Eight Simple Tips for PC Security

Computers running Microsoft Windows are prime targets for people who want to take advantage of those computers’ security problems.  82% of Realtors® use Microsoft Windows® in their business. If you’re one of them, it’s important to take steps in advance to make sure that you are taking all appropriate security precautions.  While it’s hard to go far on the Internet without seeing some advice for securing PCs, it can be difficult for real estate professionals to sort through all of the information and figure out what to do first. This article should help.

1. Keep the Operating System Up To Date

It’s important to keep Windows up to date with security patches. Patches are released each month and hackers are usually just one step behind, trying to take advantage of people who even slightly delay patching their computer.  To check on the status of your security patches and updating process, go to your Control Panel, then to System and Security, and select “Windows Update,” illustrated below:


Windows Update
Click on the “Check for updates” link, and if important updates are needed, you will be informed. If you have tried installing an update and it has failed to install for some reason, do not give up. Get the support you need to get the update installed properly.

To ensure your computer is set to automatically download updates, click on the “Change settings” link and you will see the dialog at right. The ideal settings are to install new updates “Every Day” and to “Install updates automatically.” Some users opt for “Download updates but let me choose whether to install them,” which is less than ideal, because any delay in installation keeps  a window of vulnerability open . If you choose to install manually, do not delay installation. Sometimes hackers start attacking computers even before  a security patch is released; when a patch is released, it may be playing catch-up.

Change Windows Update Settings

It is strongly recommended that you run a modern, Microsoft-supported version of Windows. Windows XP is NO LONGER SUPPORTED. New vulnerabilities will not be patched. If you are currently running Windows XP, you should immediately either upgrade your operating system (which may be difficult on old hardware) or purchase new hardware with Windows 7 or Windows 8 installed. Windows Vista mainstream support already ended in 2012 and no security patches will be released after 2017. If you are running Vista, you should strongly consider upgrading. Windows 7 (used for the illustrations and instructions in this article) is the most popular Realtor® operating system. It will enjoy mainstream support until 2015 and be patched through 2020. Windows 8 is the most current version of Windows, and will be supported for ten years from now – an eternity in computer terms.

 

2. Key Windows Security Settings

There are many hundreds of Windows® security-related settings in a variety of locations in the operating system, and it may seem like only a security expert or professional system administrator could keep track of them all. That may actually be the case, but Microsoft has released an easy-to-use tool to help users ensure that at least the most critical security settings are set correctly. That tool is called the Microsoft Baseline Security Analyzer (MBSA), and you can download it from the Microsoft web site:  http://technet.microsoft.com/en-us/security/cc184924. The tool is available in English (MBSASetup-x64-EN.msi), French (MBSASetup-x64-FR.msi) and other languages. When you install the tool, it will create a “lock” icon on your desktop, and when you click on that it will launch the program. Click “Scan a computer” and “Start Scan” to evaluate your computer. The tool will take at least a few minutes to run, and then report will be generated that has green checkmarks (a good sign), as well as blue informational icons and red and/or yellow Xs – which signify items to investigate further using the “Result details” and “How to correct this” links. The latter will send you to the Microsoft website for more information. Many of the issues can be corrected by a non-technical individual, though some may require technical assistance.

Microsoft provides many other tools and educational resources for the technically inclined. If you have the skills or capabilities, and unless your company manages your computer security settings for you, you may want to become familiar with all of the “Local Security Policy” settings on your computer. Very advanced users may want to become familiar with Microsoft’s Security Compliance Manager (SCM): www.microsoft.com/scm/.

Always take care when updating any settings on your computer to avoid problems caused by misconfiguration. Precautions may include backing up all data and setting a Windows “Restore Point” (use Windows Help to learn more about that).  And, as with any changes to your computer, make them only when you have time to deal with anything that might go wrong.

 

3. Keep Your Other Software Up To Date

While Windows Update lets you know if Windows® and other Microsoft products are up to date, you have probably installed scores of other products on your computer, each of which may have its own vulnerabilities and patches. Sometimes this software may prompt you to download a security patch – but some of the software you have installed may not provide automatic updates or provide timely updates.  Some of the most common vulnerabilities are found in Google Chrome, Mozilla Firefox, Apple iTunes, Adobe Flash, Oracle Java, Adobe AIR, Adobe Reader, Internet Explorer, and Apple QuickTime – but that’s just the tip of the iceberg.

It is recommended that you use some type of software to monitor for updates and manage their installation. One example of this software is Secunia’s free PSI program. (https://secunia.com/)  By default, this tool runs when you start up your computer and automatically installs updates (though these settings can be overridden if desired). If manual attention is needed to complete an update, the green icon in your Windows system tray will turn red. Occasionally the automatic updates won’t work and you will need to go to the Adobe, Apple, or other software company website to manually download an update, but at least Secunia has made you aware of the need for a patch.

Secunia PSI

4. Install Anti-virus / Anti-malware Software

No anti-virus or anti-malware software can stop all malicious software from damaging your computer, but most of it stops 70-90+% of the malicious software commonly found on the Internet. Of the free tools, PC Magazine rates AVG Anti-Virus (http://free.avg.com) as the best.  Commercial and reasonably effective tools include (but are not limited to) Avira, Bitdefender, Comodo, F-Secure, Kaspersky, Panda, McAfee, Microsoft, Norton, Trend, and Webroot. Always make sure you are downloading anti-virus software directly from the vendor’s website. Never download anti-virus from a pop-up message on your computer, especially while web browsing; there is a lot of malicious software online posing as anti-virus software.

If malicious software does get past your anti-virus software, Malwarebytes Anti-Malware (http://www.malwarebytes.org/), which has a free version, is commonly rated the best anti-malware software for fixing an infected computer. It can be installed and run all the time alongside standard anti-virus software.

