19 essential security tasks you must do on your PC to stay safe

There are many security threats and your privacy, files and personal information is under attack. What can you do to stay safe when using your Windows computer? Use these top security tips.

Most security threats are the result of computers being connected to the internet and if it was not online there would be far fewer problems. However, few people want to live offline and never use the internet. It is just too useful.

So much of what we do these days requires a web connection that it is considered to be a basic right. Everyone needs to have access to online services, sites and information.

However, the internet also allows malicious actors to hack into your computer, or at least try to, and to steal files and information. They may also try to infect your computer with malware and adware. These tips help you avoid security problems online and offline, but mostly online because that is where many threats come from. (This article contains affiliate links.)

1 Use complex passwords

From reading an online newspaper to accessing your bank account to filing your tax returns, passwords are required at so many places. Hackers try to guess people’s passwords and they start with common ones like ‘password’, ‘123456’ and similar easily guessed ones. They also try words in the dictionary because people use single or multiple dictionary words because they are easy to remember.

Use long and complex passwords that contain letters, numbers and if allowed, symbols like #!%()[] and so on. They are very difficult to guess, almost impossible in fact, so they keep your online accounts secure.

2 Use a password manager

Unfortunately, the best passwords are very complex ones and this makes them impossible to remember. A password manager utility is essential and they remember your passwords for you and also enter them when you need to login somewhere, like at a website in a browser. They can also help you generate secure passwords.

Don’t forget to use a suitably complex master password for your password manager. It may be hard to remember, but at least you only have to remember one. Write it down and store it somewhere safe and not obvious. A sticky note attached to the computer screen is not a good place!

LastPass password generator
Generate complex passwords with LastPass

Web browsers have built-in password managers, but many people like to use a third party one because they have more features. Popular free password managers include Bitwarden, LastPass and KeePass. There are many paid password managers like Dashlane, RoboForm, 1Password, LastPass and so on.

3 Change your passwords

It is very tempting to use the same password across multiple sites, services and apps because it simplifies things. You may have one or more passwords that you have re-used. Get rid of them by changing any password that is used twice or more.

The problem with using the same password for several online sites and services is that if a hacker somehow gets hold of your password, they can use it to get into everywhere you have used it, creating multiple security problems.

You should also check whether your passwords have been exposed in security breaches. You can check whether passwords have been leaked in security breaches at Have I Been Pwned.

4 Avoid web browser extensions

Web browser extensions are a security risk. The problem is that extensions have a lot of permissions and can usually see everything on the web pages you visit. This may include login details like usernames or email addresses, passwords and more. Extensions can track your location, see your browsing history and much more.

Not all browser extensions are bad, but some have been found to collect information and transmit it to some server on the internet or to inject adverts, change links, and even insert malware.

If you install browser extensions, you are putting a lot of trust in the developer not to spy on you or collect information. I went to the Chrome Web store and clicked an extension at random, one of the highlighted ones. On selecting the Privacy tab, this is what it showed.

Chrome extension privacy notice. Some extensions track your activities
Some browser extensions track you

It collects personally identifiable information, authentication information, location and user activity. What does all this mean exactly? Just take a look at the screenshot – does this extension really need to do this?

This is what it can or might do, it does not mean that it actually does all of this or that the information collected is misused, but it has the potential to do all of this. It can collect your name, email address, age, passwords, security questions, PIN numbers and so on.

It is best security practice to avoid extensions altogether, but if you must have them, keep them disabled and only enable them when you need them. Don’t let them run all the time.

5 Use a VPN – when out, even at home?

If you work away from the office or home on a laptop computer (or even a phone), you will no doubt make use of Wi-Fi hotspots in cafes, hotels, airports, trains and stations, shopping malls and so on. Wi-Fi is everywhere these days, but security may be low at these public hotspots and there is no guarantee that they do not track you, monitor your activities or gather information about you.

Some Wi-Fi hotspots do not have any encryption and have an open connection that anyone can join. Who knows what the owner or other people on the network are doing? A little better are those that have encryption and require login with a password, but even these are not perfect. Most monitor, filter and possibly log your web browsing activities.

A VPN adds security and privacy when using public Wi-Fi hotspots and it creates an encrypted connection to the internet that lets you browse the web without the hotspot owner or anyone else on the network being able to see what you do. It also unblocks the web and bypasses the hotspot’s filters, which are sometimes very restrictive.

