Guidelines for Home / SOHO Computers

Several years ago Aging Safely Inc, i.e. Dotti & I, switched from Windows Computers to Macs. It wasn’t as painless of a transition as we hoped, but it went very well. This document is a re-hash of the PC / Windows Guidelines that I have posted for years but with a Mac focus and gets updated each year. Most of the guidelines apply to both Ps and Mac systems.

The following guidelines are ones that I have developed over more than four decades in the computer industry. Many I learned the hard way. Like everyone in the computer industry, I am still learning, so these guidelines aren’t perfect and are still a work in progress. These are the policies that the Snows use for their SOHO (small office home office) computers. You are welcome to adopt these guidelines for use on your own computer systems at your own risk. The order here is in approximate order of importance!  

Have a Backup Plan – Follow It & Test It

If your computer has data that is valuable to you then you MUST back that data up! Data might be Music (MP3’s, AACs), Photos (JPG’s), Tax and Business Records, correspondence, email, your calendar or many other things. Computer hardware can break, computer software can have bugs, systems can have hardware failures, virus, fire or other disasters can damage your system. If you don’t have a backup, you will have lost that valuable data.

On our Macs, we each have an external 4 TB USB3.0 drive ($99 @ Costco), dedicated for backups. Backing up your computer doesn’t have to be expensive – not backing it up can be VERY costly!

The following is the strategy that we use for our SOHO systems:

  • The Mac operating system (macOS) comes with a very good backup program called Time Machine. It backs up any files that have changed every 15 minutes. It keeps: hourly backups for 24 hours, daily backups for a month, weekly backups until it runs out of space and then starts deleting the oldest backups.  On my system, I am only using about 1 TB of the 2 TB of backup space that I have allocated after 18 months!
  • Time Machine backups the changes so frequently, almost provides the equivalent functionally of Windows System Restore.
  • Test that the backup strategy is saving the correct files. First by looking at what is being saved. Some time ago, I tried to test an upgrade from macOS on a spare disk. Due to my own screw-up, I messed up my system disk.  All I had to do was a reboot with while holding the option (alt) key down and select to restore from Time Machine’s backups.  About two hours later I was back to where I started before my error — Almost Painless!
  • With a good backup program, you can restore anything from a single file to all of your data.
  • Part of the data that must be backed up at least once is the software keys and keep them with your off-site backups.

Since fire, lighting, theft and other physical disasters are a possibility, I do an “offline backup” of both systems to a couple of old removable disks and store them in our fire safe.  I try to re-do this at least once-per-quarter.  It is at least a starting place if we ever have such a disaster.

Have a Firewall to Isolate Your Computers/LAN from the Public Network

Your computer should be isolated from the network by a hardware firewall. Apple’s macOS and Microsoft’s Windows have built-in software firewalls. Anti-Virus programs often include firewalls as well. These firewalls are better than no firewall, but a hardware firewall is a far better solution.

Small wifi routers are available for about $150. If you select an 802.11b/g/n/ac wireless router, be sure to enable WPA2 encryption, or better and select a secure password. Be sure to record this password, since you will need to input into the router and each computer on your local network. Be sure to select and set a secure password for the administrator account on your router as well.

Most modern routers have the capability of a “guest network” where users can get to the greater internet but CAN’T get to your local devices. Today with everyone having a smartphone and wanting to access the internet from your home or office, you should set up the router with a simple “Guest” password for this situation.

Be careful with routers supplied by cable and phone companies. In my area, Frontier FIOS installs all of the routers with all of the account and password information printed on the router, visible to everyone! While this is much better than leaving it blank as other ISPs often do, it is still a poor security protocol and has the potential to make it easier to hack into.

If you ever plan to use VPN into or out from your LAN, then pick an IP range that is different from every place that you might connect with. I recommend setting the LAN IP randomly between 192.168.50.1 and 192.168.240.1 Most of the consumer-grade routers default to low IP numbers in the 192.168.0-12.1 range. Some routers also use the 10.0.0.1 range. Again it is not the actual address that matters, but not having the same address on both ends of a connection.

Try not to open up any ports beyond the firewall’s secure defaults. If you must use Remote DesktopRemote Terminalinbound VPN, File Sharing and/or other protocols that allow connections from outside your network to inside your network enable them only when you are using them, limit them to one account and have secure passwords on all accounts. Remember the reason that you have the firewall is to block outside connections! The more holes you open up in any firewall, the less secure it is! Also, check that the WAN port can’t be ping’ed. Normally today this is the router’s default. Enable this feature only when troubleshooting as hackers can easily detect that your computer exists when this is enabled.

Keep Your Operating System and Applications Current

Apply the operating system patches soon after they are released.  Both macOS and Window have good automatic update systems.  It is harder to keep applications up to date.

Have a Good Anti-Virus Program – Update & Use It!

Currently, I use Sophos and like it.

Email used to be the number one way to spread viruses, spyware, and other attacks. Know how your email provider handles virus protection. If you are getting viruses by email, change your email provider to one that scans all of your mail.

Since our computers are always on the Anti-Virus programs get updated daily and complete scans are done at least weekly. If you only power your computer up for short periods, then you must manually force the Anti-Virus updates, scans, and Operating System updates to happen, do this on a schedule every week to two at the most.

