Body
Overview/Introduction
This guide will show you how to verify whether your PC’s security is correctly enabled and ready to go while working remotely. These steps assume you are using Windows 10; if you are still using Windows 7, 8, or 8.1 it is heavily recommended that you work with a technical support retailer such as Microcenter or Geek Squad to upgrade your machine, or back up your personal files from that machine and purchase a Windows 10 ready device. While Apple devices are far less prone to catching viruses, there are still free products available online that you can use to secure your Mac such as Avast Free Mac Security or Sophos Home for Mac. For ChromeBooks, you can download Avira Antivirus 2020 from the app store.
Details
Antivirus
There are many free and paid antivirus products that are available online, but the SLAM IT department recommends that you use the built-in security that comes with Windows 10. This feature is controlled from the Windows Security app, and it should come pre-installed on your device. You can access this app by typing “Windows Security” into the Start Menu. This app will let you manage your Antivirus Scanning and Firewall, which are the two most important parts of your security settings. You can optionally enable Ransomware protection as well, which will be explained toward the end of the guide.
Once you open the Window Security App, it will display the status of its various features. The first screen shot below shows a system with the security disabled, and the second shows what the app looks like when it has the preferred settings.
Turning on Virus & Threat Protection
If something on the dashboard is out of place, you can see in the screen shot on the previous page that a button labeled ‘Turn On’ will appear. When you press it, another screen may pop up asking “Do you want to allow this app to make changes to your device: Windows Security”, to which you should allow by pressing Yes. Once that setting is turned on, you will be taken to the below screen where you can flip the switch to turn on the various pieces.
Here you will want to enable all of the settings that can be allowed, as is shown above. There is a description above each on/off switch that explains what each piece will do.
Windows Firewall
By default, your home wifi router should have a built-in hardware firewall that protects you from most intrusions. In short, it is what blocks off unwanted connections from being made into your home environment. Windows also uses a software firewall, that may be enabled or disabled. For home use, it is OK to keep this Windows Firewall enabled. If an application needs to get past the firewall, Windows will simply ask you if you want to allow that application through when it tries to access your network, you simply have to hit ‘Yes’ to allow when that occurs. You can get to the Windows Firewall settings by choosing the corresponding button on the left pane. Below are the settings for Windows Firewall:
We recommend that you click each network type (Domain, private, public) and set on/off switch to ‘On’. The only exception would be if you are using a 3rd party software firewall other than the built-in Windows one.
Please note: These settings are for personal devices and may not reflect what is being used on your Museum provided machine.
Ransomware Protection
Ransomware is the most dangerous and common type of malware (aka virus software) that bad actors use today. Using links from poorly rated websites and email/chatting attachments, they will trick your machine into downloading malware payloads that locate, encrypt, and deny access to personal files on your machine. The payload then shoots off a message to your screen with instructions for sending payment to the hacker via Bitcoin. These payloads can also disable windows services and backups that you would otherwise rely on to alleviate the attack.
That being said, Windows Security has added a specific feature called ‘Ransomware Protection’. Under the ‘Virus & Threat protection’ option on the left pane, you should see an option at the bottom to manage ‘Ransomware Protection’. Clicking into it will take you to the below screen:
Once enabled, you can specify certain folders that Windows will maintain specific protection over. Default folders like the ‘My Documents’, ‘My Pictures’, etc. are enabled just by flipping the switch to ‘On’. If you click on the ‘Protected Folders’ link, you can add more folders on your hard drive into the list of ‘Protected Folders’. A picture of that screen is below:
There is also an option from the previous ‘Ransomware Protection’ screen to sign into OneDrive. This is recommended and you may choose to use your SLAM account or a personal OneDrive account. If no OneDrive account is presently signed into the machine, you will also see a flag for it in the ‘Account Protection’ section. Remember that if you are signing in with a SLAM OneDrive account, the email address used for the account will be typed out in a username format (e.g. JDoe@slam.org instead of Jane.Doe@slam.org)
Summary
It is extremely important, both professionally as well as personally, to ensure your identity and data remains safe while using the Internet. The tools or tools similar are used here at the museum to ensure we are protected as much as possible and we strongly urge you do the same for your personal environment as well.