There are many VPNs to choose from, but here is a list of my favorites, most of which I have used at some point: NordVPN, Ivacy VPN, PureVPN, Hide.Me, Surfshark.

6 Encrypt sensitive and private files

What if your computer was stolen? What if someone got their hands on it? Could they access your files? Yes, they could if the contents of the disk are not encrypted. The computer could be booted up or the disk could be removed and attached to another computer to read all your personal files and private information.

Not all files on the disk are important, but we all have information on the computer’s disk that we would rather not fall into the hands of a thief or hacker. Things we need to remember, like bank details, accounts, maybe saved scans of important documents and so on.

VeraCrypt is a good free encryption utility. Go to the Tools menu and select Volume Creation Wizard. The simplest option is to create an encrypted file container. Follow the instructions, which are very easy, and create a file as big as you need, such as 5, 10 or 20 GB.

Create encrypted storage with VeraCrypt
VeraCrypt encrypts whole disks or creates its own encrypted containers

After creating it, return to the main VeraCrypt window, select a drive letter, select the file and mount it. It looks and works just like an extra disk drive on the computer. Any files stored in it are inaccessible when the drive is unmounted.

If you just want to secure a few files like your bank details, a scan of your passport or whatever, Encrypto from MacPaw is a good free utility. It is tiny program that displays a little window on the desktop. Drop a file on it and it encrypts it with a password. Encrypted files dropped on the window are decrypted, provided you have the password of course. Don’t forget to delete the original unencrypted file.

7 Encrypt the disk

It is best to encrypt the whole disk (SSD or HDD) so that nothing can be accessed without your authority. BitLocker can do this, but it is only available in certain versions of Windows and not the most common Home edition. To see if you have it, click the Start button and type ‘bitlocker’ or use the search box in the top right corner of the Control Panel window.

If Windows does not have BitLocker, there are alternatives and VeraCrypt enables you to encrypt whole drives, even the startup drive. After encrypting it, the computer can only be started by entering the password with massively increases security. Obviously, if you forget it, you will be in serious trouble, so write it down. Backup the disk before encrypting it for safety.

8 Secure backups with encryption

It is easy to forget that backups on external disks are a security risk. Even if you encrypt all the files on your computer, the USB backup drive next to it might contain all your files unencrypted. External drives are easy to steal, so your data needs protecting.

Any good backup software will offer to encrypt backups and password protect them for security so that only you can access the contents. Every backup app is different, so look in the configuration settings for the option to encrypt data.

9 Avoid clicking popup messages in browsers

Be very suspicious of any messages that appear on visiting a website saying that you must install or update something. This used to be common with Flash and a fake installer would not install Flash, but some adware or malware.

Flash is dead now and no-one uses it, but malware creators have just moved on to other things. They may tell you that Chrome needs updating, a plugin or extension must be installed, and so on. Whether it is a popup message or whether it appears on the page in the browser, leave the site if you are asked to install or update anything. It is a scam.

10 Avoid clicking links in emails

Phishing emails are very common, but they seem to vary with the email service. Perhaps some automatically filter them out. I don’t know why, but they are more common with some email services than others.

Phishing emails are often easily spotted when you know what to look for, like not mentioning you by name. ‘Dear customer’ or ‘Dear bob234@…’ are dead giveaways. No matter how convincing an email is, don’t click links in them. Always open a browser, go to the website, like your bank, Amazon, PayPal, Apple, Netflix or whoever, and login to your account. You will see messages or notifications if there is a problem.

11 Update Windows

Windows used to let you disable updates, but it is hard with Windows 10. However, they can be put off for a time. Do not put off Windows Update, in fact, it is a good idea to check for updates and get them sooner rather than later because they always contain a number of important fixes for security flaws.

Press Windows+I in Windows 10 to open the Settings app and click Update & Security. Click Check for updates and install them if they are available.

12 Update software

Software can contain security flaws and should be kept up to date. Web browsers will automatically update with new features, bug fixes and security patches every so often, but it is possible to get them early by manually checking for updates. In Chrome and Edge for example, open the menu and select Help, About. It checks for an update and downloads it and installs it if one is available.

Other software may also have security fixes, so find out how to update it. Often there is a Check for updates menu option. There may be an option in an application’s settings to automatically check for updates.

