Sometimes, I wonder if we should have something akin to a computer license, like we do with driver’s licenses.
If you have a job that requires to you work at a computer where sensitive data is available somewhere on the network, you need to have a computer license of a certain level.
I would create three courses that each earn you a computer license. You must complete the previous course to continue to the next. You can earn licenses C through A:
- C: The most basic course. This course teaches you why some paranoia in computing is a good idea. You will learn about bad actors on the internet and the fact that sometimes hardware will fail and you will lose data. If you follow this course, you will learn enough to be safer on the internet, and avoid data loss by learning best practices about data backups and revisioning.
- B: The intermediate course teaches you more advanced functionality of OS-level features and some hardware-related knowledge. After following this course, you will be more proficient at using your computer’s operating system, and you will be able to guess at what kind of hardware might be at fault if you are experiencing issues with your computer that are not caused by software.
- A: The advanced course teaches you how to use advanced system features, like: cronjobs, terminal, managing and tweaking advanced system settings, networking, and some more basic Linux knowledge. As a part of the course, you will also learn some basic programming.
These computer licenses are a great starting point, and you can learn more advanced things at your own leisure. But having these means you can put more on your resume than “proficient with Word and Windows”.
Obviously, putting this into practice on the same level as a driver's license will cause probably more issues than it's worth. (So let's not make it a legal requirement.) But it might be worth creating a kind of universal computer certificate that has actual value on the job market.
As a part of this particular post, I would like to make a few simple recommendations that will help prevent issues with your computer, and put your mind at ease should anything bad happen to your computer.
Always install updates. This is a big one. Software updates will often patch critical issues and exploits, which could be used to infect your system or steal your data. The ransomware that was terrorizing the world last week (WannaCry) did not work if you had installed the latest patch on Windows 10. I know that Windows 10 automatically installing updates can be annoying, but it makes computers that much more secure.
Do not use outdated software. Whether it’s an old copy of Windows XP or Office, you want to install the latest and the greatest. This is especially important when it comes to operating systems like Windows or macOS and webbrowsers (like Chrome, Edge).
If you cannot update or use more recent software, disconnect that hardware from all networks, including local networks, since there’s always a chance of infection that way. Presuming your old machine is not compromised, keeping it disconnected from the internet is the only way to prevent future issues.
Another example: if you are running Windows, it is unacceptable to use Internet Explorer. The old browser no longer receives updates, so sites might not work or look broken, and it’s a security risk as well. Use Chrome instead, because it received plenty of security patches and updates itself automatically.
Do not insert random storage devices into your computer. That USB-stick you got at a conference? Maybe you found one on the floor somewhere? Could be infected. Unless you bought it new for yourself and you know that the device can be trusted, be wary of storage devices (whether it’d be hard disks, USB sticks, SD cards) because they could potentially be used to compromise your system.
Hell, there’s even USB-stick lookalikes that will fry your entire laptop. Ouch.
Always back up your data in two different geographical places, and do so periodically. My go-to recommendation here is keep a local backup on an external hard drive, and keep a backup in the cloud. I would recommend using Backblaze or Dropbox. Make backups at least weekly. If you are using an online backup tool, only the initial upload will take a lot of time. That’s okay.
This will also mean you’ll need to pay a sum annually for backups, but trust me: there’s no price you can pay for lost data. If some precious pictures you took are gone because of data loss, you’d wish you could just bring ‘em right back. Unless your data can be easily reproduced (e.g. it’s music you purchased via iTunes and can download it again, or it’s a game you can redownload through Steam, etc.) you have to back it up.
Alternatively, having two physical backups in two different places is fine as well, but if you have an issue you might have to travel to the place where your second hard drive is located.
One thing to note: As long as the external hard drive remains connected to your computer, it’s not an external backup. Disconnect the drive when not backing up, or your external backup might be compromised if your computer is compromised.
Use a password manager, and don’t use the same password everywhere. I love password managers. Not everyone has to use one, you can make up unique passwords for all your online places, yes. There’s free password managers, and there’s paid ones. I personally use 1Password.
What you do is you have to remember a single (1) master password and the rest you can put in your personal password vault. After entering the master password for the vault, you can use the password manager to automatically fill in the passwords on websites and the like. It makes entering passwords easier, and having a unique password for each site ensures you’ll be much safer.
Also important: when it comes to security questions, I’d recommend using information that people cannot find on your social media accounts. Otherwise, it would just take a trip to your social media page to be able to reset your password somewhere. (“Oh, to reset his password, I have to enter the name of Dave’s favorite animal? I know that’s Fluffy, I saw it on Facebook! Easy… I’m in!”)
Use two-factor authentication. Even if your password is guessed, two-factor authentication protects you by requiring an additional factor to log in. This can be a text message, or an authenticator that gives you codes depending on the time. It’s a good security measure, especially if you have sensitive information in an account.
This means it’s not automatically game over after someone gets your password. Which, ideally, if you’re using a password manager, won’t happen — but systems can be compromised and your computer might send info about the stuff you type to some hacker if it’s infected. As such, this is why two-factor authentication is important.
Do not sign into accounts on public hardware. This is another biggie. Do not use someone else’s computer to sign in to your accounts: whether it’d be social media, password, or anything, really.
Their computer might be compromised or there might be some kind of software on there to record what you’ve done (for example, a keylogger). Do not do it. Only your own computer or smartphone can be considered trusted (assuming you have been using these best practices).
If you really must, and there’s no alternative, make sure to sign all your sessions out and I’d recommend resetting your password and forcibly signing you out once you have access to a trusted device again. (Forcibly signing out allows you to kill all other signed in sessions on other computers. Most important social media services have this somewhere. Linked is how to do it with your Google account.)
Be on the lookout for scammers on the internet. Be paranoid. I won’t go into much detail here, but if something seems fishy, it probably is. You can learn more about avoiding online scams by reading this FTC article.
An example: If money is concerned and you have received an email requesting payment, be wary. (This can be a mail from a bank, from Amazon, etc.) Chances are that you are being scammed.
If you are unsure about the authenticity of the message, you can contact the company by using the telephone number on their official website. Do not click on links in the mail or call the number in the mail. (Because those might be fake.)
Calling isn’t always a solution, of course. Only call institutions that you know. That Nigerian prince does not have 10 million dollars. Do not call him, either. Disregard his message.
When you inevitably have to sign in somewhere, always check the URL at the top of the browser before logging in. (Make sure you’re always on the right domain!)