Personal Computers

Although Windows and macOS are easy to use and convenient, they both are far from secure. Your OS provides the environment for your applications and data, so if compromised, it can have detrimental effects.

0 out of 17 (0%) complete, 0 ignored

Done?	Advice	Level	Details
Ignore	Keep your system up-to-date	Essential	System updates contain fixes/patches for security issues, sometimes improve performance, and add new features. Install new updates when available.
Ignore	Encrypt your device	Essential	Use BitLocker for Windows, FileVault on macOS, or LUKS on Linux to enable full disk encryption. This prevents easy unauthorized access if your computer is lost or stolen. VeraCrypt is open-source cross-platform software for full-disk or volume encryption.
Ignore	Backup important data	Essential	Maintaining encrypted backups prevents loss of your data. Consider using Cryptomator for cloud backups or VeraCrypt for other storage media.
Ignore	Be careful with USB devices	Essential	USB devices pose serious threats. Never insert flash drives or SD cards you find into your main PC, treat it as your PC would be having unprotected sex with a stranger. Seriously: a random USB drive has a 66% chance of malware, it can actually be a rogue keyboard or network card masked in a flash drive case, it can physically destroy your PC, or try to kill you, or maybe 29 types of USB attacks will make you treat USB with caution. If your work is with media on external storage, consider making a USB sanitizer with CIRCLean.
Ignore	Activate screen lock	Essential	Lock your computer when away, and set it to require a password on resume from screensaver or sleep to prevent unauthorized access. Set a timeout for lock/screensaver to 3 minutes and increase it gradually until it's usable for you. Working from home is different from working in public spaces. Learn what hotkeys or actions would immediately lock your operating system, and use them daily when stepping away from your computer.
Ignore	Disable Cortana or Siri	Essential	Voice-controlled assistants can have privacy implications due to data sent back for processing. Disable or limit their listening capabilities. Consider using open source software for voice commands.
Ignore	Review your installed apps	Essential	Keep installed applications to a minimum to reduce exposure to vulnerabilities that could be found. This especially relates to older software you don't use and forget, that is supplied with devices. In two years you change the printer, but old drivers keep running etc.
Ignore	Review application permissions	Essential	Modern operating systems have introduced permission control features for applications. Review which apps have access to your location, accessibility services, file system, camera, microphone, and other sensitive information.
Ignore	Disallow data from being sent to the cloud	Essential	Limit the amount of usage information or tracking sent to the cloud to protect your privacy. For Windows, O&O ShutUp10++ is a free and effective tool. For macOS, consider OverSight for microphone/camera monitoring and LuLu for controlling which apps can access the Internet.
Ignore	Understand quick unlock and standby mode implications	Essential	When you restart or turn off your device, before it's unlocked for the first time, it's in the state which is the hardest to hack into. While a sleeping/locked device would also ask to authenticate, it's not the same. Shut down your device when not in use to keep data secure. Use a strong password instead of a short PIN code for unlocking your computer to enhance security.
Ignore	Don't use root/admin account for daily tasks	Optional	Use an unprivileged user account for daily tasks and only elevate permissions for administrative changes to mitigate some of the vulnerabilities.
Ignore	Use a privacy filter	Optional	Purchase a screen privacy filter if you use your device in public spaces to prevent shoulder surfing and protect sensitive information.
Ignore	Randomize your Wi-Fi hardware address	Optional	Modify or randomize your MAC address to protect against tracking by Wi-Fi network owners, which happens in most public networks for different reasons. Look for Private Wi-Fi Address or Random Hardware Address setting in your wireless network settings and enable it.
Ignore	Use a firewall	Optional	Install a firewall app to monitor and block unwanted Internet access by certain applications, protecting against remote access attacks and privacy breaches. Consider LuLu for macOS and Portmaster for Windows/Linux.
Ignore	Use virtual machines	Optional	Use virtual machines for risky activities or running software you may want to use only a couple of times to isolate potential threats from your primary system. Modern computers can usually run at least one virtual machine without noticeable performance downgrades. Any.run can run Windows/Linux apps on their servers and show execution analysis in your browser. VirtualBox is available for all desktop operating systems and has an easy GUI, but many advanced alternatives exist. As an operating system for the virtual machine, consider Kali Linux or Tails OS.
Ignore	Set the BIOS password	Advanced	Enable a BIOS/UEFI password to prevent someone from modifying the boot settings of your computer. On Mac computers, the equivalent of a BIOS/UEFI password is called a Firmware Password. This prevents anyone from booting their OS on your device, or modifying startup settings. Record this password in a password manager; you will need it to reinstall the OS or sell your device in the future. Instructions for: Mac, Dell, Asus, HP.
Ignore	Use Canary Tokens	Advanced	Deploy canary tokens to detect unauthorized access to your files, emails, or system and sometimes gather information about the intruder. When attackers interact with the honeypot, it will send you an alert. OpenCanary can be installed on your server or you can create canary tokens online.