Buying a new laptop? Here’s how to secure it

October is National Cybersecurity Awareness Month (NCSAM) and this year’s theme of ‘Own IT. Secure. IT. Protect IT.’ aims to encourage personal accountability for security. Computer security is a broad and complex subject but the truth is that criminals like low-hanging fruit and getting the basics right affords you an awful lot of protection.

Naked Security asked me to come up with an easy to follow guide that will help you get the security basics right if you’re buying a new laptop.

1. Have a plan for your data

Ah, the thrill of buying a new laptop. It’s so much faster than your last one! It can do all these great new things! It has so much more space! New lid space for stickers!

Well, it’s thrilling if it was planned, that is.

Often enough we end up buying a new laptop in something of an emergency situation, when the old one is finally so slow that it’s unusable or has a catastrophic failure. When the old laptop’s breakdown is a bit sudden, you might be caught trying to do data rescue on a fried computer, which is a frustrating and time-consuming situation at best.

Spare future-you a lot of grief by making sure you keep your data freshly backed up in at least one place, separate from your old laptop. This can include cloud-synced backups via services like DropBox, Carbonite, or iCloud, or physical periodic backups onto an external hard drive. Mac users can do this on a schedule via Time Machine, and Windows 10 offers its own automatic backup option under “Backup and Restore” in the Control Panel. Additionally, many external hard drive makers bundle their own backup software with the hard drives they make.

So yes, back it all up, in one place, so you know you have everything that you need without the time pressure and frustration of trying to dig it all out from a dead or dying hard drive.

Backing up your data on your old machine will make moving to a new one heaps easier. Many operating systems will offer to import data for you from your backup sources while you’re setting up your new machine, streamlining the set up process even more. But to take advantage of that, you’ll need good backups, so make sure you have them.

2. Apply available updates immediately

The moment you’ve passed the setup and login screens, go straight to your Control Panel for Windows or System Preferences for Mac and check for operating system (OS) updates.

It’s very likely that your OS is a little bit out of date just from sitting on a shelf for a while, and that means it’s missing crucial security updates. You wouldn’t want your brand-new laptop sitting vulnerable to security issues, especially when there’s already a fix available. So yes, before you install anything or start downloading your backed-up data, get your operating system updated first. (After all, OS updates often require restarting your machine, so it’s best to get that out of the way.)

Once your OS is up to date, you can start installing the programs you want and need. As you install each one do the same process as with your OS: Check the software is up to date.

Usually there’s an option in the program preferences to check for updates, run that once just to be sure that you have the latest version. Fresh downloads are likely to be the latest, greatest version of the software anyway, but applications copied from backups of your previous laptop may not be. A good place to start is with your web browsers, since you’re likely to be using them to find and download other bits of software.

3. Make sure auto-updates are turned on

For your operating system and for all your programs, if you have the option, turn on auto-updates. If you can’t find the auto-update section, it’s usually in the preferences or settings of the program, sometimes nested into a “security” tab.

Turning on auto-updates takes the bulk of the maintenance work out of keeping your software patched against nasty vulnerabilities, which in turn secures your data. It’s an easy win for your security.

4. Get a security program in place

New threats seem to surface with alarming frequency, and you should protect your new investment from whatever nastiness might come its way. Making sure your software is patched is an important step, but you should also make sure your entire machine has security software installed to protect your privacy, and keep your data safe from ransomware and other threats.

Some operating systems come with basic security protections already in place, but many security programs go beyond those basics and offer more robust protection from a wider variety of threats. (Sophos Home provides advanced protection for both PCs and Macs).

5. Install a password manager

Now that you’ve secured your operating system and your applications, give your credentials the same treatment. We recommend password managers to everyone as they make it incredibly easy to have unique, robust passwords for all of your applications and web services without needing to remember them. Some password managers work nicely within a browser extension, others tend to run as a “vault” program on your machine outside of the browser. Many password managers do both.

Ultimately your preference for whether a password manager should be cloud-based local only will dictate what kind of manager you’ll end up using, if you haven’t chosen one yet. We’ve written up several pieces on password managers if you need help deciding, but if you already use one, take this moment in your laptop set up process to remember to get yours up and running.

6. Dump the bloatware

When I’m setting up a new machine, this is one of the first steps I take. But it’s a step I often see people skipping altogether. I’m here to plead: Don’t!

If you’ve purchased a laptop from a major manufacturer, chances are they’ve shipped your shiny new machine with a whole bunch of new software. It’s likely that you won’t use half of it, and you probably already know which programs you’ll never touch.

Scrape those barnacles off your brand new machine and just uninstall these unwanted pre-installed programs (which is colloquially called “bloatware”). Every unused, unnoticed application is potential source of security vulnerabilities, and, hey, they take up space that you could use for applications or data you actually want.

And with that, you’re truly ready to start customizing your new laptop to your heart’s content. I’m curious to hear: What steps would you include in a new laptop set up? Let me know in the comments.

7. Give everyone their own account

If you aren’t the only person who will be using the laptop, don’t be tempted to share your username and password around. Create a separate account for each person who will be using the computer and make sure they have the access they need to do the things they need to do and nothing more (remember, administrator accounts are for administering, not browsing or checking email).

Doing this stops you from accidentally deleting each others’ data (or poking around in it) and allows everyone to configure the computer in the way they like it.

If your laptop is a Mac and you want to give your children access to it, read our guide to setting up a Mac for young children.

More NCSAM Activities

During NCSAM, Sophos is running a National Cybersecurity Awaraness Month webcast series. Every Wednesday in October you can hear from experts talking about the latest ransomware attacks, the importance of a modern threat detection and response program, phishing, and how to protect your network from encrypted threats.