquired a complete vary of behaviors and rules that appear utterly regular and wise to me. However, once I observe different PC customers, I typically uncover dangerous or at the very least much less security-oriented habits.
That’s why I’ve put collectively the 10 most essential issues I’d by no means do as an IT safety professional.
Further studying: Best antivirus software
1. Move as a substitute of copy
IDG
Moving your individual information as a substitute of copying them instantly makes me really feel uneasy. This consists of, for instance, pictures or movies from the digital camera or audio recordings from a smartphone or audio recorder. If you progress such information, that are normally distinctive, you run the chance of dropping them as quickly as you progress them. Although that is very uncommon, it can’t be utterly dominated out.
But even when the transferring course of goes easily: The knowledge is then nonetheless solely accessible as soon as. If the arduous drive within the PC breaks, the info is gone. If I make a mistake and by chance delete the information, they’re gone. These are dangers that solely come up should you begin a transfer operation as a substitute of a duplicate operation.
If you assume: I want the house on the SD card for brand new pictures, it’s best to contemplate shopping for a second SD card. Your personal knowledge is at all times value it.
And when do I launch the house on the SD card? I do that as quickly as my backup plan on the PC has backed up the copied knowledge. In my case, that is completed on a tough drive within the community that runs on a Raspberry Pi.
Important information are additionally robotically encrypted and uploaded to cloud storage.
Further studying: Best online backup services
2. Save my very own knowledge with out a backup
I’ve arrange an automatic backup for all important data. Because saving information I’ve created myself with out a immediate backup is much too dangerous for me. This additionally consists of all knowledge that I enter into apps, for instance, whether or not for Android, iOS, or Windows. Just as a result of most apps don’t supply an simply recognizable backup operate doesn’t absolve the person of accountability for his or her knowledge.
For instance, at two grammar faculties in Koblenz, Germany, a number of hundred faculty iPads have been logged off the college community as a consequence of an error. The handwritten notes within the Goodnotes app utilized by the pupils have been deleted. Many college students had labored solely with the college’s personal iPads and this app — in different phrases, there was no secondary copy of their notes. Around 500 of the entire of 7,500 iPads have been affected by the info loss by being linked to the college community on the time of the breakdown.
A cloud backup, as is common for iPads, was deactivated for knowledge safety causes. No different type of knowledge backup seems to have been used. The pupils involved can’t be blamed right here, however the system administrator accountable can.
3. Format with out a thorough test
IDG
I’d by no means make this error — as a result of I’ve made it earlier than. Therefore, I can solely advise from expertise: Only format a storage drive when you find yourself certain that you’ve chosen the right drive.
For years, I used exterior USB arduous drives to retailer my information. The folder construction on these arduous drives was normally an identical. There have been the folders “My Documents,” “Videos,” “Temp,” “Virtual PCs,” and some extra. What’s extra, all of the arduous drives have been the identical mannequin, which I had as soon as purchased generously on a very good deal. Some of those disks even had the identical knowledge provider designation — particularly “Data.”
That wasn’t very intelligent, as a result of it made it too simple to combine them up. So I ended up complicated one in all these arduous drives with one other one at a late hour and formatted the improper one.
Since then, I’ve named and labelled my exterior arduous drives and USB sticks very clearly and take one other shut look earlier than formatting them.
First test, then format: Choosing the best drive earlier than formatting is essential to keep away from unintentional knowledge loss. In Windows Explorer, test which drive letter the arduous drive or partition to be formatted has. This is commonly not instantly obvious on programs with a number of drives. Take the time to test, unplug different arduous disks and drives to extend the overview. The identify of the disk and its dimension will enable you to to determine it.
In addition, begin Disk Management by coming into Disk Management within the Windows search. All linked disks and their partitions will likely be displayed. Only begin formatting when you find yourself certain that you’ve discovered the right arduous drive, USB stick, or partition.
4. Open hyperlinks in emails
I don’t wish to open a hyperlink in an e-mail. And I by no means open a hyperlink if the e-mail is supposedly from my financial institution or cost service supplier. I don’t even open the hyperlink within the month-to-month e-mail from PayPal, despite the fact that I do know that this e-mail truly comes from PayPal.
Why not? Nowadays it is rather simple for an attacker to create a deceptively actual copy of a financial institution e-mail. I wouldn’t reliably acknowledge the distinction between a phishing e-mail and an actual financial institution e-mail — at the very least not within the quick time I’ve to test my inbox.
Instead, I open on-line banking pages and different essential pages through hyperlinks I’ve saved in my browser, or retype the tackle into the browser every time. I log in to the location and test whether or not a brand new message has arrived in my buyer account. If not, then the message within the e-mail is both a faux or not essential sufficient for the financial institution to enter this data in my buyer account. That’s the top of the matter for me.
