I’ve transferred files and settings to new PCs several times over the past 25 years. Apple and Microsoft have made it easy with migration tools that turn the old laborious chore into a simple and painless process. Cloud storage services like Dropbox mean there’s almost nothing to do.
So when I picked up my shiny new iMac (a purple one BTW) my first impulse was to let Migration Assistant work its magic.
But while PCs have gotten simpler and friendlier, the outside world has become decidedly more hostile and demanding. Ransomware, phishing, and identity theft have grown exponentially since my last upgrade. And as a business owner, I’m now subject to data privacy rules and security agreements including the European Union’s GDPR and the US HIPAA. I’ve known about these issues for a while and have taken incremental steps to address them. But upgrading to a new computer gave me the opportunity to make a few fundamental changes.
My technically adept co-founder, Matthew Carr recommended and helped me implement five best practices.
- Establish a separate Administrator account.
Mac and Windows PCs allow you to set up multiple users on a single computer. That a great way to let your spouse, kid, or guest use the machine without mixing into your work.
In the past I have set up the first user as an Administrator, in order to download applications, make changes to settings, etc. It’s a “personal” computer after all, so I have always set my own user account (“David”) as the Administrator.
That’s a bad idea, Matthew tells me!
The better approach is to set up a separate Administrator account and then spend most of your time on the machine in your own personal user account. That way whenever an app or website prompts you (the regular user) to do something that could compromise security –like changing a privacy setting, downloading a potentially harmful program, or adding a browser extension—the computer will prompt you to sign in as an Administrator.
It makes you think twice before allowing something that could be nefarious to take root. And just so I don’t get confused, I changed the background setting on my Admin account to a bright red to warn me before I do something stupid.
2. Reject default settings. Go through the settings one by one.
Default settings make life easy for you but could also inadvertently set you up for trouble. You should go through each one and consider the trade-offs. Turning on location tracking could be useful for a laptop that you travel with –but for a desktop that sits in your office it mainly provides a homing beacon for troublemakers. If you love voice commands, consider turning on Siri but think twice about whether you want Apple or a hacker listening to everything you say.
And look for other default settings both for the system overall and individual programs like browsers. You probably don’t want to show your user ID to others on public networks, open attachments automatically or auto download files in emails.
3. Just say no to crash reporting.
I like to be helpful, especially when my assistance could make software more reliable. Your computer wants you to enable crash reporting to automatically share logs with developers when something goes haywire. I understand why developers want this information since it can contain the clues to why a piece of software failed on a particular machine.
But crash logs can contain a lot of information. After all, from the developer’s standpoint, the more context the better. And there are two problems with that from the user perspective. First, what personal, private information is contained exactly? It could be substantial, depending on the crash. You might send email addresses, user names, network information, a list of installed programs. A memory dump might even have your password in it.
And most important, we can’t be certain that the developer will be able to keep the crash information secure. We’ve seen sophisticated foreign adversaries break into systems all over the place. And even garden variety hackers can find their way into most locations.
4. Use stronger passwords and a more secure password manager.
Back in the day I used variations on a favorite password for a lot of different websites. But I learned not to do that after finding out that a hacker would steal a password for one site –maybe one I don’t even use or think about anymore– and try it everywhere else. This became real for me when a hacker tried to blackmail me by sending me an email that contained a version of that old favorite password and saying he’d hacked my computer. Not only that but he claimed to have compromising webcam photos of me from a visit to an “adult” website! The scammer hadn’t actually hacked me; instead he’d found the password from a public dump of passwords from a breach years ago. In a way, he did me a favor by showing what was out there.
I’ve been using a password manager that I like to generate and automatically enter logins and passwords across the web. But naturally it made me think, what if the password manager itself gets hacked? So I’ve done a couple things differently on my new computer:
First, I’m using more complicated passwords for my master passwords: the ones for my administrator and user accounts, and the one for the password manager itself. I’ve strung together a few short words, symbols and numbers that I can remember but that won’t be guessable by others. These are passwords that I don’t store electronically anywhere.
Second, to address the possibility of my password manager being hacked I switched to another app called 1Password, which appears to be more secure. I say “appears,” because who really knows? It’s reassuring that 1Password offers a bug bounty program on bugcrowd, offering up to $100,000 for finding bugs. This is a proven way for a software company to stay ahead of the bad guys.
5. Move files selectively.
If you use a migration assistant you’re likely to end up with documents and programs you didn’t need on your old computer, never mind on your new one. Chances are you’ll be transferring over malware and adware plus personally identifiable information (PII) you’ve collected for years or decades.
Installing software is pretty easy. Just download new versions of what you want –your licenses should work on the new machine and you won’t have to pay again. Only install what you know you’ll use.
Document transfer is a little harder. How can you tell which files have forbidden information without going through them all? Chances are you have some old folders and files that are clearly out of date. Those you can skip.
But it’s harder to know what to do with the newer ones. That’s why we created Funda, a PII scanning tool that quickly locates PII on your machine and helps you protect what you need to keep and delete what you don’t. The Funda beta testing program starts in July. Send an email to beta@fundamentalcyber.com if you’d like to be considered.
Conclusion
I’m grateful to Matthew for encouraging me to take the time to follow best practices and establish some good new habits in setting up my new Mac. Everything is running smoothly now and I’m more confident in the security of my machine and the privacy and appropriateness of my data.
Did you find this post useful? Is there more you’d like to know? Drop us a line at info@fundamentalcyber.com