Have a Sane and Secure Password Strategy

Have at least three username/password – pin pairs. One is for the really important accounts such as your bank and brokerage accounts. Have a second for public websites that are not as important. Have the third one for your computers and web sites and other things that you manage. Many people may need a couple more pairs if the complexity of computer usage is higher than normal. A program like LastPass is great as well.

Note: Getting the system administrator’s username and password was how many famous hacks occur!  Don’t allow logins from outside of your local network as the default!  Stay away from enabling by default any remote login tools that pass through your firewall! TeamViewer, GotoMyPC, MS’s Remote Desktop, and VNC are just a few of the many out there.  If you need such a tool to have a friend help you with a problem, try using a tool, such as TeamViewer, that you can run the executable, fix the issue and when you exit the program nothing is left running. Note: TeamViewer is only free for “non-commercial usage”.

Develop a password strategy and stick with it. Passwords should be at least 10 characters; should have at least one uppercase letter, a number and punctuation all located somewhere in the middle. Decide on your plan, how frequently you will change them and follow that plan. The frequency of change depends on the risk of discovery, the damage that could be done if compromised, and how much of a pain it will be to change a password in multiple places.

Most systems also accept .-_!# (period, dash, bang, hash and underscore) as password characters. These are good to use, but don’t get too fancy by using other punctuation (@$%^&*+=/?><{}[] etc.) or you may find that the Operating System or application interprets these characters rather than making them part of the password.

Usernames are usually not case-sensitive and passwords usually are. Do not write passwords where others can find them. If you need to record them, in case of an emergency, keep them on paper locked up with your other important papers.  Always have a password for your local computer even if it is in a physically secure location. The password is one more thing for a hacker to have to defeat when entering via the network.

Don’t Download Programs from Unknown Sources

You can usually trust your major hardware manufacturers and software houses to have virus-free and usually spyware-free software. If you don’t know and trust the source, then don’t download it! Be suspicious of attachments, even from your friends. Safe computing isn’t always easy!

I used to think that there is no really good solution for SPAM. ISPs and Anti-Spam tools either don’t filter enough or filter out VALID emails. I had been looking for an acceptable tool that works. Since my ISP and Anti-Virus software are both scanning the email for viruses and Spyware, SPAM is only an inconvenience and no longer a serious danger.

Keep a Copy of all Software Kits Online

I have a Kits directory tree where I store a copy of all of my software. I structure it in chunks that are less than 4 GB so I can burn them to a DVD or thumb drive – if required. This keeps the software available when I need it, allows me to load and update it easily from multiple computers.  If you set your folders viewing options to include “show hidden files and folders” you can usually copy a complete CD/DVD to the hard drive and install the software without any problem. Since most of the applications I use are downloaded over the Internet, this is where I copy them. If the software has a key, I type it into key.txt and place this file in the top-level directory so that I don’t lose it.

Keep Your Computer Clean, COOL, Well Ventilated and Physically Secure

Physically Secure includes not allowing your kids or grandkids to play games or install software from an account with Administrator privileges. We have a Kids Account for the grandchildren on the computer that we allow them to use. Any trash that they leave on the desktop is on their desktop, not ours. This way they can’t see or delete any personal files or information.

SOHO’s Should Have a Disaster Plan – Test It When You Upgrade Your Computer!

Disaster Plan outlines how you would recover your equipment and data after a disaster so that you could continue operations with minimum interruptions. It is basically a list of the steps that you would need to restore a usable set of capabilities.  The Test-It and the Backup Strategy above is really disaster planning. Only when you know how that you can recover, can you know that what you are backing up is the correct stuff. If one of our computers totally fried, we would need to the following to recover it:

  • Replace or repair any damaged hardware (1 day to replace locally – 1 week online – ~$2,000/system  (Computer, monitor, printers, etc.)
  • Install the Operating System and Backup Program from the off-site backup and software keys (.5 day).  With a good system image that time should be greatly reduced. I still store software kits and keys as if I didn’t have any image backups.
  • Restore the data from the most recent Full Backup, available on-site or off-site. (1-4 hours)
  • Install the remainder of the applications from the On-line Kits or CD/DVDs, if required. (.5 day )
  • Test that it works. Figure out what information was lost, and how best to deal with that loss. Hopefully, the loss should only be the new data since our last backup and the disaster, and much of that we could recover via other means.

After the recovery was complete, it is likely that we would have a newer faster more capable computer system and lose very little data. This is all because we planned ahead and do backups regularly.

A computer or two is the easy part of a disaster plan. The hard part has to do with the physical plant. (Building, phones, phone lines, other required services, employees, paper documents, etc.) That is outside of the scope of these guidelines. This is an area that even many Fortune 500 companies don’t do very well.

Note: www.AgingSafely.com’s web hosting systems are located in a secure data center, backed up daily, has off-site backups, hot-spare hardware, and a disaster plan. The level of care, physical security, network connectivity and 24-hour staffing that they receive is much greater than is recommended here for SOHO systems. The facility we selected to house them was selected for these very reasons.

Leave a Comment

13 − 7 =