Tip: Change these 5 Windows settings to improve your data privacy
5. Opening suspicious information
IDG
If a file is suspicious, no matter whether or not it’s a program or a doc, I don’t open it. The threat is just too nice. As an IT editor, I’m after all consistently downloading instruments from the web and fairly just a few of them are scanned by the virus scanner. That is one indication that makes a file suspicious.
Another is the supply. Files from doubtful web sites are simply as suspicious as information which are connected to an e-mail or come from hyperlinks in emails. If I can’t keep away from opening or beginning such information, I at all times test them first with the device www.virustotal.com. The on-line service checks a file with greater than 60 virus scanners.
If you need much more details about a suspicious file than www.virustotal.com gives, you may as well add suspicious information to an internet sandbox. However, that is considerably extra difficult than a take a look at at Virustotal. The companies typically require registration and are typically topic to a charge.
A free and uncomplicated on-line sandbox with out registration is offered at www.hybrid-analysis.com.
6. Give vouchers for cost of companies
Foundry
Who would wish to do that? An astonishing variety of customers! They are all victims of a social engineering assault. Social engineering makes use of psychological tips to control folks into doing issues that aren’t of their pursuits. Human traits resembling belief, worry, or ignorance are exploited.
A well-liked trick goes like this: You are browsing the web and abruptly a warning message seems that seems to return from Windows. Your PC has been hacked and it’s best to name a assist phone quantity so {that a} Microsoft worker can repair your PC. When you name, you might be informed that your PC has truly been hacked. However, this prices cash and is meant to be paid for with voucher playing cards. The criminals demand these as a result of voucher codes are a lot tougher for the police to hint than a financial institution switch.
The truth is: Nobody is resistant to the tips of social engineering. A well-prepared and skillful attacker can lure anybody right into a entice. There are many examples of this — search “CEO fraud.” But the second one thing as uncommon as a voucher code for a service is requested, you may grow to be suspicious and escape the entice. The similar applies if you’re informed that somebody is coming spherical to gather cash from you.
See additionally: How do I remove malware from my PC?
7. Connect unknown exterior units
A USB stick whose proprietor I don’t know. I’m not plugging it in. Fortunately, gone are the times when Windows’ autostart operate instantly launched an EXE file from a linked USB stick. By default, Windows 10 and 11 solely supply to begin Windows Explorer to show the contents of the USB stick.
So that’s not the issue. But like everybody, I’m curious. Attackers reap the benefits of this and save malicious information with file names that you could’t resist opening.
For a very long time, safety specialists mentioned that should you needed to interrupt into an organization community, all you needed to do was go away just a few contaminated USB sticks within the firm parking zone. Some worker will seize a stick and join it to their work PC.
The skilled malware Stuxnet can also be mentioned to have reached the computer systems on the Iranian nuclear facility through a USB stick. It is barely unclear whether or not this USB stick obtained into the plant through the parking zone trick or whether or not an insider smuggled it in. Stuxnet destroyed the centrifuges within the nuclear facility and thus delayed the manufacturing of fissile materials for a nuclear bomb.
When you must insert a international USB stick: The similar guidelines apply as beneath level 5. Check the information on www.virustotal.com or begin them in a sandbox.
8. Use default passwords
When I join a brand new system that has default password safety, I instantly change the prevailing password. The similar applies to on-line accounts which have given me a password.
Admittedly: It has grow to be uncommon for a router to return with a default password. However, it’s all the extra essential to behave shortly within the remaining circumstances. This is as a result of attackers know the default passwords and attempt to use them to log into the units. A great password manager may help you create robust, distinctive passwords for each web site and repair you utilize.
9. Enable pointless community companies
IDG
Hardly a month goes by with out a new safety vulnerability in a NAS or webcam changing into recognized. These community units are normally susceptible through the web and permit hackers to entry the info on the NAS, the pictures on the webcam, and even your complete house community.
That’s why I don’t activate any community companies that I don’t want. Remote entry to my router — deactivated. Remote entry to my sensible lighting — deactivated. Access to my NAS and the robotic vacuum cleaner can also be deactivated.
10. Buy an costly Plus model of antivirus
PCWorld
Antivirus software program is normally accessible in three variations. Simple, good, and excellent — or antivirus, web safety, and complete safety. I’d by no means purchase the third and costliest model.
That’s purely a monetary consideration: If I have been wealthy, I’d resolve otherwise. But so long as cash is tight, I solely purchase the center variant, which is normally known as Internet Security. It normally provides greater than the free Microsoft Defender, however will not be as costly as the complete model.
With the latter, I’d be paying for companies that I don’t essentially want (metadata cleaning, social media monitoring) or that I can get cheaper elsewhere (VPN services, cloud storage).
As I mentioned, the entire variations supply extra, however I don’t want that further.
This article was translated from German to English and initially appeared on pcwelt.de.