In case you missed it, a major cyberattack swept the globe Friday. Per pretty much every major news outlet here in the U.S., hackers locked computer systems worldwide, then threatened to destroy data if the victim did not pay to be let back in.
In other words, they executed a large scale ransomware attack, targeting companies, government agencies, public institutions and ordinary citizens across continents. The attack comes just one week after Google Docs users were hit by a large-scale phishing scam. Google reacted swiftly to shut it down, but hackers are digital whack-a-moles: There’s no way to guarantee another won’t immediately pop up in your inbox.
Fortunately, there are steps that, taken together, can minimize your odds of falling victim — or mitigate the damages if you do get got. Here are 50 ways to avoid or deal with a cyberattack.
1. Update Your Computer Regularly
The recent ransomware attack exploited a vulnerability in Microsoft Windows servers. But here’s the thing: Microsoft released a security update to patch the vulnerability back in March. The lesson here: Enable updates when prompted. This goes for other devices, like smartphones and tablets, too.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Microsoft president and chief legal officer Brad Smith wrote in a blog post. “Otherwise they’re literally fighting the problems of the present with tools from the past.”
2. Turn on Your Firewall
That’ll help keep malware off your computers by stopping suspicious programs from downloading or accessing the internet, should one get onto your machine.
3. Install & Update Security Software
If you don’t have anti-virus or anti-malware software on your laptop or desktop, change that sooner rather than later. Otherwise, you’re making yourself an easier target. There’s a lot of truth in the statement “it’s not a matter of if, but when” when it comes to hacking and identity theft. Still, it’s best to make it as hard as possible for the scammers out there.
4. Set Software Limits
To block malware attempts, both Microsoft and Apple suggest limiting what software, programs or applications can do to your computer. You can set these limitations via your PC’s User Account Control or Mac’s Security and Privacy preferences.
5. Install Security Add-Ons for Your Internet Browser
There are free tools that tell you the safety of webpages you’re browsing, like Web of Trust or McAfee Secure Safe browsing plugins.
6. Check for HTTPS
When browsing, make sure URLs start with ‘https.’ The s means any data going back and forth between you and the site is encrypted.
7. Heed the Warnings
Google’s Safe Browsing is designed to flag unsafe websites and URLs you happen to stumble upon. Similarly, many providers flag potential scam emails either by sending them to spam or issuing a warning at the top of an email. While it can be tempting to write said warnings off, it’s in your best interest to take them seriously and, if you do proceed, do so with caution.
8. Learn How to Recognize a Phish
Phishers pose as legitimate entities to get users to click on a malicious link in their inbox. Their emails can look legit, but there are often tell-tale signs you’re dealing with a scammer, including typos, misspellings, generic salutations and sketchy urls, which you can spot by hovering over embedded links in the email. (Check out this story about a reader who received a scam email that included his friend’s Social Security number.)
9. Don’t Click the Links …
Even if you don’t readily spot any red flags. Instead, call the company or person sending the email directly to verify legitimacy. You don’t want to unwittingly download malware onto your computer that can spam your friends or hijack any personal information or passwords you type post-click.
10. … Enter Sensitive Personal Information …
In lieu of malware, some phishers simply prompt you to enter info directly on a spoofed website once you click. Consider the request for bank account digits, Social Security numbers or other sensitive data a big red flag. After all, financial institutions and government agencies, like the IRS, aren’t known to conduct urgent business over email. (Note: The IRS reported an approximate 400% surge in phishing/malware incidents early last year, so it’s important to be careful what information you share and where.)
11. … or Download Phishy Email Attachments
They can be yet another way in which the phisher is trying to install malware on your device.
12. Really, Just Avoid Unknown Emails
Even emails that seem safe can be dangerous. It’s common for attackers to impersonate someone you know, and if a contact of yours got hacked, they may unwittingly be spamming their entire address book. If you’re not expecting an email, do not know the sender or are unsure, do some research before opening the email.
13. Unsubscribe From Email Lists
If you aren’t interested in getting emails from certain mass distribution lists, take your name off. This way, your inbox is cleaner and you’re reducing the likelihood you’ll get an email from somewhere that got hacked. (Want to declutter your life even more? Here’s how to opt out of mailed credit card offers.)
