If you want your PC to be secure, there are 3 basic steps you need to take:
- Disk encryption
- Setup a good firewall
- Pick a strong password
That’s all there’s to it, really.
Full disk encryption will make sure there’s no way to steal your harddrive’s data, or use recovery pendrives to reset passwords on your OS. I’m using BitLocker with a TPM chip, but there are other options available as well. Just put those recovery codes in a safe place and you’re good to go.
A firewall is needed so that your PC’s network interface isn’t giving away your data. Your system might still boot and enable your network, bluetooth or other devices which allow access to your data even if it is encrypted. Make sure your PC does not accept connections from via the network interface to prevent that your data gets stolen that way.
Lastly, passwords need to be strong. A good password (or even better a smartcard or other security device) is needed so that if they boot up your PC, they can’t get in.
Combine these 3 techniques and the data on your PC is safe.