Home Computer Security Guide

Purpose of Guide

OverDrive IT has published these suggestions for the work from home user who is accessing corporate resources from a home computer. This guide is a walk-through of practical steps a user can take to ensure their work from home computer is reasonably secured, protected, and performing optimally.
Table of Contents

Windows 10

1. Am I protected by an antivirus?

2. Is my Windows Firewall turned on?

3. Is my computer up-to-date?

4. Is my data backed up?

– Cloud Backup

– Direct Attached Backup

5. Are any unnecessary programs installed?

Windows 7

Mac Computer

Network

1. Router / Modem

2. Wireless (WiFi)

3. Other Devices

Disclaimer

Windows 10

Your home computer is Windows 10. That means by default, the bottom-left corner of your screen looks about like this:

Please make note of “Type here to search” — this is called Windows Search and will be referenced frequently.

There are five main considerations for your Windows 10 computer. They are:

1. Am I protected by an antivirus?
2. Is my Windows Firewall turned on?
3. Is my computer up-to-date?
4. Is my data backed up?
5. Are any unnecessary programs installed?

1) Am I protected by an antivirus?
Having an antivirus program running helps ensure nothing malicious can attack or hijack the computer, including using your computer to attack, infect, or otherwise compromise other computers.

The good news is that even if you don’t have an antivirus that you’ve purchased or been provided, Windows has a great antivirus — Windows Defender — built-in, and it’ll even tell you if it has detected that another antivirus program is running.

You can access Windows Defender by typing “security” into your Windows Search and clicking the “Windows Security” app:

 

From there, click on “Virus & threat protection”:

 

This screen will allow you to verify that Windows has detected and is interacting with your installed antivirus (if any), and if not, it will confirm that Windows itself is protecting you. If there are any red Xs or other indicators for a problem or disabled service, we recommend clicking on them for more information and allowing the computer to take corrective action e.g. enabling Windows Defender or checking for antivirus updates.

2) Is my Windows Firewall turned on?
Windows Firewall helps make sure your computer is protected from other electronic devices, which can include computers, gaming consoles, and even TVs that have been compromised by a virus or other hack or attack, or that are attempting to access resources on your computer without your permission.

Windows Firewall is accessible by typing “check firewall” into Windows Search and selecting “Check firewall status” app:

 

Once there, do you see this icon next to each “Domain networks,” “Private networks,” and “Guest or public networks?”

 

If you do, great! Windows Firewall is enabled and ready to protect all connection types.

If not, please click on “Turn Windows Defender Firewall on or off” down the left-hand side. From there, ensure the proper radial option is selected to enable Windows Firewall for each connection type.

Please note that Windows Firewall is occasionally disabled as a means of troubleshooting desired connections that aren’t working properly, including but not limited to network printers, file sharing, and streaming from your computer to another device. If re-enabling Windows Firewall causes a malfunction, please research the correct way to configure your specific product or service to work with Windows Firewall as opposed to disabling the securities altogether. The same way you wouldn’t want to leave all your doors and windows unlocked if a delivery person couldn’t bring you a package, it’s never recommended to leave Windows Firewall completely disabled.

3) Is my computer up-to-date?
We all despise seeing the dreaded “Windows is updating, please don’t turn off your computer” when we’re either in a hurry to get started or shut down, but in spite of that, Windows Update is very important! Those updates can address anything from programs running poorly or crashing to making sure you’re protected from the latest threats going on in cyberspace.

To check if your computer is updating properly, type “windows update” into Windows Search and select the “Windows Update settings” app:

From there, verify your computer has checked for and applied updates recently. For instance:

If your computer hasn’t checked for updates recently or is having trouble, Windows will typically provide you an explanation and/or an error message. We recommend processing or researching the error as recommended by the computer and taking officially prescribed steps to resolve the problem and resume updating.

You may see an option available for what’s called a “Feature Update” as depicted below. Feature Updates are large, significant updates which are currently released biannually by Microsoft and are more oriented to improving Windows 10 itself. Installing a Feature Update manually is entirely at your discretion; eventually, the Feature Update will install automatically. However, because it can take 30+ minutes for a fast computer and 1.5+ hours for older computers, we highly recommend installing available Feature Updates at a time you will not be inconvenienced.

