While no computer is entirely hacker-proof, you can make yourself a “hardened target” – one that hackers will likely skip in favor of easier targets. Just as with asset protection, the key is implementing multiple layers of security.
Here are our top suggestions:
- Keep Your System Updated: Regularly install system and software updates to patch known vulnerabilities. Create a system image backup regularly, and especially before major updates, to protect against installation issues. Consider using update management tools to track needed patches across all your software.
- Install Robust Antivirus Protection: Maintain active antivirus software to guard against known malware. While free options exist, ensure you’re using a reputable provider with regular definition updates.
- Secure Your Internet Connection: Use a Virtual Private Network (VPN) to encrypt your data transmission and protect against network monitoring. This is especially crucial when using public WiFi or handling sensitive information.
- Control JavaScript Execution: Since many attacks rely on malicious JavaScript, use browser tools or extensions to control which websites can run scripts. While this may affect some website functionality, it significantly improves security.
- Implement Strong Firewalls: Go beyond basic inbound firewalls and use solutions that also monitor outbound traffic to detect and block unauthorized data transmission from your system.
- Encrypt Sensitive Data: Use encryption for both individual files and entire drives. If a breach occurs, encrypted data remains unreadable. This applies to both stored files and email communications.
- Use Secure Email Services: Consider non-US based, security-focused email providers that offer end-to-end encryption for sensitive communications.
The Importance of Regular Updates
Probably the most important precaution is to keep your PC up-to-date. This prevents hackers from taking advantage of vulnerabilities discovered in unpatched versions of both hardware and software.
That’s often easier said than done, because major updates (especially to operating systems) can take hours to install and can even crash your system. Protect yourself from “backup hell” by creating a system image of your entire hard drive before you install an update. I use Microsoft’s imaging tools on my Windows 11 PCs. Mac users could use the built-in Time Machine app for this purpose.
Not all software reminds you that it’s time for an update, so it’s a good idea to install a tool that probes the programs you have installed and lets you know when new patches are available. A good one is the free utility Patch My PC.
Next, make sure you have a reliable antivirus program installed to keep known malware out of your PC. There are many good free antivirus programs out there; one I’ve found effective is Bitdefender.
Strengthen Your Digital Defenses
The next precaution to take is to beef up the security of your internet connection to make it nearly impossible for hackers to penetrate it to steal log-in data or other sensitive information. A virtual private network (VPN) is ideal for this. A VPN is software that constructs an encrypted data channel between your PC or smartphone and the internet so that your data stream can’t be monitored. The VPN we use at The Nestmann Group is ExpressVPN.
Unfortunately, even the best VPN won’t protect you if you open the wrong message or visit the wrong web page. The message or the web page can contain malicious code that automatically installs on your PC. The code can monitor your keystrokes, let the hacker hijack your PC, or even make your files unreadable until you pay a ransom to unlock them.
Most poisoned messages and web pages rely on JavaScript, a web programming language. When you see a web page with animated graphics, interactive maps, and many other types of effects, JavaScript is often involved. Because JavaScript is often used maliciously, you want to be able to choose which web pages are allowed to run it, and under what conditions. An add-on to Firefox called NoScript gives you that capability.
While most modern browsers like Google Chrome or Microsoft Edge allow you to disable JavaScript entirely, NoScript provides granular control, letting you choose specific websites that can run scripts. It also speeds up browsing, because only the interactive effects you’ve authorized are displayed. The downside, though, is that many web pages simply won’t run without JavaScript.
What If Hackers Get Through?
All of these precautions help make you a hardened target. But what if a hacker manages to infiltrate your PC? For that contingency, you’ll want a second (and possibly third) layer of security.
One tool to seriously consider is a firewall. A basic firewall, like the one built into all Windows operating systems since Windows XP, is designed to block unauthorized inbound access to your PC. But if a hacker has taken over your system, you want to block information from getting back to the hacker. You need a firewall that blocks unauthorized data from leaving your PC. There are many to choose from; I’ve used Comodo for several years.
But what if a hacker somehow overcomes all these barriers and still gains access to your PC? If you’ve taken the precaution of encrypting your most sensitive files, nothing but gibberish will show up when the hacker tries to extract data. The encryption program we use for this purpose is VeraCrypt. It can encrypt individual files or your entire hard drive. You can also create virtual encrypted drives with the program.
Secure Your Communications
Use an email program that facilitates transmission of encrypted messages. My personal choice is Thunderbird which has built-in OpenPGP support. Once you exchange encryption keys with the people you correspond with, Thunderbird automatically encrypts and decrypts your messages. What’s more, the messages are permanently encrypted on the server on which they reside. If a hacker manages to penetrate the server, the content of the messages remains secure.
If you use webmail services, ditch US providers such as Gmail, Yahoo, etc. Use a non-US service that is serious about security and encryption. I use Swiss-based ProtonMail for webmail, which provides end-to-end encryption for all messages delivered on its network.
Stay Committed to Security
Don’t be surprised if your friends, family, co-workers, etc. tease you about your newfound preoccupation with computer security. But if they’re hacked, you’ll have the last laugh.
A good time to begin securing your PC is today. Hackers certainly aren’t going to do it for you.