13 Enable the firewall

A firewall prevents unknown and malicious incoming network connections from the local network or the internet. It basically keeps hackers and malware out. It should be enabled by default, but don’t just assume this, check for it.

Press Windows+I to open Settings and type ‘firewall’ into the search box. Click Firewall and Network Protection to open Windows Defender Firewall. Many Control Panel functions are now in the Settings app, but Windows Firewall is still there if you want to access it that way. Make sure it is turned on.

14 Enable all Windows Security features

Windows 10 has good security built in and it is all some people need to keep their computer and files safe from malware. It should be enabled automatically if you do not have any other security software installed, but it is a good idea to check that this is so.

Windows Security features in the Windows 10 Settings app
Make sure Windows Security features are enabled

Press Windows+I to open the Settings app and click Update & Security > Windows Security. The protection areas should all say ‘No actions needed’. Click Open Windows Security to open the app (it can also be opened by clicking the shield icon in the popup panel in the taskbar). Everything should say ‘No action needed’. Investigate any item that says anything else. It may be that something is turned off and this is a security risk.

15 Use antivirus software

There was a time when Windows came with no security software at all and everyone had to use third party applications. Although Windows Security is included in Windows 10, some people still prefer a third-party app because they usually provide even more security than is bundled with Windows.

If Windows Security is not sufficient and you want to go further than the basics, such as protecting online browsing, credit cards and other important information, there is no shortage of alternatives. Try Avast, AVG, Trend Micro, Bitdefender, McAfee to mention just a few.

16 Use a standard user account

If you are the only user of the computer, you have an administrator account. This has the most power and permissions. You can do anything. This also applies to malware if it gets onto your computer somehow. Limit what malware can do by using a standard user account, which has fewer permissions.

Open the Windows 10 settings app and click Accounts > Family & other users. Create a new account by clicking Add a family member or Add someone else to this PC. It tries hard to get you to sign in with a Microsoft account or email account, but at every step of the way there is an option to skip it. For example, click I don’t have this person’s sign-in information on the first step and Add a user without a Microsoft account on the second step. Eventually you get to a step where you can simply create a username and password.

There are some limitations with a standard account and occasionally you will need to login with your admin account to do things like install software or configure Windows settings, but use the standard account as much as you can to increase security.

17 Set User Account Control to high

User Account Control prevents programs from making changes to Windows. When a program tries to change something non-trivial, a message appears on screen warning you and there is an option to allow it or block it. It is a useful security feature that prevents malicious apps from doing things you do not want.

User account control settings in Windows 10
Set Windows User Account Control to increase security

Open the Windows 10 Settings app and enter ‘User Account Control’ into the search box. Click it in the search results and then set it to one notch below the maximum setting. This is the best combination of security and ease of use. It is more secure on the highest setting, but also more irritating as it is more easily triggered.

18 Set a password for screen saver

Whenever you leave your computer, press Windows+L before you walk away. It locks it and it can only be used again by entering your password. This prevents anyone else in the office or home from using your computer without your permission. If it was unlocked, they would have admin access.

Another security tweak is to set screen saver and set a password. If you forget to lock your computer when you walk away, perhaps to get a coffee or for a break, the screen saver will be activated and it will prevent anyone else from using the computer.

Windows screen saver selection and settings
Set the screen saver to resume to the log-on screen for security

Open the Settings app and type ‘screen saver’ into the search box, then click it in the results. Select a screen saver like Mystify or Ribbons, which hides whatever you are working on, and tick the box On resume, display log-on screen.

19 Enable controlled folder access

Controlled folder access is a Windows security feature that prevents programs from changing files and folders they have no business in changing. It limits the damage malware can do and can help to protect from ransomware, which encrypts your files until you pay a fee, sometimes a very large fee.

It is a powerful security feature, but it can prevent some programs from working properly, so it is a feature you may not be able to live with. Turn it on and see if there are any problems with the software you use. It can always be turned off if necessary.

Controlled folder access security settings in Windows 10
Controlled folder access helps to protect against ransomware

Open the Settings app and enter ‘controlled folder access’ into the search box then click it in the search results. It is a simple on/off switch and when it is on, there is an option to allow an app to bypass it. Try it if there is a problem with an app. Turn it off if there are too many problems – it depends on what software you use.

Leave a Reply