Next, we suggest clicking into and reviewing your “Advanced options” which can improve the update experience:

Many of the settings in this page are advanced and preferential, but we highly suggest toggling “On” the setting depicted below; this will ensure that other installed Microsoft products such as Microsoft Office (including Office 365) will be updated automatically alongside Windows:

4) Is my data backed up?
We’ve all heard about “ransomware” — an attack that will basically lock up your files, folders, and information (collectively data), and demand an amount of money from you for it to be unlocked and returned to normal — but what about your child, niece, nephew, that errant glass of water, or your well-meaning but clumsy dog? Data loss is most commonly the result of an accident.

If your computer were to experience such an event right now, what would the impact be? Can you reproduce your family photo albums, years of journals, school work, or whatever else might be important for you? If you can, at what effort and cost? If the idea of answering these questions — much less going through the actual event — brings you anxiety, odds are you could benefit from the peace and comfort that your computer’s data is protected. In a perfect world, work and professional data wouldn’t be stored on a home computer — but if it is, you’d certainly want to protect that too.

Generally speaking, there are two primary methods of backup to choose from (albeit you can always do both): one is Cloud and the other Direct Attached. OverDrive IT does not recommend specific vendors except to recommend doing your research to ensure your solution is from a reputable vendor.

4.1 Cloud Backup
Cloud backup is a system where your computer runs a program, and that program will back up your data to “The Cloud” (read: a secure place accessed via the Internet). The most common example of this is Carbonite.

Cloud backup programs differ in what they back up (e.g. some of them may not allow videos or other large files), how much they allow you to back up before incurring additional charges, and whether or not they’re a “bare metal” backup: meaning a backup that can be used to recover the entire computer including all your programs, files, settings, and so forth as opposed to the more traditional data-only backups that will backup files and folders (e.g. Word documents) but not programs (e.g. the Word program which is used to open Word documents).

Cloud backup is the generally preferred way of doing backup, but it often comes as a monthly subscription and, depending on the amount of data on your computer, how frequently it changes, and the speed of your Internet connection, is not always ideal for low-speed connections (e.g. satellite and low-end DSL). Additionally, while most reputable vendors will commit to the privacy of your data, the reality becomes that you’ll be storing your data on someone else’s computers and no matter their commitments, we all hear enough of the news to know that data breaches do occur and there is always an inherent risk to the privacy of any data stored via the Internet.

4.2 Direct Attached Backup
Direct attached backup is a means of backing up your computer to a device attached to the computer, most commonly a USB drive (a.k.a. thumb drive, flash drive, external hard drive, etc.).

There are generally two ways for a direct attached backup to work: manually or automatically (via a program). Manually involves plugging in your drive and manually copying the files, folders, and other data you want to have backed up. Alternatively, automatic backups can occur if you purchase and set up a program that will generate backups to your attached device; these backups can range from selected files and folders all the way to the aforementioned bare-metal backups. Occasionally, programs to generate automatic backups come bundled with the purchase of certain USB and other drives.

Direct attached backup is considered less reliable than Cloud because USB and other drives can fail or malfunction and because your data would still be lost in event of a significant event e.g. house flood or fire. Steps can be taken to mitigate that, e.g. purchasing two separate drives and rotating them in and out of fireproof boxes, but the complexity of that can be off-putting. One of the benefits of direct attached backup is that typically, the USB and other drives and also (but not always) a program selected for automatic backup are all one-time expenses that, over time, represent cost savings over a Cloud backup subscription.

5) Are any unnecessary programs or add-ons installed
Over time, your computer can accumulate unnecessary or outdated programs and add-ons (anything that adds on to or extends the function of an existing program). Generally, it’s recommended to check in once or twice a year to review your computer’s installed programs and remove anything that’s no longer needed, including software for devices you no longer have (printers, cameras, GPS, etc.), games you aren’t playing, or services you aren’t using. Some of these programs will even run in the background when the computer starts which can impact its performance.

