I don't know whether this is the right place for this, but if not perhaps someone can send me there. I worded the title generally but in fact I am looking to update my own understanding of "Best Practices" (and related topics) in respect of two different and quite specific situations. The first concerns my 2 computers at home; the second concerns the 2 computers at work. The computers themselves are all rather similar. There is one Dell XPS 8700 desktop in each place; they are AFAIK identical out of the box, though now of course running different software. These each have an i7 4790 processor, 16 GB of RAM and a 1 TB HDD. Also a 4095MB NVIDIA GeForce GTX 745 graphics card. There is one Dell Inspiron 15 laptop in each place. The one in the office has an i3 processor and originally 4 GB of RAM (I've since upgraded it to 8 GB) and a 500 GB HDD. The one at home has an i7 processor, 12 GB of RAM and a 1 TB HDD. All 4 are now running Windows 10 - the Pro version on the desktops, the Home version on the laptops. Each has at least two external HDDs, of 1 TB or more capacity, that are not attached except when doing backups. My desktop at home also has a 2 TB external that normally stays attached. It's also hardwired to a Nikon slide scanner and a printer/scanner (HP Photosmart 6525). Internet is provided via a Linksys EA2700 router, to which the desktop computer is connected by an Ethernet cable. The home laptop is connected to the router and the printer via WiFi.
The setup in the office is basically the same, except there are 2 printers (much bigger ones of course) of which only 1 is hardwired to the computer. I think the office router is the same as mine, just a couple of years older. Those routers come with a setup utility that creates new random passwords and SSID names. The connections thus display as "Secured".
Being Dell, these machines came with pre-installed McAfee Live Safe. When those expired I replaced them with Avast Premier, which includes a software firewall. I gather that Avast is no longer quite the top of the heap, but I have so far had no problems with it (except their abysmal third-party billing system). On my system at home I have MBAM and MBAE (both Premium) installed. I also use SpywareBlaster, the MVPS hosts file, WOT and WinPatrol. Emsisoft and ESET scanners for occasional use (update first . . .). CCleaner Pro a couple of times a week to clean out Internet junk.
My 2 computers at home are used by myself alone. Likewise the laptop in the office. The office desktop is used by the current Admin Assistant (changed 3 times in the past 9 months) and by a second employee who works both in the field (we are a small public water district) and in the office. That also is a new hire.
Reading especially about the proliferation of ransomeware has scared me into thinking I'm probably not doing enough to protect either my data at home (thousands of more or less irreplaceable photos, for example) or those of the Agency in the office. My own Web browsing is pretty much limited to looking up scientific stuff (I do a lot of that) and, well, the many other fields I'm interested in (music, horses, hunting, food, art, mathematics, history, languages, and so on). In the office I don't have time for browsing, but the kids do. From my experience a few years ago running the computer lab in the local school I learned that the kids (including my office staff) will easily bypass anything put in place to limit their browsing. The school had a full-time IT security guy - and every kid who came into that lab already knew the master password and bypassed all the "parental restrictions" as if they hadn't been there. I have no reason to think it is otherwise in our office. Staff are not supposed to use computers for their personal amusement, but that's impossible to enforce. A waste of time and effort to try. So what else do I need to be doing to protect our data?
I have looked at - among others - Quietman7's tutorial on "Simple and easy ways to keep your computer safe and secure on the Internet" and the more recent "Best Practices for Safe Computing". The first is now 14 years old, the second about 5 years old. Surely some of the details have changed, even if the principles have not? For instance Avast Premier includes a software updater. Is that as good as the one in Secunia PSI?
And specifically I am interested in knowing what one needs to do nowadays to keep the ransomeware wolf from the door. A carefully thought-through backup plan (that''s actually executed), group policies that prevent malware being executed from specific locations, what else? and what is the most current version of those things?
I guess what I'm saying is that there's now so much information on these topics that my old brain is in danger of getting confused. I also have friends who, being even less informed than I on these subjects and also inclined not to take them altogether seriously, are constantly asking me "what should I do" or even "why should I bother doing this?" The one that scares me most is "why should I back things up, it's too complicated and time consuming!".
Thanks for any enlightenment anyone can throw my way, even if it's only the admonition to "go read this!".