Computers occupy a prominent place in our lives and are even the main tool for communication, information, entertainment and work for many of us. But do we look after them? Do we take every precaution necessary to avoid the annoyances, or even the nightmare, that could be caused by our IT habits? Here are a few tips and good practices to be added to your new-year resolutions to improve your digital well-being on a daily basis.
Thou shalt clean
You regularly wash your car and clean your shoes. And you also clean your computer monitor. But do you give the same amount of care to your computer’s content?
Unbeknownst to you, heavy use of the Internet means hundreds—or even thousands—of cookies and pieces of browsing-history data accumulate on your computer. Your hard drive becomes cluttered for no good reason and this profusion of data (which describes and remembers what you do on the Web) poses a confidentiality and privacy risk. Delete all of the cookies and your browsing history on all of your Web browsers on a regular basis (at least every three months).
Apply the same approach to your e-mails, which contain a vast amount of sensitive information (and sometimes even plain-text passwords): go through your inbox and delete old messages that only clutter (and slow down) your messaging service.
While you are about it, have a look through your Applications directory. Does that App that you installed a few years ago to ‘try out’—and have not opened since—still deserve a place on your hard drive? Scroll down the list (through ‘File Explorer’ on Windows and ‘About this Mac’ on Mac) and uninstall the applications that are not used.
It is also important that your hard drive is thoroughly cleaned on a regular basis, either to free up space or to improve the speed of your computer. Use third-party applications to delete duplicates or the tools already installed on your system (Disk Cleanup in Windows 10) to remove temporary files. Disk Utility on Mac can also detect errors and automatically repair permissions.
Thou shalt backup automatically
The old IT saying, made popular by Schofield's Second Law of Computing, is more relevant today than ever: ‘data doesn't really exist unless you have two copies of it’. This is particularly true at a time when ‘ransomware’ is prevalent: malware programs that block access to a computer or its data until the user pays a ransom.
Regardless of the reason for which you use your computer, it is essential that you regularly back up your data. Furthermore, there is no longer any excuse not to do so. First, the cost of storage devices has fallen significantly over the past few years: (good) 16GB or 32GB USB sticks cost under €10 and a portable external hard drive with a generous 1 TB of space costs €50. Second, several remote (Cloud-based) storage services offer vast amounts of storage at a low cost: 15 GB free of charge and €1.69 per month for 100 GB on Google Drive, for example. Finally, the bravest (or those who wish to retain control over their data) can also manage their own personal Cloud through increasingly simple and powerful tools: the main hard-drive manufacturers (such as Western Digital or Seagate) offer tried-and-tested solutions, and newcomers (such as Capsule or Filegear) have invented devices that make use of Artificial Intelligence to file and categorise photos and documents automatically. These tools are complemented by solutions that facilitate the synchronisation of data between several devices (desktop computers, laptops, tablets, mobiles) and that are either integrated into the systems that you use or offered by third parties (such as Sync or Resilio).
While these partial backup operations are important for sensitive data, they may not necessarily suffice. In the case of an SME, it is vital that server data is fully and regularly backed up (with turnkey solutions such as Acronis or Box)—an operation which will also serve as an effective safeguard against ransomware.
Thou shalt protect yourself
It is, of course, essential to use one (or more) anti-virus and malware-detection programs. End users have access to inexpensive and even free solutions (Avast for example) that provide a basic level of protection. In the case of a company, more sophisticated solutions are necessary to protect networks, access points and workstations: professional tools (like those offered by Stormshield) that are capable of countering threats proactively, even when they are unknown.
Nevertheless, anti-virus programs and firewalls are not enough to thwart the countless number of hacking attempts that you—like everyone else—may face. Best practice can also help here. On sensitive websites and sites that contain your personal contact details (banks, trading sites, online stores, etc.), always opt for two-factor authentication (‘2FA’), which is often optional. In addition to your usual password, the site will ask you to enter a code sent by text or e-mail: a process that will take you a little longer to complete but will pose an additional problem for a hacker.
