Skip to main content
Updated date:

Top 10 Computer Security Best Practices and Cybersecurity Tips

Dan earned his CompTIA (CIOS) certification in 2010 and worked in the computer repair/networking industry for several years.

Aside from installing antivirus software, what are some steps you should take to ensure your computer is secure?

Aside from installing antivirus software, what are some steps you should take to ensure your computer is secure?

With the abundance of information available on the internet, especially as it pertains to computer technology and computer security, cybercriminals—those who seek to break the law via computer hacking—are able to learn quickly and are on the rise. Average computer users typically think of computer security as installing an antivirus program on their smartphone, laptop, or desktop computer, turning on notifications, and walking away.

Unfortunately, computer hackers are smart enough to circumvent and/or work around this type of security safeguard—antivirus programs should be considered a last line of defense and are not recommended by serious IT professionals as anything else. Embracing and implementing a broad array of security techniques is required for a fighting chance.

In fact, there is so much crime that occurs via the internet, the United States government allocated a special group to deal with the situation called the Internet Crime Complaint Center. Common sense should be carried over from everyday life into the world of internet usage. Here are ten tips and best practices you should be following to ensure your computers are secure.

10 Cybersecurity Best Practices and Tips

  1. Software Vetting
  2. Website Vetting
  3. Data Destruction
  4. Computer Data Availability
  5. Physical Security for Computers
  6. Computer Security Complexity
  7. Efficient Malware Removal
  8. Phishing and Baiting Risk Mitigation
  9. Third-party Risk Management
  10. Patch Management

1. Software Vetting

Software should be carefully vetted before installing on a computer because when it is downloaded, typically for free, it's often laced with malicious software. The primary factor that should be taken into consideration is the source to be downloaded from.

Websites that use security certificates tend to be trustworthy because the certificate is issued by a trusted third party which verifies that the website owner is who they claim to be—much in the same way governments issue IDs to citizens in order to generate confidence in identity.

There are various ways to check if a website has a security certificate, but the easiest way is to look for the lock icon in an internet browser's address bar when visiting the website—it will reveal details when clicked. If no lock icon is present, then a security certificate for the website does not exist—in which case you should proceed with caution.

In general, it's better to use websites with security certificates but hackers are known to set up websites with security certificates to make them look as though they are legitimate. Proceed with caution when downloading and installing software from any website.

2. Website Vetting

Computers can be used in a variety of ways to lure users and hack into their personal lives. When surfing the internet and there is suspicion of foul play, chances are the suspicion holds water—computers are designed to be an extension of the way people operate and think in everyday life—when suspicion arises, it should bring pause.

Some organizations that run honest operations will have their websites compromised by computer hackers. How this is done is irrelevant—what needs to be understood is that compromised sites can be utilized to exploit vulnerabilities on computers. Ads can be hijacked and drive-by-downloads can occur where computers automatically download and install malicious software.

There are various ways to vet websites. First and foremost, as mentioned above, a valid security certificate is a good sign that a website is safe. Online services such as Google Transparency Report use technology to verify whether a website is probably safe, or not. Browser extensions are available so that when using them, only websites included in its whitelist are allowed access. When unsure whether a site is safe or not, using ad or script blocker browser extensions can add a layer of security—their default settings might need to be adjusted for ease of use.

3. Data Destruction

Thoroughly destroying hard drives and other data storage devices before discarding them is important. Even if they are malfunctioning, a skilled computer user could tinker with the device to retrieve information from them.

Furthermore, merely deleting files from the devices does not rid information stored on them—the devices must be written over using specialized software. Personal information stored on computing devices getting into the hands of criminals is a recipe for identity theft; therefore, it's important to make sure data storage devices are erased efficiently.

4. Computer Data Availability

The computer security industry incorporates data availability as part of the security paradigm. Since general computer usage and business continuity rely on access to the data stored on computers, backup routines are recommended.

Best practices are to store copies of the data at sites other than the location of the originals in case of disasters not limited to computer virus attacks, fires, floods, and theft. All sorts of backup scenarios exist, and no one backup method is appropriate for them all, but the following are some common scenarios.

Backup mediums—the storage devices that hold data—greatly vary, as do the procedures for the actual backup processes. If the number of files to be backed up is relatively small, storing the files on a small, USB flash drive or SD card can suffice for the average home or small business user—carrying the medium in a pocket, backpack, or purse can work as a type of off-site backup, depending on the situation.

There are also a number of paid and free services on the internet that allow "cloud" backup—a relatively seamless type of medium and procedure that allow automated or manual backup of files to a storage server on the internet. Examples include Google Drive, Microsoft OneDrive, and Dropbox. In any event that data is lost locally, the data can be restored by downloading it after normal computer operations have been restored.

Backup systems can be complex and require trained personal to handle them. Backup servers can exist at the same site where the original data is kept—the data can be restored quickly if its use is time-sensitive. The same organizations that store backups on-site can and sometimes do retain cloud storage for redundancy.

