Security Basics

Protecting Your Digital Identity

When a computer is connected to the internet, it becomes a target. The first line of defense is the password you choose for every account. A password that is easy to guess, such as “password,” “123456,” or a single word from a dictionary, offers no real protection. Attackers often use automated tools that try thousands or millions of guesses per second. If a password is short or contains predictable patterns, a brute‑force attack can finish in minutes. A strong password, by contrast, can force an attacker to spend weeks, months, or even years before it is cracked - if they can at all.

A practical rule of thumb is to aim for at least eight characters. But length alone isn’t enough. Combine upper‑case letters, lower‑case letters, numbers, and symbols. For example, “R4b!8qPz” is far more difficult to guess than “rabbits.” Avoid using the same password across multiple services. If one site is compromised, all accounts that share that password are vulnerable. When you need to remember many passwords, use a reputable password manager. These tools generate random strings, store them securely, and autofill them whenever you log in. That way you can afford to use truly complex passwords without having to memorize each one.

Two‑factor authentication (2FA) adds another layer. Even if an attacker obtains your password, they still need a second factor - typically a code that appears on your phone or a hardware token - to access your account. Enable 2FA on email, cloud storage, banking, and any other service that offers it. The extra step is usually only a minute or two, but it dramatically raises the cost for an attacker.

Don’t forget local accounts on your own machine. Many operating systems pre‑install accounts with generic names and weak passwords. An attacker can easily enumerate these accounts and try common passwords. On Windows, for instance, “Administrator” is a common default. On Linux, accounts like “root” or “user” are also typical. Wherever possible, disable or rename default accounts. Then create real accounts for each person who uses the device, giving each one a unique, complex password.

In addition to passwords, be cautious of social engineering. An attacker might call or email a user pretending to be IT support and ask for a password. Legitimate IT personnel will never ask for passwords over the phone or via unencrypted email. If you receive a suspicious request, hang up, verify the caller’s identity, and contact your help desk. By combining strong, unique passwords, 2FA, and a healthy skepticism toward unsolicited requests, you can turn most brute‑force and phishing attacks into dead ends.

Managing User Accounts

Every device that is shared with multiple people carries the risk of unauthorized access. The easiest way to minimize that risk is to remove the default accounts that come pre‑installed and replace them with accounts that match real users. The process starts by creating a local account for each person who will work on the machine. Give each account a strong password, and assign permissions that match the role each user plays.

Once you have set up real accounts, check the group membership of each. On Windows, for example, you can place users in the “Users” group, which has standard privileges, and reserve the “Administrators” group for people who need to install software or change system settings. On Linux, you can add users to the “sudo” group if they require elevated rights. Having a single administrator account that is used only for system changes keeps everyday usage in a sandboxed environment, reducing the chance that a malicious file can modify critical system files.

After the real accounts are in place, disable or delete the default accounts. Many operating systems allow you to disable an account without deleting it entirely, which keeps a recovery option if needed. If you delete an account, make sure you have at least one other administrator account that is secure. Never lock yourself out of the machine - keep a backup administrator credential stored in a safe place.

User account control is not just about limiting rights; it also helps with auditing. By logging in with their own credentials, each user’s activity becomes traceable. If you notice an unfamiliar login or unexpected system changes, you can investigate the specific account involved. This traceability is essential for spotting compromised accounts early and for maintaining compliance with data protection regulations.

Remember to enforce a password policy that applies to all accounts. Require minimum length, complexity, and periodic changes. Many modern operating systems provide built‑in tools to set password policies; if you’re in a corporate environment, a centralized solution like Active Directory can enforce rules across all machines.

Finally, educate users about why the policy matters. People often view password rules as arbitrary restrictions. By explaining that a strong password protects not only their personal data but also the company’s confidential information, you turn compliance into a shared responsibility rather than a bureaucratic hurdle.

Safeguarding Email Attachments

Email remains a common vector for malware. Attachments can appear to come from trusted contacts and bypass spam filters. The first defense is antivirus software that runs in real time and scans every incoming message. Install a reputable product, keep its virus definitions up to date, and enable automatic scans for all attachments.

However, antivirus alone is not enough. Before opening any attachment, save it to a dedicated folder that’s isolated from the rest of your system. For example, create a folder on the desktop named “Attachment Scan” and copy the file there. Most antivirus tools perform a deeper scan when a file is copied or moved, giving you a second chance to detect a threat before you open it. Once the file passes the scan, move it to its proper location. This habit turns a risky operation into a controlled process.

Another layer of protection comes from being skeptical about the source. A malicious program often masquerades as a file from a known contact. Instead of opening the file directly, send a reply asking the sender to confirm the attachment. For example, “Hey, I received an attachment - can you confirm what it’s for?” If the sender’s email address matches the one in your address book, that’s a good sign, but the confirmation is still prudent. For higher‑risk environments, consider setting up an email gateway that automatically quarantines attachments until they’re manually reviewed.

You can also use sandbox environments to test attachments. A lightweight virtual machine or a sandbox application can open a file in isolation, letting you observe its behavior without exposing your main system. If the file tries to connect to external servers or modify system files, the sandbox will flag it, and you can block the file before it spreads.

Lastly, stay informed about the latest attachment-based threats. New malware variants appear every week, often leveraging zero‑day vulnerabilities. Subscribe to security bulletins, keep your operating system and applications updated, and remind your colleagues to do the same. The combination of vigilant scanning, cautious handling, and continuous education keeps the most common attachment attacks at bay.

Physical and Network Security

No software defense can replace proper physical safeguards. Devices that sit on a desk, in a room, or in a conference space are vulnerable if they are not secured. Anyone who gains physical access to a machine can bypass software locks with a boot disk or a USB key. Keep computers in locked rooms whenever possible, and use cable locks for laptops that are frequently moved.

For environments that store sensitive data, restrict physical access to authorized personnel only. Implement badge‑controlled doors, security cameras, and visitor logs. Even a small lapse - such as leaving a device unattended on a shared desk - can open a window for data theft. In addition, consider hardening the boot process: enable secure boot, lock BIOS passwords, and restrict boot media. This prevents attackers from loading an alternate operating system that can bypass user passwords.

Network cabling deserves special attention. It may seem trivial, but an attacker can insert a packet sniffer into a poorly secured cable or even into the cabling that runs through common areas. Use shielded cabling, label each cable clearly, and route cables through secure conduits. Where possible, separate critical network traffic onto dedicated VLANs, and enable encryption on all wireless access points. If a laptop is taken to a public space, it should not be connected to the corporate network without a VPN.

Internal threats - employees or contractors who misuse access - are the most difficult to prevent. The best defense is a combination of least‑privilege access, monitoring, and clear policies. Log all privileged actions, review logs regularly, and enforce role‑based access controls. If a user’s job changes, adjust their permissions immediately. By limiting what users can see and modify, you reduce the risk of accidental or intentional data leaks.

Finally, always remember that the weakest link in security is often the human element. Regular training sessions that cover both software practices and physical habits reinforce a culture of security. When users understand that a single forgotten device left in an open space can compromise an entire organization, they become more careful and vigilant. Together, physical safeguards, network controls, and a well‑educated team create a resilient defense against most security incidents.

Jay Fougere is the IT manager for the Murdok network and writes occasional articles. For IT questions, reach out at