An advanced but easy-to-install barrier against hacker attacks is Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). You can download it from the Microsoft site at http://technet.microsoft.com/en-us/security/jj653751. Run the installer, and select the “Recommended” settings. Internet Explorer, Microsoft Office, and Java will now be protected against some of the most sophisticated threats. Playing around with the settings, unless you know what you’re doing, can cause some programs to not work, so leave EMET on autopilot unless an IT person says otherwise.

 

5. Protecting Your Logins

Choose a strong Windows® password – more than eight characters long, including upper and lower case letters, numbers, and punctuation. Don’t write the password down somewhere where others can find it. Don’t share your account with others;  if you want to allow others to use your computer occasionally, set up a new user account with “guest”-only privileges. That way your guests can’t access your files, web browser stored information, and other sensitive information. Sign out or “lock” your computer (hold down the Windows + L keys simultaneously) when leaving your computer unattended. In case you are forgetful, configure your screen saver to lock your computer after a few minutes of inactivity and require a password to sign back in, as illustrated at right. Screen saver settings are located in the Control Panel\Appearance and Personalization\Personalization area.

Screensaver Settings

Don’t use the “save password” feature in applications or on websites. This can be a great convenience, but it is also a security risk. While setting a strong Windows® password and enabling encryption decrease the risk when your PC is stolen, if someone uses your computer while it is unlocked and logged into your account, they can access those services for which you have saved passwords. Carefully consider this risk before saving passwords that provide access to your banking information or to clients’ personal or financial information.

 

6. Encryption

If you think that encryption is something for computer geeks on television, you’ve got it all wrong. Real estate professionals handle a lot of personal and confidential information – their own, their family’s and clients’ – and encryption is an important tool for keeping that information safe. Encryption is a process for transforming information that anyone can read into something that is unreadable by anyone who doesn’t have the right “key.”

If you use a PC with an up to date operating system, there are two options to consider. The first is called Encrypting File System (EFS). Just browse to the folder or file you want to encrypt, right-click it, and then click Properties. On the General tab, click Advanced; under Compress or Encrypt attributes, select the Encrypt contents to secure data checkbox, and then click OK, then OK again. If you are encrypting a folder, choose Apply changes to this folder, subfolders and files, and then click OK. Now, even if someone has stolen your computer, they can’t decrypt the files and read them unless they are logged in as you! The second option is called BitLocker Drive Encryption (only available on “Ultimate” and “Enterprise” versions of Windows Vista and 7, and “Professional” and “Enterprise” versions of 8) which encrypts all files stored on your computer. When you add new files to a drive that is encrypted with BitLocker, BitLocker encrypts them automatically.

Two important caveats: One is that both of these encryption options require that you create a method to decrypt and recover files if something goes wrong. There are articles on the Microsoft web site about how to create an encryption certificate or Bitlocker recovery password and back up your encryption certificate. The second is that files remain encrypted only while they are stored on the encrypted drive. Files that are emailed or copied to other devices or computers are automatically decrypted.

 

7. Secure Your Network Activity

Wireless ConnectionsIs there a “bad guy” watching what you do over the network? To reduce that risk, do not use unencrypted Wi-Fi networks. Encrypted networks will display “WPA2” in the popup when you mouse over a potential new connection. Avoid, networks run by people you don’t know, or networks that may allow fellow users that you don’t know and trust. You should be aware that there are various ways of intercepting cellular traffic, and you cannot be assured of the security of your data or voice transmissions. Though some forms of cellular communications are encrypted between your device and the base station (cell tower), hackers have tricked mobile devices into using their bogus base stations instead of the cellular provider’s, and have intercepted both communications and data. The only way to protect data if you choose to use an insecure network is to use a “Virtual Private Network” (VPN). This is something that may be available via your office’s firewall, and you will likely need the help of a technical person to help set it up.   There are also third parties offering an encrypted VPN-like connection via installation of their app, though one must be careful in choosing such an app, since the provider may be able to see your sensitive data.

Another layer of protection against someone seeing what you are doing online and accessing your accounts is to use encryption in your web browser and email software. In the case of web browsing, the website must support secure browsing via “https” (SSL or TLS protocols) and in the case of email, the email server must support similar encryption – something to coordinate with your email provider.

 

8. Back Up Your PC

There are various ways to lose your files and settings, including viruses and malware; accidental deletion; hard drive failure; or computer damage, loss, or theft. If you have backups of files and settings, recovery will be much easier.

There are many options for creating backups, including external encrypted hard drives, backup tapes, writable CDs and DVDs and online “cloud” backups. Each has advantages and disadvantages. Questions to ask yourself about any backup system are:

  • How convenient is it? You are more likely to use a system that backs up your files automatically.
  • How complete is it? Does it back up your whole hard drive – Windows, programs, and files – or just some of the above? Does it back up your browser settings and bookmarks? Your email settings?
  • How secure is it? Is information transmitted and stored in an encrypted format that only you can access?
  • Are you keeping multiple versions of files over time, in case you don’t notice that a file is missing or corrupt right away?
  • Does your backup cover typical disaster scenarios? If your backups and computer are in the same location and there’s a fire, it’s not really a sufficient backup.
  • How fast and easy is it to restore files?

Always test your ability to restore from backup, before you need to. Some professionals use multiple methods of backup, in case one method fails.

 

Some Parting Words

There are many possible settings and practices to decrease the likelihood that your PC will be compromised. This article is just a starting point for individuals and the small business audience. Nonetheless, if you follow at least these steps, you will have substantially decreased your risk and improved your chances for recovering quickly from an incident.