To access your computer’s installed programs, type “programs” into Windows Search and select the “Add or remove programs” app:

From there, select any unwanted programs, and click Uninstall. Please note that if a program is unrecognized, it is not necessarily safe to remove it; we recommend a simple Google search for any programs you do not recognize to determine if it is a program that can or should be removed. For example, Microsoft’s .NET Framework and C++ Runtimes may not sound important, but removing them can cause other programs to stop working properly.

Typically, add-ons are managed from within other programs, and the most common (and commonly problematic) add-ons are those found in your Internet browsers.

Regarding Internet browsers: we recommend routinely reviewing and policing your add-ons and extensions to ensure they’re limited to as few as possible, taking care especially to avoid search “helpers” (that will solicit you with advertisements), “converter” plugins especially PDF creators and YouTube downloaders (common targets for malware), toolbars that will insert themselves into your browser and interact with you and what you’re doing, and anything else that provides “free” functionality you would typically pay for; many of these come at a hidden cost, which is usually solicitation at the least and invasion of your privacy at the worst.

Please see the following article from Microsoft for instructions regarding add-on and extension management in the most common Internet browsers (Microsoft Edge, Google Chrome, Mozilla Firefox, and Apple Safari): https://support.microsoft.com/en-us/help/4027935/microsoft-edge-add-or-remove-browser-extensions

Windows 7

Your home computer is Windows 7. That means by default, the bottom-left corner of your screen looks about like this:

We recommend against continuing to use Windows 7; support for Windows 7 was discontinued by Microsoft on January 14, 2020, and ever since, countless exploits have emerged to take advantage of the fact that Windows 7 will no longer be patched, secured, or supported. We recommend you review the following article from Microsoft: https://support.microsoft.com/en-us/help/4057281/windows-7-support-ended-on-january-14-2020

Please note that if your Windows 7 computer is healthy and as up-to-date as it can be, there should be a Windows 10 icon in your taskbar (circled in red):

We recommend right-clicking this icon and selecting “Check your upgrade status” to determine if your Windows 7 computer is Windows 10 compatible. If it is, Microsoft’s article can guide you through the upgrade process and cost assuming you would prefer to upgrade over purchasing a new computer. As a rule of thumb, we generally recommend purchasing a new computer if your current computer is more than 3 years old considering how a combination of circumstances have probably already begun contributing to the computer’s declining performance and reliability.

If you must continue using your Windows 7 computer, the Windows 10 steps and considerations still apply, albeit you’ll need to locate items in the Windows Control Panel as opposed to using Windows Search.

Antivirus and firewall:
Start > Control Panel > System and Security > Action Center

Windows Update:
Start > Control Panel > Windows Update

“Add or remove programs”:
Start > Control Panel > Programs and Features

Browser add-ons/extensions:
Unchanged from Windows 10 instructions.

Data backup:
Unchanged from Windows 10 instructions (assuming software is Windows 7 compatible).

Mac Computer

Generally speaking, Macs are superior to Windows-based computers in terms of self-maintenance and regulation when not centrally managed as part of a larger network. However, many of the same considerations apply.

We recommend the following article without endorsing any of the linked or paid utilities; while viable utilities are certainly out there, we recommend completing your own research (especially considering the article was originally published in late 2018). That article is: https://macpaw.com/how-to/do-maintenance-on-mac

Network

1) Modem / Router

You’re connected to the Internet. How? Typically, an Internet service — usually Comcast or AT&T — comes into your home through a cable which then connects to a modem or router that you may rent or own. (This section does not apply to hotels, apartments, etc. or other places where you do not own the relationship with the Internet Service Provider [ISP].) The ISP’s provided device can, but doesn’t necessarily always, provide your wireless (WiFi) connection as well.

Making changes to these devices can be highly technical and involved. Instead, we’re going to focus now on the most basic but important step you can take to secure your device: changing its default password (if you haven’t already). This will protect your Internet connection from being misappropriated using the default password.

Please note that if these steps are intimidating, you are always able to call your ISP’s support where they would be able to walk you through making these changes and sometimes, can even make the changes on your behalf. Naturally, there’s a trade-off with potential hold times and customer service difficulties.

Support numbers for common ISPs are:

– AT&T: (800) 288-2020
– Comcast: (800) 391-3000
– HughesNet: (866) 347-3292
– Spectrum: (855) 620-7860

Otherwise, please take the following steps:

First: Locate the device your ISP provided you.

