With virus, spyware and phishing scams so common on the web today, what’s an average user to do?  Even if you’re not a computer savvy geek there are still at least 6 simple steps everyone can take to have a more secure computer or browsing experience.

1. Create secure passwords.

Simple security starts with a password. Even if it’s not a super secure password, it’s better to have something than nothing at all. But why not go a step further? Creating secure passwords isn’t that tough to do. Here’s a few tips:

  1. Longer is better (if you can remember it)
  2. Add numbers and symbols($#@?) to mix things up.
  3. Don’t base your password on a dictionary word like “bigdog123”.

If you’d like some more tips, head over to Linux-Tip.net which has a pretty decent guide to follow, or if you want some deeper explanations take a look at Bruce Schneier’s article, “Secure Passwords Keep You Safer“.

2. Keep the passwords secure.

I would hope that this goes without saying, but for those who need it, here it is. DON’T GIVE ANYBODY YOUR PASSWORD! This includes help desk employees or anybody, unless you absolutely have to. 99.99% of the time, tech support personnel do not need your password and shouldn’t be asking for it in the first place. If you do give your password out to someone, please do yourself a favour and change it as soon as you can to protect your information.

Also, be sure to change your passwords regularly. Every couple months is a good rule of thumb.

3. Dot your “i”s and cross your “t”s.

Be careful when typing in a url. Phishers often set up sites on common misspellings of the site they’re attemping to get your information from.  Here’s an example of how it works: you type in “www.ebbay.com”, a site that looks like eBay shows up and asks for your password. Well, the rest is history from there I’m afraid.

Another variation on this form of attack involves the use of e-mail or other electronic communications. This is what happened to Twitter just recently. An e-mail was sent out with a link to a Twitter page. Instead of being taken to the official Twitter site, users were taken to twitter.access-logins.com/login/ where a very offical looking Twitter login screen asked them for their password. The site was not part of Twitter, but was part of a phishing website (hence the access-logins.com part of the address) that stole their twitter accounts and did crazy stuff to it. That’s why you should NEVER follow a link from an e-mail to login to any site.

This sort of thing happens all the time, even with online banking sites sometimes. Watch that address before you enter your username and password.

4. Bring in … the ANTI-VIRUS!

Anti-virus programs are such a simple way to improve computer security, yet some people still don’t use them. If you don’t like spending the extra cash, why not get a free version? AVG offers an excellent free product that is just as effective against viruses as any paid application. In fact, AVG is the only anti-virus program I use now. You can download it here.

5. Man the firewall!

Firewall? I don’t need no stinking firewall! What’s a firewall? A firewall is like putting a lock on your back door to keep burglars from waltzing straight in. A simple firewall will keep out an entire host of viruses and hackers. If you use Windows XP, just check out this guide for help on how to turn on your firewall.

6. Think before you click.

This kind of ties in with those notes in #3 about phishing. A lot of people (you may be one of those) will click on anything that grabs their attention. Yeah, those “shoot the monkey 5 times and win a plasma TV” ads, you know the ones. Sometimes people will login to a phishing site like the Twitter example and accidentally give away usernames and passwords to their online banking site. It is a very dangerous thing to just click on anything in front of you. Think first, use some common sense, and ask yourself, “how could they afford to give away all those plasma TVs if all you have to do is shoot the stupid monkey?”

7. Update, update, update.

Keeping up-to-date is an important part of computing and security. The recent worm attack on Windows is a prime example of this. Most operating systems make this easy with automatic updates so that you don’t have to worry about it.  However, you should make sure that those automatic updates are enabled. Click here for information on how to double check this on a Windows PC.