14. Review Ads & Emails
Smart consumers never assume an ad or email is from a reputable company. Always verify if the information is legitimate by doing some research online (type the company or product into a search browser along with the terms “review,” “complaint” or “scam”). If something looks shady, it probably is. That said …
15. … Let Yourself Get Suspicious
Seriously, it’s OK to be extra cautious. Delete any emails, texts or anything else you’re not sure about.
Don’t click “agree” and ignore the policy — take time to read it, as it will explain how your personal information is collected and used by the site. You’ll find out whether your information is shared with third parties and how that data is accessed. If something gives you pause, consider taking your business elsewhere.
17. Be Careful When Downloading Apps
Like we said, read privacy policies, including those lengthy permissions before you download an app to your device. Think about all you do and say on your devices — do you really want a scammer to have access to that?
18. Channel Your Inner Ron Swanson
No one expects you to go fully off the grid (even Ron caved and got a cellphone), but remember every time you sign up for a new service or share your information with another entity, you’ve presented cyber criminals another way to get to you. Consider keeping some aspects of your life off the internet, apps and devices.
19. Don’t Overshare on Social Media
Past addresses, the names of people living in your household and photographs are useful to identity thieves. They can help thieves bypass security verification questions or create new accounts in your name. Always think before you share something online.
20. Know When Your Social Security Number Isn’t Required
Just because there’s a line on a form for your Social Security number doesn’t mean you have to fill it in. Here are five places you should never give your Social Security number.
21. Don’t Blindly Fill Out Forms at the Doctor’s Office
If you’re at a doctor’s office and aren’t sure if they need some of the personally identifiable information they’re asking for (like your Social Security number), ask about it. This is an especially smart move because medical providers are a big target for data breaches. Here are four things your doctor doesn’t need to know.
22. Safely Dispose of Personal Information
Disposing of a computer or smartphone isn’t as simple as tossing it in the trash bin. With computers, be sure to use a program that overwrites the hard drive. Before you throw out a mobile device, check your owner’s manual or the manufacturer’s website to learn how to save or transfer information to a new device before doing a hard reset. Be sure to remove the SIM card and things like your contacts, search history and photos.
23. Get the Team on the Same Page
Whether it’s a quarterly refresher course or something everyone does once a year, making sure all employees are on the same page about digital security can help prevent everyone from getting hit by an attack.
24. Tread Lightly With Open & Public Wi-Fi
Free internet in public spaces like coffee shops and hotels is great to have, but you don’t know the other people sharing the connection. Someone else could be “eavesdropping” on what you’re doing, so limit your internet use on public networks. For example, using online banking while you’re on an unsecured Wi-Fi is a bad idea. (We get it, though — free stuff, like these 50 things, is great. Just make sure you’re responsible about it.)
25. Be Selective About Using Shared Computers
Sometimes you have to get online on the computer at the library or FedEx. If that happens, make sure you log out on any sites and wipe your browser history before you go.
26. Be Careful With Data Share Folders
Cyber attacks aren’t limited to sketchy links or emails. Hackers have found ways to take over your system right from file share programs. It may be easy to leave these logged in constantly, especially if you’re using them for work, but logging out may save you in the long run.
27. Turn Off Your Computer
While leaving your computer on “Sleep” mode makes it easy to get back to work, constantly leaving your computer on makes it more susceptible to viruses. Turn your computer off when it’s not in use.
28. Remember to Log Out
Whether or not you share your computer or device, logging out after each use is a good practice.
29. Don’t Save Your Login Info …
It’s so much easier to let your browser and apps save your login credentials, but it’s not just easier for you — you’re making thieves’ jobs easier, too. A lot of cybersecurity decisions require choosing between convenience and safety. If you choose convenience, be prepared for some potentially unpleasant consequences.
30. … Or Your Credit Card Details
It may be easier to click once and your order is on its way, whether it’s from your favorite online store or the local pizza delivery place, but storing your credit card information can leave you vulnerable.
31. Lock Up Your Phone …
It may seem inconvenient to enter a passcode or have your finger scanned to access your messages and apps, but if you ever lose your phone, having it locked could be the difference between shelling out for a new phone and shelling out for a new phone and trying to find the person who drained your bank account and hacked your social media accounts.
32. … & Your Laptop
Experts recommend keeping financial information on your laptop only when necessary. It also helps not to use an automatic login feature that saves your username and password so it’s harder for someone to get at your personal information if your laptop is stolen.