1. Make note (we recommend taking a picture) of the device’s make and model.

2. Check to see if the device has a sticker, tag, or pull-out tag stating its IP address — a series of numbers separated by dots; for example, 192.168.1.254 or 10.0.0.1 — and/or the username (examples include admin, administrator, cusadmin) and password required for access; make note (again, taking a picture is recommended) of any such information.

Here are a couple of examples:

Second: Return to your computer.

1. If your device had a sticker, tag, or pull-out tag stating its IP and username and password, skip to Step 4; if it had username and password only, skip to Step 3; else, continue reading.

2. Open an Internet browser (Chrome, Safari, Edge, Firefox), go to google.com, and search for the make, model, and ISP of your device followed by the “default password.” For example: “Arris TG1682G Comcast default password”

> Locate a reputable website (e.g. provided by the ISP or a well-known brand) that provides you with the default username and/or password for your specific device; if you see a result from “setuprouter.com,” it is also a website we recommend

3. Go to your Start menu, type “cmd” (minus quotes) and select Command Prompt.

> Type “ipconfig” (minus quotes) and press Enter. Look for and make note of the “Default Gateway.” This will be a series of numbers called an IP address, and examples include: “192.168.1.254”, “10.0.0.1”, or the “192.168.1.1” depicted below.

Here’s an example (arrow for emphasis):

4. Into your browser’s address bar where you’d usually type a website, put instead the IP address you’d noted for the Default Gateway and press Enter. Examples: 192.168.1.1 or http://192.168.1.1 (some browsers require the 2nd format)

> You should be presented with a login screen or the option to log in to your device. This is where you will put in the default username and password you’d either made note of or discovered from the Internet.

> Where you go from here will vary drastically from device to device. Some devices may prompt you with a warning that you’re using the default password; this is good, and is the easiest method of changing the password. Otherwise, you will need to locate the ability to change the password. It may be located under settings ranging from Security to Users to Administration and your best option may simply be to navigate through the options until you find the means of changing the password

> Once the ability to change the password is located, considerations for your password include:

– Using a strong password. These days, a long password “Thisismysuperpassword!2020” is considered to be much stronger than “h1&OYm_9i” — here’s a delightful comic explaining this: https://xkcd.com/936/

– Using a password you can safely store or remember. Products exist for storing your passwords safely and securely, albeit the preferred option is a solution that cannot be hacked or broken into: storing it in your mind.

– Using a unique password. it is considered ideal to come up with a formula to make all of your passwords different, even if they follow a pattern — assuming the pattern isn’t easily identified if one or more of your passwords are compromised.

Voila! You’ve now changed your device’s default password: a significant step in improving your network’s security.

2) Wireless (WiFi)

Important acknowledgments before proceeding:

The changes we suggest in this guide assume that your house consists of modern devices connecting to a modern network. If you are using older devices (electronics with WiFi more than 5 years old), these suggestions may cause your devices to stop connecting. If that applies to you and the disconnection of those devices will unreasonably inconvenience you, we recommend introducing these changes one at a time until the impact (if any) can be assessed, and if an adverse impact occurs, you can then choose whether you want to undo that particular change (acknowledging it may introduce security risks to your wireless network).

Why is wireless network security important? If a bad guy is able to access your wireless network, they’re able to interact with any device that’s connected to your home network; at the least, they’ll be able to use your Internet, and at the most, they’ll be able to do anything from trying to break into any network-connected cameras to changing your thermostat to trying to “listen in” on the traffic coming out of your computer.

With that, let’s talk about security and the practical steps you can take to make sure the door to your network is shut and locked.

Typically but not always, your WiFi will be managed by the same device providing your Internet access. If you are unsure where your WiFi is managed, please follow the steps for “Modem / Router” above until 2.4.1 (after logging in to your device using the new password you’ve hopefully already changed it to) and search for wireless or WiFi configuration settings. Compare the WiFi settings you’re seeing with the WiFi your phone, computer, or other devices are connected to; if it’s a match, you know your WiFi is being provided by your ISP’s device.

