Security & Safety Resource Center

You should set up a lock screen PIN on your phone or tablet. However, make it something more complex than “123456” or “111111” as those choices are relatively popular and would be at the top of the list of anyone trying to guess their way into your device.

Depending on the device and OS version, it may be possible to sideload apps in Android. This simply means installing an app without going through an official app store. Sideloading can be dangerous since the app in question isn’t automatically vetted for security flaws or updated with the latest patches and fixes.

iOS can save all of your logins automatically. When you open the list of them under Settings -> Passwords & Accounts, you might see an exclamation mark next to some of them. That indicates that they match another saved login, which is risky since reused passwords are easier for someone to guess.

On an iOS device with iMessage enabled, it’s possible to filter out any iMessages from senders who aren’t in your Contacts. Simply go to Settings -> Messages and enable “Filter Unknown Senders.” This can reduce the risk of phishing and harassment.

If you use Instagram, you can add more protection to your account via two-factor authentication. Once enabled, it requires an additional credential upon login. You can choose between receiving a text message or a code sent to an authenticator app. The latter is more secure.

If you backup an iPhone via Finder on a Mac, there should be an option to encrypt your backup. This provides an extra layer of security for the data pulled from your phone.

Be wary of free downloadable software. There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.

Most email clients offer an option to report a message as spam or junk. If your email client has that option, take advantage of it. Reporting messages as spam or junk helps to train the mail filter so that the messages aren’t delivered to your inbox. However, check your junk or spam folders occasionally to look for legitimate messages that were incorrectly classified as spam.

Apple iOS can restrict the access of certain hardware and software to a device while it’s locked. It’s important to prevent USB devices in particular from being able to connect to a locked iPhone or iPad. Open Settings -> FaceID & Passcode (or TouchID & Passcode) and scroll down to make sure USB devices aren’t permitted lock screen access.

This is a bit technical, but changing the DNS settings on your PC or Mac can lead to a speed increase and potentially protect your privacy, too. Switching from your internet service provider’s default DNS to another like CloudFare or OpenDNS might mean your activity isn’t retained in a log, all while you see a modest speed boost from more efficient site lookups. Searching for “change DNS” for more detailed step-by-step guides.

Ransomware detects the drives on an system that is infected and starts encrypting the files within those drives. Ransomware usually adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .xyz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted — the file extension used is unique to the ransomware type. When the ransomware has completed file encryption, it creates and displays a file or files containing directions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files.

When you first install a web browser on a new computer, it will not usually have secure settings by default, you will need to adjust your browser’s security settings manually. Securing your browser is another critical step in improving your computer’s security by reducing attacks that take advantage of unsecured web browsers.

If you have a Mac and need to share it with someone, you should set up a Guest account before doing so. This can be done from System Preferences -> Users and Groups. A Guest account provides minimal features, so that the user cannot do any damage to the operating system or your data.

Windows 10 ships with its own integrated security tools, which do a good job at keeping basic threats at bay. However, adding more protection is prudent. Platforms like Total Defense Ultimate Security provide comprehensive protection from viruses, phishing, ransomware and more.

In most instances of malware infection, the malware can operate only using the privileges of the logged-in user. To minimize the impact of a malware infection, consider using a standard or restricted user account (i.e., a non-administrator account) for day-to-day activities. Only log in with an administrator account—which has full operating privileges on the system—when you need to install or remove software or change your computer’s system settings.

Mainstream support for Windows 7 is ending in 2020. That means continuing to run it will come with major security liabilities. If it’s on your main PC, consider upgrading to Windows 10. Replacing Windows 7 with a free Linux-based operating system, like Debian or Ubuntu, is another option.

Windows 10 provide many alternatives to signing in with a password. One that might be worth exploring is called Dynamic Lock, which involves pairing a phone with a PC via Bluetooth and allowing the computer to remain unlocked as long as the phone is in range.