33. Use Built-In Biometric Authentication When Possible
Some thumb drives require your fingerprint to access the information stored on it. This is a great way to deter criminals and keep your data extra secure.
34. Create Strong ‘Phrase Passwords’
If you’re using a generic password like “Password123” or your dog’s name and your mailing address, it’s time to up your game. Have a favorite lyric, phrase, quote or poem? Use it. 2BorNOT2B is a lot harder to guess, and is still super easy to remember. (Not sure if you’re using a strong password? To start, make sure it isn’t on this list of 25 passwords you should never use.)
35. Don’t Reuse Passwords
Just because you’ve come up with a great phrase password doesn’t mean you should use it for your email, social accounts, bank app and everything else. Try to make a unique password for each of your accounts. At the very least, make sure your financial account passwords are different than your social media passwords.
36. Use a Password Manager
A password manager can generate strong, complex passwords to make hacking your accounts harder. Managers like LastPass can also store and remember them for you. (You can read this for more on remembering passwords.)
37. Update Your Passwords Often
The information exposed in a data breach may be old, but that won’t be much comfort to you if you’ve been using the same password for the last three years. Get in the habit of updating your login credentials every six months or so.
38. Use Two-Factor Authentication
If a service you use offers two-factor authentication for logging in, take advantage of it. This usually requires entering your password, then entering a confirmation code that will be sent to you by text, phone call or email. If someone gets their hands on your password, chances are they don’t also have your cellphone, leaving them locked out of your account.
39. Answer Security Questions Creatively
Sometimes it’s OK to lie, especially when coming up with answers to security questions. This way, a crook can’t guess their way into your finances. Don’t get so creative you can’t remember the answer, and create a cheat sheet to help you keep track. You can store it on an encrypted thumb drive. On that note…
40. Store Your Personal Information on an Encrypted Thumb Drive
Important documents and login information (for those who don’t use password managers) should be stored on an air-gapped device, such as the thumb drive. Experts recommend keeping one at home and storing the other in a safety deposit box or a safe.
41. Make Sure You Trust That Thumbdrive
We get it — sometimes curiosity can get the best of you. But if you find a USB or external hard drive, think twice before just putting it in your computer.
42. Don’t Forget About Old-School Back-Ups
A cyberattacker can’t get into your filing cabinet, and there are some things you really don’t want to lose. Consider keeping a hard copy of important documents like your last few years of tax returns, mortgage paperwork, student loan documents and insurance policies, so you still have the records even if digital forms have been compromised.
43. Backup Your Data Externally …
If something happens to your computer or other device, knowing your files are saved elsewhere can reduce the headache.
44. … & Then Backup Your Backups
Remember, no system is ever completely secure. Make it a habit to copy important files, especially financial documents you need for things like mortgages and student loans. Place the data on a removable disk or backup drive and store it somewhere safe.
45. Take a Deep Breath
It’s understandable to freak out if you’ve been hit by a cyberattack or are being asked to pay a ransom for stolen files, but try to stay calm. Disconnect from the internet, and call someone for help, whether that’s your work’s help desk or a reputable cybersecurity firm familiar with the technology you’re using.
46. Report the Problem
In the wake of the Google doc scam, the tech giant urged users to report suspicious email and content to it directly. You can report scams to your local attorney general and the Better Business Bureau to help prevent others from similarly falling prey.
47. Consider a Credit Freeze …
Fell for a phish? Consider freezing your credit reports so scammers can’t use the personal information they pilfered to open fraudulent credit accounts in your name. You can learn more about credit freezes — and when to use them — here.
48. … or Request Alerts
A credit freeze can be cumbersome, particularly if you’re in the process of applying for a loan yourself. If you don’t believe a thief scored any seriously sensitive info, you could at least request that the credit bureaus put a fraud alert on your credit report. That’ll prompt creditors to take extra steps to verify your identity before extending credit.
49. Accept That You May Not Get Back What You Lost
In the case of ransomware, you may be tempted to pay what the thief is asking so you can have your files back. Some experts recommend against paying because it further incentivizes ransomware attacks, and you may not get your files back even if you do pay.
50. Monitor Your Credit
Haven’t spotted any cyberattacks recently? It’s still a good idea to regularly monitor your credit for signs of identity theft. You can pull your credit reports for free each year at AnnualCreditReport.com and view your free credit report summary, updated every 14 days, on Credit.com.