Maintaining the security of personal computer systems is a constant challenge facing all of us.

Recent, global ransomware attacks that affected a number of businesses around the world area high profile example of what can happen if unauthorised, inappropriate access is obtained to any computer used for professional practice purposes.  Members have a professional and ethical responsibility to maintain confidentiality of information that may be commercially sensitive, irrespective of whether you work for a company or are a self employed consultant.

There are many and varied techniques used by people, intent on accessing others’ personal information, data, or simply intent on causing disruption and inconvenience to discuss individually.  There are, however, several basic principles that can be followed to help make your computer and data more secure, to prevent unauthorised access, and resilient if your computer is compromised.

1. Keep your system software up to date.  New security holes are being regularly identified in all computer operating systems.  Software vendors are usually very responsive in issuing patches to correct identified problems.
2. Use the latest version of your preferred Internet browser.  Browser software incorporates security features that form part of your computer’s front-line defence.  This has the added attraction of ensuring that your computer remains compatible with web content, which is constantly evolving to use features provided by new standards to enhance the experience of web site users.  If you are experiencing a problem reading on-line content or completing on-line forms, chances are you are using a legacy browser that you should consider updating.
3. Install and maintain data security software.  There are a number of good security software applications, these days usually sold as a subscription service that includes regular, frequently automatic updates to the data used by this software to detect and deal with potentially malicious content.
4. Protect your identity.  Don’t give your username and passwords for on-line accounts to anyone.
5. Don’t open suspicious email attachments.  If you aren’t expecting an attachment from someone, delete the email or set it aside and call the sender to help verify that the attachment is safe. Security software installed on your computer will frequently identify malicious content, but there may be a time lag between new threats to your computer being deployed and your security software being updated to recognise them.  Avoid executable code in email attachments.  This can be embedded in HTML, Office document and Zip archives received as attachments as well as executable files themselves.
6. Maintain up to date backups of your computer.  Good practice would be to make regular backups, to a disk that can’t be accessed on-line or to a cloud service, or both.  The advantage of using a cloud service is that you can access your data if your computer (and back up disks stored with it) is lost or destroyed (e.g. in a flood or fire), allowing you to get back to work quickly and easily.  Even if you only use a computer for personal reasons, the loss of family photographs or other material stored on it could be catastrophic.

In Australia, internet service providers are not obliged to report intrusions to their systems resulting in unauthorised access to client data.  This is not the case in the USA, Europe and a number of other countries where disclosure can alert Australian users of on-line services to issues.

There are several on-line services that can be used, safely, to check whether your email account has been compromised, which can be a clue to identifying more serious issues where email addresses are used as account names by on-line services.   I regularly check https://haveibeenpwned.com to check whether my email address(es) are known to have been compromised.

Finding your email on one of these lists should prompt you to immediately change your password for the affected account.

Unfortunately, these are issues that we all need to deal with in an on-line world.  Taking a few simple steps can make a big difference when it comes to keeping your data and on-line identity as safe as practicable.

The list of ideas above isn’t exhaustive.  It’s a summary of what I do routinely, day to day, and the measures are not onerous.  Do you have any ideas and experiences to share?  Add a comment to this post using the form below.

Andrew Waltho FAIG, RPGeo
July 2017.