10 security best practice guidelines for consumers

Consumers need to proceed with extra caution to avoid scams, viruses, social engineering attempts, privacy-leaking apps, and malicious software of every flavor. These guidelines will keep you on the straight and narrow.
Written by Ken Hess, Contributor

Yesterday's "10 security best practice guidelines for businesses" outlined some good advice for businesses to avoid security problems by implementing some industry standard hardware, software, and common sense. Now it's time for you, as a user — corporate or otherwise — to take your share of the responsibility for security on any device that you use or have control over. Just because a device (computer, mobile phone, tablet) is owned by the company you work for doesn't relieve you of your responsibility for security for that device. Negligence is never a good excuse. And after you read these 10 guidelines, you'll never be able to claim ignorance again.

Educate yourself on these 10 security best practice guidelines for consumers (you) so that you can keep your data private and your job secure. These 10 guidelines are in no particular order.

  1. Always use antivirus software on your personal devices: There are several free ones and multiple subscription services to keep your computer virus free. Download and use them. Don't turn them off because you think it makes your computer run slow. Leave them on and stay protected. Upgrade your device if you think the antivirus program slows it down.

  2. Always use a device firewall: A personal or operating system firewall is an excellent line of defense against malicious software that attempts to connect out to its home server. You'll receive a warning when an attempt is made, and you can optionally block the communication. Blocking the communication won't remove the infection, but it will render it mostly harmless, especially if it is one of the many "logger" infections that grabs your data as you type it into websites or client software.

  3. Keep your operating systems and software up to date: Yes, it's a pain to update your apps and operating systems up to date because doing so often requires a reboot. Your device will react slowly while the device updates, but it's for your own good. Take a tea break, watch an old episode of The IT Crowd or take a walk until your updates have finished.

  4. Never download pirated or cracked software: This type of software almost always includes some type of malware. Plus, it's illegal to steal software, so there's that aspect of it. If you're using a corporate computer and you download pirated software onto it, you're jeopardizing your job because your company can get into big trouble for harboring pirated software.

  5. Don't click on popup windows that tell you that your computer is infected with a virus: Antivirus software doesn't work that way. Those popups install malware onto your computer, with your permission. Sometimes it's a scam that requires you to pay money to have the software removed by the software originator. Don't fall for it. Don't pay them to remove it if you've done it. Look up online how to remove the malware yourself.

  6. Be careful with email attachments: Not all email attachments are harmful, but unless you're expecting an attachment from someone you know, don't download or open it until you're sure it's OK to do so. If it's from someone you don't know, delete the email or identify it as spam. Do not download or open the attachment.

  7. Don't use public wi-fi hotspots without using a VPN (secure) connection: This is always true if you're a corporate user. Do not connect to a public wi-fi unless you do so through a VPN. A VPN will encrypt your communications to and from the internet so that anyone who might be eavesdropping can't steal your information.

  8. Use passwords on everything and be sure that they're strong passwords: Do not use the same password for everything. Do not use easy-to-guess passwords. Use strong passwords that are at least eight characters in length and include capitals, numbers, and alternate characters. Password protect everything: Devices, email, VPN, anything that you don't want shared with others. Be paranoid and change your passwords often.

  9. Beware of what kind of information you share on social media sites: Everyone loves Facebook (not me) and you probably place photos on it, have conversations on it, play games on it and attach all kinds of other apps to it. And by doing so, you put your privacy at risk. There are companies that scan these sites and collect data on you. They collect data on you from public records sites, social media sites and from sites that deliver malicious payloads to your devices. Keep private information private. Never use social media sites at work. Doing so can compromise your company's data or defame their reputation.

  10. Review your online accounts and credit report: You should review your bank accounts, auction accounts, and mobile phone accounts for signs of fraud or charges that you didn't make. There are companies that send text messages out to scam you into responding and then charge you for doing so. Don't fall for it. You should also check your credit report annually to combat any fraudulent additions. Entries are too easy to put onto your credit report and very hard to take off. Watch yours carefully and take steps to remove errors as soon as possible.

I could potentially offer up another 10 of these consumer guidelines, but no one wants to read 20 things, so I'll save them for another post.

I will give you this one bonus guideline: Use discretion when answering questions via phone calls from reader service cards that you've filled out or "contests" that you've entered. Many of these contests that you see in malls or online are scams to grab your personal information. The people on the phone are very nice and clever about the way they ask questions of you. They ask deeper and deeper personal questions because people love to talk about themselves. Doing so puts you at risk of identity theft.

Have you been the victim of some type of fraud or security compromise? Do you have any other guidelines you'd like to share? Talk back and let me know.

Related stories

Editorial standards