This is a short version of an article by Richard Krebs, from his web site (click here). I have shortened this list to make it as easier to read and apply to our own computing environment. I’ve also added in one more rule which is why this post has “3+1” in the title.
About Brian Krebs
Brian Krebs (born 1972 in Alabama) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. His interest grew after a computer worm locked him out of his own computer in 2001. Brian has received awards such as “the 2010 Security Bloggers Network, “Best Non-Technical Security Blog” for his easy to understand articles.
Rule #1 “If you didn’t go looking for it, don’t install it!”
A great many online threats rely on tricking the user into taking some action — whether it be clicking an email link or attachment, or installing a custom browser plugin or application. Only click on links from sources that your are certain of. Beware of email that appears to come from a site where you need a password to enter as these are often veiled attempts to steal your password.
Rule #2 : “If you installed it, update it.”
Keeping the operating system current with the latest patches is important, but maintaining a secure computer also requires care and feeding for the applications that run on top of the operating system. Always update apps on the first time you get notification that they need updating. Adobe Flash is a particularly vulnerable app that often requires updating to prevent attacks that are already present “in the wild.” Cell phones are extremely vulnerable and you should always run updates for apps on your phone, including the operating system itself. No phone is completely immune
Rule #3“If you no longer need it, remove it.”
Clutter is the nemesis of a speedy computer. Most of us install more apps than we use, and anything that you don’t use should be removed after an initial grace period. If you don’t need it, delete it!
Ron’s Rule #4: “Don’t use the same password on multiple sites or apps.”
Millions of passwords have been stolen from big retailers like Target and popular web sites such as Yahoo.com, LinkedIn, Tumblr, and Snapchat. Use strong passwords (at least 10 characters long with a mix of upper and lower case and special characters like this good password: “My-Be5st-Friends->Birthday-is-5-6-1962”) and change them at least once a year. You can use one of several password save apps to generate and save passwords. They all allow you to copy your long password and paste it instead of typing it. I’m on a Mac, and I use KeePassX, but there is a version of KeePass that runs on Windows, cell phones, and other operating systems.