If you know that you are using a separate device e.g. a mesh WiFi kit, wireless access points, or an independent system, these guidelines still apply to you. If required, we recommend referring to your vendor’s website or support for assistance with configuring your specific device(s).

Wireless security is a multi-faceted affair. There are three primary concerns:

1. The type of security your wireless is using. This will use acronyms such as WEP, WPA, and WPA2 along with TKIP, AES, and CCMP, and you may see language such as “Pre-Shared Key” (or PSK) and “Enterprise.”

2. The security of your password. Similar to a computer or other device’s security and per the guidelines in 2.4.3 above, it is important to make your WiFi password secure — but not impossible to remember or explain to people — and different from your usual passwords.

3. Ensuring consistency. Sometimes, for instance with Comcast modems, they broadcast (think: advertise the availability of) two separate wireless networks: one that operates at 2.4 GHz (older; accommodates older devices) and one that operates at 5 GHz (more advanced; only usable by newer devices). If your device operates two networks, you’ll need to make sure they’re both secured properly.

Presumably, you’re ready to secure your wireless, and you’ve confirmed it’s being provided by your ISP’s device. Similarly to the preceding instructions, if this guidance is foreign or intimidating to you, you are typically able to reach out to your ISP for assistance.

Here’s an example of what your WiFi options screen may look like:

Please take the following steps:

1. Ensure your WiFi’s security type (sometimes called protocol or encryption) is set to WPA2. If the WPA2 option is not available but WPA is, that commonly represents a much older device and we recommend engaging your ISP to provide a replacement; they’ll typically do that free of charge.

2. Separately or as part of selecting WPA2, you may be prompted to use WPA2-PSK, WPA2-Personal, or WPA2-Enterprise. Select WPA2-PSK or WPA2-Personal, and if you see an option for “Pre-Shared Key,” select that. This ensures your WiFi will be protected by a pre-shared key (fancy way to say “password”).

3. If prompted for options such as TKIP, AES, or CCMP, please select AES (and not a “TKIP + AES” combined option). Avoid “Mixed Mode” or “Compatibility Mode.”

4. Follow the aforementioned guidelines for selecting a password/pre-shared key that is secure but not unmanageable; the concept of “passphrases” can be helpful.

5.  Verify whether there are 1 or 2 networks (can also be referred to as SSIDs or radios) being provided for WiFi. They’re often separated as either 2.4 GHz and 5 GHz or between a private network and a guest network. (It is highly recommended to avoid guest networks in a personal setting.

> If there’s a 2nd network, apply all the same changes, settings, etc. there to ensure consistent security because after all, if there’s a 2nd network, it’s another avenue into your home network. Having a bank vault for your front door doesn’t make your house secure if the side door is made of styrofoam.

3) Other Devices

By now, most of us have heard the creepy stories about the guy talking to the kids through the nanny cam or the vindictive spouse spying on an ex and posting camera footage to the Internet. These aren’t generally the result of contracted hackers, evil geniuses, or technical people using their powers for evil; in fact, these heinous acts can easily be perpetrated by individuals with minimal (if any) technical expertise assuming they can follow a guide or use Google. Why? More often than not, default settings or reused passwords.

Many of us are turning to electronics in our home. From conveniences such as thermostats and doorbells to securities such as cameras to luxuries including home automation and electronically-controlled lighting, electronics are everywhere. Did you know that every single device that communicates wirelessly is a potential risk?

These devices almost always require, or can be set to require, a password in order to log in and make changes; please ensure that you’ve selected a password and that it follows the aforementioned guidelines for every single device, most especially for cameras, other recording devices, and network devices such as we’ve already discussed and all the others we haven’t (network-attached storage, streaming devices, Smart TVs, and so forth).

“What about my smart lighting kit? Surely there’s no risk in that!” You might be surprised! If the bad guys break into your lighting kit, they can reprogram it to either give them a permanent foothold on your network (without necessarily affecting your lighting) or, at the very least, mess with you and risk breaking it entirely.

Disclaimer

This is a suggestive document provided as a courtesy by OverDrive IT. OverDrive IT is not liable for risks assumed by following these generalized guidelines.

Please contact support@overdrive-it.net regarding any discrepancies or assistance required (acknowledging that home computers are not contractually supported and will incur charges).