On the internet, note the difference between HTTPS and HTTP sites. It is simple: one is secure (all of the data sent by your computer is encrypted before it reaches the website), the other is not (at all). It is therefore unwise to make an online purchase, which requires banking or Visa card details, on an HTTP site (the secure nature of HTTPS is clearly shown on most browsers, generally through the presence of a padlock and/or the colour green).
When using a laptop (or smartphone) while you are out and about, do not forget that public Wi-Fi access is not secure. Avoid logging into sensitive sites (such as your online bank account) if you are not at home.
Thou shalt not click on anything in suspicious e-mails
Too many people are still unaware of the fact that e-mail is the main channel through which malware is distributed. More than half of the e-mails circulating on the Web are spam, and phishing is one of the main causes of data theft and hacking. For instance, you receive an e-mail that perfectly resembles an ‘official’ message from your bank, a service provider or a service that you regularly use; the message often causes you to panic and asks you to log in to a site. You click on the link and access a site that looks like and that you mistake for the usual site that you visit (and may even be HTTPS-protected), you identify yourself and... you have just handed over your password to a hacker who will make good use of it.
Phishing, however, is easy to avoid. As a basic precaution and BEFORE clicking on anything, you must be 100% sure that the sender’s address and the links contained in the e-mail are genuine (for example, by hovering over the message's various links with the mouse). However, certain e-mail handlers (or certain messages that use e-mail distribution services, such as MailChimp) mask the links. It is for this reason that the only real solution is NEVER to click on something in an e-mail that you consider to be suspicious; furthermore, you should never click on a link in an e-mail to log in to a sensitive site). If you wish to log in to your bank account and avoid all risks of phishing, do so on a blank page in your browser or click on the corresponding bookmark in your Favourites bar.
Thou shalt cherish passwords and bookmarks
Your passwords should be seen as a key that opens not only the door to your digital life but also to your life in general. Keeping track of passwords on paper is unthinkable and doing so in a text file or digital notebook is very risky. Opt for applications that have only been designed to manage passwords correctly, such as LastPass or 1Password. Practical and secure: all data is encrypted and synchronised between your various devices and you only have one password to remember.
However, your password manager cannot do everything for you. Never use the same password for different services or applications and avoid passwords that are too simple (at a minimum, avoid words in the dictionary and always include figures and special characters). Using a centralised service (such as automatic identification on a third-party site through Facebook) is a bad idea: if hacked, a single identifier will suffice to steal your identity on numerous sites. Finally, changing your main passwords regularly (at least once a year) is highly recommended.
If your passwords are the keys, your bookmarks are the doors. You use around ten sites on a very regular basis, including all those necessary to manage accounts, pay bills and make online purchases. Add them to your browser’s Favourites bar, ideally in a separate directory. By doing so, you will save time and avoid any problems caused by typing in an incorrect address that could take you to a malicious site.
Thou shalt protect your money twice
Not all data has the same importance or value. You should survive the hacking of your Twitter account, but the hacking of an account in which you store some of your savings could have serious consequences. This is particularly true at a time when the use of Bitcoin and other cryptocurrencies is spreading: our computers and smartphones not only increasingly contain methods of payment but also electronic money. Of course, cryptocurrencies can be stored online (in remote wallets or exchange bureaus) or on dedicated independent devices (in physical wallets such as Trezor or Ledger). But if you store bitcoins or other electronic currencies on your computer or smartphone yourself, without taking satisfactory precautions, you will lose them if your device is destroyed or stolen.
In the case of Bitcoin, you will most often use an electronic wallet known as a ‘HD’ wallet (Highly Deterministic) which you will have configured with a series (known as a ‘seed’) of 10 or 12 words that are specific to you. This seed, which should not be confused with the password that only secures access to the wallet, is used to derive all of the keys of your coins: anyone who knows this series of words will have full access to your bitcoins, without even having to know your password, and will therefore be able to spend them as he or she pleases. Your seed must, therefore, be stored carefully, ideally in several locations and never in the vicinity of your wallet. If your cryptocurrencies are on your computer, store their seed on your smartphone (within your password manager), and vice versa. Furthermore, keeping a record of your seed on paper, in a protected location, is not a bad idea.
So pick up your mouse and get going!
An article written in cooperation with Usbek & Rica.