A Simple Security Checklist

Just because you’re not a security expert doesn’t mean you can’t take simple steps to protect yourself against common cyberattacks. Here’s an easy-to-read checklist of things to do:

1. Keep your software up to date. Software companies continually fix security problems, but only if you install their patches.

2. Don’t open suspicious email attachments, even if the message seems to be from a friend or co-worker. It might be malware in disguise.

3. Use strong passwords and don’t reuse them on multiple sites. Your password is what protects your information from being stolen by hackers.

4. Backup your data so that even if your computer is hacked, you don’t lose anything permanently.

5. Consider using a password manager so that you can use long, unique passwords without having to remember them all; they will be remembered for you (in an encrypted file). They will also generate strong passwords for you and fill them in automatically on websites, saving you time and effort while keeping you more secure online.”

The best security checklist in the world will not protect you from an attack if you don’t use it. Security checklists are like condoms. You don’t leave home without one, but you also don’t pull it out in public.

Here is a basic one to get you started:

Protect sensitive data and accounts with strong passwords. Don’t use the same password for more than one account. Use long passwords, preferably with special characters and numbers. Make sure your computer’s operating system and all software is up to date with the latest patches or upgrades. Keep your anti-virus and malware protection software updated on all devices, including mobile devices. Configure your router to use Wi-Fi Protected Access (WPA) encryption or another strong encryption method instead of Wired Equivalent Privacy (WEP). Change the default router password to something unique and complex, and regularly change it. If you’re away from home or work, never use a public Wi-Fi network unless you have a virtual private network (VPN) installed on your device. Avoid using automatic logins on any site that stores sensitive information such as banking, social media or email accounts. Never click on links embedded in emails or text messages if you don’t know who sent them. Disable Bluetooth when it

Security is hard. The only way to be safe is to have a program that examines all code before it runs, and rejects anything that looks wrong. The problem with this is that it requires a computer that can understand any program you might ever want to run: you would need an infinitely flexible computer to prevent security problems in general.

Since we don’t have such computers, we need to find some way of getting by without them. We need a system that provides security based on limiting the damage that can be done by bad ideas rather than preventing bad ideas from being implemented in the first place.

The checklist approach described here is an attempt at making such a system. These are not always things that you should do; they are always things you should consider doing and decide whether the tradeoffs involved make sense for your situation.

If you have a website, you need to make sure it is secure. This article covers the fundamental security measures every webmaster should take to protect their website and their visitors.

If you are not technical and don’t know how to check or fix these issues, ask your web developer or hosting company for help.

In addition to the topics below, be sure to read “How Do I Prevent Cross-Site Scripting (XSS)?” and “How Do I Prevent SQL Injection?”.


Is there a security policy?


Are passwords encrypted?


Are firewalls used?


Are all computers up-to-date on software updates and patches?


Is there a web filter in place to prevent employees from visiting dangerous sites? (This is also called a web proxy)


Is antivirus installed and updated regularly? Is it configured to scan for viruses automatically at least once per week?

We have a tendency to over-complicate security. When we need to build a secure system, we naturally want to give it all the bells and whistles. This can result in security becoming an afterthought rather than an integral part of the system design.

In this article, I’m going to suggest that we go back to basics and focus on building good foundations first. The key points are:

* Don’t trust your users

* Don’t trust your developers

* Don’t trust yourself

* Don’t trust your network

There are many more ways you can be compromised, but by following the above principles, you can avoid the most common pitfalls.

Most security problems are caused by mistakes, so if you can avoid making mistakes, you will be secure. Security is a lot like engineering: you have to design your system with security in mind. Unfortunately, human beings are not very good at this. It’s hard to think about security when you’re programming a video game or editing a document or checking your email or doing any of the other things computers are useful for. It’s even harder to think about security when nothing has gone wrong yet.

Have you ever had someone tell you the same thing over and over until finally it just got on your nerves? Sometimes that’s the only way to learn something important: repetition, repetition, repetition. The following items have been repeated by many different people for more than twenty years. They’re still worth repeating. If you can get them through your thick skull, they may save your life some day.

Leave a Reply