Personal Computers
Although Windows and OS X are easy to use and convenient, they both are far from secure. Your OS provides the interface between hardware and your applications, so if compromised can have detrimental effects.
0 out of 35 (0%) complete, 0 ignored
| Done? | Advice | Level | Details |
|---|---|---|---|
Essential | System updates contain fixes/patches for security issues, improve performance, and sometimes add new features. Install new updates when prompted. | ||
Essential | Use BitLocker for Windows, FileVault on MacOS, or LUKS on Linux, to enable full disk encryption. This prevents unauthorized access if your computer is lost or stolen. | ||
Essential | Maintaining encrypted backups prevents loss due to ransomware, theft, or damage. Consider using Cryptomator for cloud files or VeraCrypt for USB drives. | ||
Essential | USB devices can pose serious threats. Consider making a USB sanitizer with CIRCLean to safely check USB devices. | ||
Essential | Lock your computer when away and set it to require a password on resume from screensaver or sleep to prevent unauthorized access. | ||
Essential | Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable or limit their listening capabilities. | ||
Essential | Keep installed applications to a minimum to reduce exposure to vulnerabilities and regularly clear application caches. | ||
Essential | Control which apps have access to your location, camera, microphone, contacts, and other sensitive information. | ||
Essential | Limit the amount of usage information or feedback sent to the cloud to protect your privacy. | ||
Essential | Use a strong password instead of biometrics or short PINs for unlocking your computer to enhance security. | ||
Essential | Shut down your device when not in use, especially if your disk is encrypted, to keep data secure. | ||
Optional | Use a local account only to prevent data syncing and exposure. Avoid using sync services that compromise privacy. | ||
Optional | Disable network sharing features you are not using to close gateways to common threats. | ||
Optional | Use an unprivileged user account for daily tasks and only elevate permissions for administrative changes to mitigate vulnerabilities. | ||
Optional | Cover your webcam when not in use and consider blocking unauthorized audio recording to protect privacy. | ||
Optional | Use a screen privacy filter in public spaces to prevent shoulder surfing and protect sensitive information. | ||
Optional | Use a Kensington Lock to secure your laptop in public spaces and consider port locks to prevent unauthorized physical access. | ||
Optional | Use a power bank or AC wall charger instead of your PC to avoid security risks associated with USB connections. | ||
Optional | Modify or randomize your MAC address to protect against tracking across different WiFi networks. | ||
Optional | Install a firewall app to monitor and block unwanted internet access by certain applications, protecting against remote access attacks and privacy breaches. | ||
Optional | Use key stroke encryption tools to protect against software keyloggers recording your keystrokes. | ||
Optional | Be vigilant for hardware keyloggers when using public or unfamiliar computers by checking keyboard connections. | ||
Optional | Lock your PC when away and consider using USBGuard or similar tools to protect against keystroke injection attacks. | ||
Optional | Rely on built-in security tools and avoid free anti-virus applications due to their potential for privacy invasion and data collection. | ||
Advanced | Regularly check for rootkits to detect and mitigate full system control threats using tools like chkrootkit. | ||
Advanced | Enable a BIOS or UEFI password to add an additional security layer during boot-up, though be aware of its limitations. | ||
Advanced | Consider switching to Linux or a security-focused distro like QubeOS or Tails for enhanced privacy and security. | ||
Advanced | Use virtual machines for risky activities or testing suspicious software to isolate potential threats from your primary system. | ||
Advanced | Isolate different programs and data sources from one another as much as possible to limit the extent of potential breaches. | ||
Advanced | Disable unnecessary Windows "features" and services that run in the background to reduce data collection and resource use. | ||
Advanced | Ensure that Secure Boot is enabled to prevent malware from replacing your boot loader and other critical software. | ||
Advanced | Take steps to protect SSH access from attacks by changing the default port, using SSH keys, and configuring firewalls. | ||
Advanced | Turn off services listening on external ports that are not needed to protect against remote exploits and improve security. | ||
Advanced | Restrict privileged access to limit the damage that can be done if a system is compromised. | ||
Advanced | Deploy canary tokens to detect unauthorized access to your files or emails faster and gather information about the intruder. |