Computer Security Checklist: Is Your Laptop Safe?
Your laptop is a vault. It holds your passwords, banking sessions, private messages, work documents, and medical records. Yet most people spend more time choosing a phone case than securing their computer.
Hackers know this. A single unpatched vulnerability, a malicious browser extension, or a stolen session cookie can give an attacker full access to your digital life — often without you noticing for weeks.
Use this 10-point checklist to audit your laptop's security right now.
Why Your Laptop Is a Target
Unlike phones, laptops typically have:
- More stored credentials — browsers save dozens of passwords
- Longer sessions — you stay logged into email, banking, and work tools for hours
- More attack surface — USB ports, remote access services, browser extensions
- Less physical security — laptops travel to cafés, airports, and coworking spaces
A 2025 IBM report found that 60% of data breaches involved endpoints like laptops and desktops, not servers.
The 10-Point Security Checklist
1. Enable Automatic OS Updates
Unpatched operating systems are the #1 attack vector. Enable automatic updates:
- Windows: Settings → Update & Security → Windows Update → Advanced → Automatic
- macOS: System Settings → General → Software Update → Automatic Updates
- Linux: Enable unattended-upgrades or your distro's equivalent
Don't postpone updates. The WannaCry ransomware exploited a vulnerability that Microsoft had patched two months earlier — victims simply hadn't updated.
2. Turn On the Built-in Firewall
Your OS has a firewall. Make sure it's active:
- Windows: Windows Security → Firewall & network protection → all profiles ON
- macOS: System Settings → Network → Firewall → Turn On
The firewall blocks unauthorized inbound connections. It won't stop all attacks, but it eliminates the easiest ones.
3. Enable Full-Disk Encryption
If your laptop is stolen, encryption ensures the thief can't read your data:
- Windows: BitLocker (Pro/Enterprise) or Device Encryption (Home)
- macOS: FileVault (System Settings → Privacy & Security → FileVault)
- Linux: LUKS encryption (usually set up during installation)
Without encryption, anyone with physical access can boot from a USB drive and read all your files.
4. Audit Browser Extensions
Browser extensions are one of the most underestimated security risks. Each extension can:
- Read every page you visit
- Access your cookies and session tokens
- Inject scripts into banking pages
- Be sold to malicious actors after gaining a user base
Action: Open your browser's extension page right now. Remove anything you don't actively use. For the rest, check permissions and reviews.
5. Harden Cookie and Session Settings
Session cookies are the keys to your logged-in accounts. If stolen, attackers can hijack your sessions without needing your password. This is called session hijacking or cookie theft.
Protect yourself:
- Set your browser to clear cookies on exit for non-essential sites
- Block third-party cookies entirely
- Use extensions like Cookie AutoDelete to clean up automatically
- Always log out of sensitive sites (banking, email) when done
Read more about how cookies are exploited in our article on how sites track you without cookies.
6. Install or Verify Antivirus
Real-time antivirus catches malware before it executes:
- Windows: Windows Defender is pre-installed and excellent. Make sure real-time protection is ON.
- macOS: XProtect runs in the background. Consider adding Malwarebytes for on-demand scanning.
Run a full system scan at least monthly. Don't install multiple antivirus programs — they conflict.
7. Secure Network Settings
Your network configuration matters:
- Disable auto-connect to open Wi-Fi networks
- Forget old networks you no longer use
- Use a VPN on public Wi-Fi (see our public Wi-Fi dangers guide)
- Secure your home router (see our Wi-Fi security guide)
8. Disable USB Autorun
Malicious USB drives can execute code the moment they're plugged in. Disable autorun:
- Windows: Settings → Devices → AutoPlay → OFF
- macOS: Autorun is disabled by default, but avoid plugging in unknown USB devices
In penetration tests, 45% of USB drives dropped in parking lots were plugged in by employees.
9. Review Remote Access Settings
Disable services you don't use:
- Windows: Disable Remote Desktop (Settings → System → Remote Desktop → OFF)
- macOS: Disable Screen Sharing and Remote Management (System Settings → General → Sharing)
Every open service is a potential entry point for attackers.
10. Set Up Automated Backups
If ransomware encrypts your files, backups are your only recovery option:
- Windows: File History or Windows Backup to an external drive
- macOS: Time Machine to an external drive
- Both: Add cloud backup (iCloud, OneDrive, or a dedicated service) for off-site copies
Test restoring from backup at least once. A backup you can't restore from is not a backup.
Browser Security Deep Dive
Your browser is the most targeted application on your computer. Here's what you need to understand:
Cookie Theft and Session Hijacking
When you log into a website, the server gives your browser a session cookie. This cookie proves you're authenticated. If an attacker steals it, they can impersonate you without knowing your password.
Common cookie theft methods:
- Malicious extensions: Extensions with broad permissions can read all cookies
- XSS attacks: Injected scripts on vulnerable websites steal cookies
- Malware: Info-stealers like RedLine specifically target browser cookie databases
- Public Wi-Fi: On unencrypted networks, cookies can be intercepted
Extension Supply Chain Attacks
Attackers buy popular browser extensions from their developers, then push a malicious update. The extension already has permissions — the update just starts abusing them. This has happened with extensions that had millions of users.
Signs Your Computer May Be Compromised
Watch for these warning signs:
- Unexpected pop-ups or new toolbars
- Browser homepage or search engine changed without your action
- Computer runs noticeably slower
- Unknown programs in startup list
- Antivirus disabled without your knowledge
- Unfamiliar outgoing network connections
- Friends receive spam emails from your address
- Passwords stop working on accounts
If you notice these signs, immediately secure your email and change passwords using a strong password generator.
FAQ
How often should I run a security check on my laptop?
Run a full security audit at least once a month. Check for OS updates weekly, and review browser extensions whenever you install something new.
Is Windows Defender enough for laptop security?
For most users, Windows Defender combined with safe browsing habits provides adequate protection. It scores well in independent tests. Add Malwarebytes for an occasional second-opinion scan.
Can hackers access my laptop through cookies?
Yes. Session cookies can be stolen through malware, man-in-the-middle attacks, or malicious browser extensions. Once stolen, attackers can hijack your logged-in sessions without needing your password.
Related Tools
- Password Generator — create strong, unique passwords for every account
- 2FA Guide — add an extra layer beyond passwords
- Public Wi-Fi Dangers — stay safe on shared networks