5. Physical Security for Computers

If hackers could gain physical access to a computer for exploiting data theft or monetary gain, it would make their job much easier—they would not have to circumvent any network security that is typical in a hacker's routine. For example, if a cybercriminal across the internet wanted to hack into a user's computer, they typically attempt to learn information that identifies the computer on its network, such as an IP address.

The addresses, at minimum, typically use a private scheme that is protected by network equipment such as NAT, network address translation, devices. Therefore, a hacker would have to work around this in order to obtain identifying information about the computer.

Physically breaking into a building and stealing a computer allows direct access to the computer being sought and renders sophisticated network hacking unnecessary. Security guards, video cameras, efficient locks, and safes are recommended to mitigate the risk of direct computer access.

6. Computer Security Complexity

As computers and networks climb the ladder to more sophisticated setups where trust among users—such as employees—becomes a factor, the computer network administrator must consider integrating a broader range of security policies where concepts such as "separation of duties" and "least privilege" are implemented. The purpose is to help prevent a single employee from having too much access that could compromise security—especially in cases where an employee develops a grudge against their employer.

There is also a factor of useability that should be considered—in general, the more secure a system is, the less user-friendly it is. After backup systems and security policies are put into place, adjustments sometimes must be made in order to allow ease of use.

7. Efficient Malware Removal

When common sense security measures fail, antivirus software can be useful for picking up the slack. Antivirus suites come with real-time monitoring so that when their algorithms or databases detect malicious activity, they will alert users.

However, malicious software can slip through the cracks, and running a thorough antivirus scan on occasion, can help. Microsoft Windows tends to be the operating system most affected by malicious software, so here are some steps for running a thorough scan on that platform. Sometimes customized, manual forms of detection and removal are needed, but this is generally a reputed approach.

  • Boot the computer into safe mode. Reboot the computer and tap the F-8 key. When the menu appears select "safe mode with networking." Another way of accessing the menu is by typing msconfig into the RUN command box in Windows, selecting the boot tab, checking the boot box, adding the network support bubble, and rebooting.
  • Download and install Kaspersky's TDSSKiller program. Run the program and it will check the system for root-kits, a type of malicious software that is generally more subtle than regular viruses.
  • Download and install RKill. Run the program and it will stop malicious processes from running.
  • Uninstall any programs that are not being used, especially programs that were downloaded and installed from websites that are generally unknown or, perhaps suspect.
  • Install an antivirus suite if not done already. Update the program, run it, and opt to remove any malicious software it detects.

8. Phishing and Baiting Risk Mitigation

Phishing is a type of social engineering where perpetrators use various methods to act like legitimate and honest parties in order to trick computer users into giving away private information. Phishing awareness is a first step and extremely helpful for reducing the risk of falling victim to the attack.

For businesses—in addition to awareness—developing easy-to-understand and coherent policies, based on that awareness, is critical. Companies spend hundreds to thousands of dollars reducing the risk of computer crime threats. One employee who does not understand policies pertaining to phishing attacks could render security efforts null, wasting countless resources and measures put into place.

Baiting is similar to phishing in that it fools users into believing they are receiving something legitimate. Those who seek to commit computer-based crimes can send e-Mails that include offers for free products or services. It can occur through private messaging, texting, or phone conversations as well.

Clicking links to these offers or accepting them, can provide a path for malicious software to get installed on a user's system, or to fraudulently obtain credit card information. Awareness is a primary tool in mitigating this type of threat

9. Third-party Risk Management

While computer manufacturers often provide support for their products, businesses and consumers can opt for third-party services for the repair or general support of their computer systems or programs. However, although those services can be convenient and helpful, they themselves can be subjected to computer security breaches—in a variety of possible ways. It especially becomes important to make sure third parties are following security best practices when you provide them with personal, or sensitive information. Therefore, it's critical to develop protocols to manage the inherent risks of dealing with third parties.

The subject of third-party risk management is broad. The solution that any given consumer or business requires changes depending on a variety of factors. The International Organization for Standardization or ISO defines frameworks for managing third parties. Factors within a framework can include and are by no means limited to prioritizing the level of risk, geographical location, reputation, and certifications. Services also exist to help facilitate the trust between parties in addition to developing a framework.

10. Patch Management

Over time, flaws or security vulnerabilities are discovered in operating systems and computer programs. Vendors such as Microsoft provide patches for their operating system—Windows—which can be configured to be installed manually or automatically.

Failure to install the patches raises the risk of becoming the victim of a computer crime. Third-party program vendors also provide patches for the software that they release and make updates available routinely. Computer crime exploitations often make media headlines due to unpatched systems, which is why patch management is an important concept to embrace.

Computer hackers also take advantage of undiscovered software security flaws. These are referred to as zero-day threats. No update or patch can fix these types of risks—the only practical solution is becoming more active in computer security, and less complacent.

Computer Security Plans in Practice

The recommended security practices outlined herein are applicable to all types of computer users—residential users, small/medium-sized businesses, and large corporate/branch offices. In residential setups, the security posture is relatively low maintenance, and practical knowledge can be obtained through various internet tutorials. For relatively large networks, it's generally recommended that the owners retain a managed service provider specializing in computer networking, especially for data preservation.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2021 Dan Martino

Related Articles