Back up your data. This one actually has a preamble: Organize your data. If you have 1GB of critical volatile data and 50GB of extraneous filler that’s duplicated elsewhere or that you downloaded for a one-time read (PDFs are notorious culprits) and haven’t deleted yet, there’s no reason to back up all 51GB of it (nor is your out-of-control file system an excuse to let this slide — make the time and keep your data organized rolling forward).
Then back it up. If you’re backing up to an external drive, scan it periodically with your security software, then be sure you’re only connecting the drive to secure and up-to-date systems. If you’re using an online file-sharing service like DropBox or Google Drive, ensure that your security software is scanning these locations as well. Google says Google Docs will automatically scan files for viruses, but it’s not clear if that applies to all files stored on Google Drive. And DropBox doesn’t appear to offer virus or malware checking of any kind.
Follow the “principle of least privilege.” Do you really need to run your personal computer with administrative privileges? If not, consider creating a basic user account for day-to-day operations and keeping the administrative account on standby for truly “administrative” duties. By minimizing what your computer can and can’t do, you’re also dramatically minimizing the harm malicious software can inflict. Give it a shot — you can always switch back.
Set your computer to require a password for sleep or screen saver (and disable automatic login). Think of it like establishing an auto-locking mechanism on a file cabinet — another way to protect yourself, say you have to step away from your computer in a public space, or your computer’s stolen. The only inconvenience to you: entering your password at startup, or when your computer wakes up.
Avoid behavior that could compromise your computer. You know the drill: Don’t share passwords, don’t use ridiculously obvious passwords, ignore requests sent from anyone asking for password or passphrase info, and curtail any insecure behavior (or settings) on social networking sites like Facebook.
Don’t download software you’re not familiar with, and by all means don’t launch an executable that’s suddenly appeared as if from nowhere.
What you do on the Internet is your business, but know that visiting certain sites (pornographic, illicit file-sharing, etc.), given their often less-than-stringent security standards, may (and probably will) increase your exposure to harmful software.
Beware of (and don’t respond to) phishing emails. Don’t click on links you’re unfamiliar with, whether in your browser or email. And remember that just because the text of a link sent by email appears to be valid, i.e. it looks like the web address of your bank or credit card company, it may be masking a completely different link — if you hover over the link, it should pop up a dialogue box that shows where it’s actually pointing. Always check this first to be sure the link is valid.
And please, don’t forward chain mail. Malicious or no, it’s annoying.
Consider encrypting your data. Encryption won’t protect you from stuff like DNSChanger or other non-data-specific malware, but it’s worth looking into file or drive encryption options, especially if you’re starting to store sensitive data in the cloud. I know, it sounds like an extreme security measure given the complexity involved in setting it up, and you need to be very careful that you don’t forget or lose an encrypted file or volume’s password, but as we start moving our data from local to cloud-based storage en masse, encryption as an additional security option ought to at least be on your radar.
If you have security-illiterate relatives or friends, offer a helping hand. I’ve always felt it’s incumbent on those of us who know how, to help those who don’t (within the bounds of reason, of course — you can’t be full-time tech support for everyone). And there’s an often overlooked perk: If the people you communicate most with are secure, chances are you’ll be safer, too.
If you have friends or family you know aren’t running security software (or you suspect might not be), or who don’t routinely update their devices, consider taking the time to explain why it’s important, then help them get started (as opposed to waiting for the call to come after their computer’s been compromised). Or just advise them to take advantage of support resources they might otherwise not think to in securing their system, say the support services offered by the manufacturer of their computer, or a free advisory and diagnostic service (for Mac users) like Apple’s Genius Bar.