Sometimes, slow PC performance is attributable to malware. Other times, it’s due to more mundane reasons like a slow hard disk drive (HDD) or solid-state drive (SSD). To avoid the latter issue, schedule defragmentation if your PC uses a HDD (the operating system will know this automatically). For SSDs, the equivalent maintenance operation is called TRIM and is usually enabled by default, unless you are using a very outdated operating system, in which case you should upgrade it.

When you log into a Google Account, sometimes you’ll see a prompt to add or update a recovery phone number and email address. Adding a phone number in particular is a highly effective way to ensure that you can access and recover your account if you’re ever locked out of it, or if someone else has gained access.

If you use Facebook, it’s a good idea to periodically download your data so that you have a copy in case anything were to ever happen to the site or you decided to leave the platform. You can do so from Settings -> Your Facebook Information -> Download Your Information.

Like removing unnecessary software, modifying or deleting unnecessary default features reduces attackers’ opportunities. Review the features that are enabled by default on your computer, and disable or customize those you don’t need or don’t plan on using. As with removing unnecessary software, be sure to research features before modifying or disabling them.

Intruders can attack your computer by exploiting software vulnerabilities, so the fewer software programs you have installed, the fewer avenues there are for potential attack. Review the software installed on your computer. If you don’t know what a software program does, research the program to determine whether or not the program is necessary. Remove any software you feel isn’t necessary after confirming it’s safe to remove. Back up important files and data before removing unnecessary software to prevent accidentally removing programs that turn out to be essential to your OS.

When you connect a computer to the internet, it’s also connected to millions of other computers—a connection that could allow attackers access to your computer. Although cable modems, digital subscriber lines (DSLs), and internet service providers (ISPs) have some level of security monitoring, it’s crucial to secure your router—the first securable device that receives information from the internet. Be sure to secure it before you connect to the internet to strengthen your computer’s security.

Use the strongest, longest password or passphrase permitted. Don’t use passwords that attackers can easily guess, like your birthday or your child’s name. Attackers can use software to conduct dictionary attacks, which try common words that may be used as passwords. They also conduct brute force attacks, which are random password attempts that run until one is successful. When setting security verification questions, choose questions and answers for which an internet search would not easily yield the correct answer (e.g., your pet’s name).

Emails that appear to come from a legitimate source and websites that appear to be legitimate may be malicious. An example is an email claiming to be sent from a system administrator requesting your password or other sensitive information or directing you to a website that requests your information. Online services (e.g., banking, ISPs, retailers) may request that you change your password, but they will never specify what you should change it to or ask you what it is. If you receive an email asking you to change your password, visit the site yourself instead of clicking on any link provided in the email.

Facebook sends a lot of emails. If you don’t like them filling up your inbox, you can turn them off on Facebook’s site at Settings -> Notifications -> Email. Doing so will also make it easier to spot any fake emails in the future, from services claiming to be Facebook.

If you’ve signed up for online accounts and services, you likely get plenty of emails, some of them interesting and others not so much. It’s important to unsubscribe from, or block outright, any emails that look like phishing attempts (e.g., asking you to reply with personal information). Most emails from mailing lists have unsubscribe buttons at the bottom. Blocking procedures vary between mail services.

Many marketing emails contain invisible pixels for gauging if someone opened them. These can help ensure, through targeting, that recipients see only the most relevant emails. However, if you’re concerned about tracking, you can turn them off. Explore your email client’s settings for one that disables all images/remote content, or do so on a message-by-message basis.

All storage drives deteriorate over time and become prone to failure. For traditional hard disk drives, this can happen in as few as four or five years. Free drive cloning utilities like Macrium and Clonezilla can create complete copies of an existing drive on a new disk. That means that you can usually insert the newly cloned drive into a PC and it’ll boot and work like it always did.

Backing up your files is essential not only for preserving important photos and documents, but also for having recourse if your computer is ever attacked. On Windows 8 and 10, you can use File History to back up to an external hard drive over USB. In Windows 7, Windows Backup does mostly the same thing. In macOS, the built-in Time Machine is your best bet for local backup.