A new computer is easiest to secure before account sprawl, extensions, and unmanaged software accumulate.
Setting a clean baseline early, updates, identity protection, encryption, and backup discipline, prevents most avoidable compromises.
Secure baseline setup
- Run operating system and app updates before installing much else.
- Use a password manager and unique passwords, starting with your email and device account.
- Enable full-disk encryption.
- Set up backups and test a restore of at least one file.
- Use a standard (non-admin) daily user account when possible.
- Install software only from official sources and keep browser extensions minimal.
Key idea: Your email account and your device sign-in are the control plane. If those are weak, every other account recovery becomes fragile.
A simple first-week plan
If “secure the computer” feels vague, use a short sequence. The goal is to front-load the controls that stop the most common compromises.
| When | Focus | Outcome |
|---|---|---|
| Day 1 | Accounts and updates | Control plane secured and patch window closed |
| Day 2 | Encryption and device lock | Loss/theft risk reduced |
| Day 3 | Backups and restore test | Recovery path exists before the first incident |
| Day 4 | Browser hardening | Phishing and extension risk reduced |
| Day 5+ | Software hygiene | Fewer risky installs and fewer surprises later |
1) Start with accounts: email, device login, password manager
Most “computer hacks” begin with account compromise, not with someone breaking your hardware. Secure the accounts that reset other accounts:
- Your primary email
- Your Apple ID or Google account (if used)
- Your Microsoft account (if used)
Use unique passwords and enable two-factor authentication (2FA). Store recovery codes safely. Related: Common password mistakes.
If you do one account task, do email first. If an attacker controls email, they can reset most other accounts without touching your computer.
2) Update early and keep updates automatic
Enable automatic updates for the operating system, browser, and major apps. Many compromises rely on old vulnerabilities and predictable patch delays.
Also update what you forget exists: drivers, built-in utilities, and vendor “support” apps. If you do not use a vendor tool, uninstall it. Fewer moving parts means fewer surprise prompts and fewer auto-update failures.
3) Use a standard user account for daily work
Admin privileges amplify damage. When you browse, open files, and install software as an admin, malware inherits the same power. A standard user account reduces the blast radius of mistakes.
If you cannot separate accounts cleanly, at least make a habit: do not enter your admin password casually. Treat the elevation prompt as a “stop and verify” moment.
4) Enable full-disk encryption
Encryption protects your data if the computer is lost or stolen. It also reduces the chance that someone can access your files by removing the drive.
Encryption is most effective when paired with a strong device passcode and a screen lock that engages quickly when you step away.
5) Set up backups that you can actually restore
Backups are your recovery plan for ransomware, theft, and hardware failure. A good backup is automatic, versioned, and tested.
A practical mental model is “two backups with different failure modes”. One backup that is always connected is convenient, but it can also capture bad changes quickly. A second backup that is less reachable is your safety net.
| Threat | What fails | What protects you |
|---|---|---|
| Phishing | Accounts, money, identity | Password manager, 2FA, link hygiene |
| Malware | Files, sessions, credentials | Updates, minimal extensions, standard user |
| Ransomware | Availability of data | Versioned backups, restore testing |
| Loss/theft | Privacy, account access | Disk encryption, device lock |
6) Harden the browser
The browser is where most compromises begin because it is the tool that touches unknown content. You are not trying to become anonymous. You are trying to reduce the number of traps that work on a tired brain.
- Keep extensions minimal and remove anything you do not recognize.
- Use a separate browser profile for high-risk links and testing.
- Use built-in tracking protections and consider blocking third-party cookies.
- Disable “always sign in” defaults if they cause identity mixing across profiles.
Related: Private browsing and cookie tracking.
7) Install software only from sources you trust
A new computer is often compromised through “helper” downloads, cracked software, and installer bundles. Prefer official app stores and vendor sites. If you cannot identify the publisher, do not install it.
Be especially cautious with “driver updater”, “cleaner”, and “optimization” tools. They often add background services that are hard to remove, and they create more prompts that train you to click “Allow” automatically.
8) Turn on baseline protections
Most operating systems include built-in firewalling and baseline malware protections. Ensure they are enabled. Add third-party security tools only if you understand the tradeoffs and can keep them updated.
Common mistake: Installing multiple “security” tools that conflict and create instability. A clean baseline plus updates is usually higher leverage.
9) Network hygiene: your router is part of the system
For home use, the Wi‑Fi router is often the one device that never gets updated. If you are setting up a new computer, take ten minutes to reduce the obvious risks.
- Change the router admin password if it is still a default.
- Enable automatic firmware updates if available.
- Use a strong Wi‑Fi password and avoid old, weak security modes.
- Do not expose remote administration to the internet unless you truly need it.
This does not make you “unhackable”. It removes a few common shortcuts that attackers and malware take in home environments.
10) Have a mini incident plan
If something feels off on your new computer, a simple first response reduces damage:
- Disconnect from the network if you suspect malware.
- Change key passwords from a different trusted device.
- Check email sign-in history and remove unknown sessions.
- Run a reputable malware scan and remove unknown extensions.
Incident workflow: Been hacked? What to do first.
Baseline: How to protect your online information.
New computer security is mostly about defaults. When updates are automatic, encryption is enabled, backups are real, and the browser is clean, most opportunistic attacks fail.
That baseline also makes recovery calmer. You can wipe and restore without panic because you planned for it. You can rotate credentials because you use a manager. You can verify alerts because your control plane is protected.
Security is not a one-time setup. It is a set of systems that keep working after the novelty wears off. If your new computer starts with those systems, it stays safe with far less effort.