Keeping cyber criminals at bay isn’t as hard as it may seem. Although no security system is perfect, following these 7 basic tips can significantly reduce your risk of becoming a victim.

1. Stop and Think Before You Click a Link – Before you click on a link or open an attachment in an online message (i.e., an E-mail, text message, instant message, etc.), ask yourself if you were expecting the message, even if it was from someone you know and trust.  If you weren’t expecting the message, contact the sender via another means (e.g., call or text them) to see if they truly sent the message.  A few extra seconds of effort can save you a lot of headaches later.  For more information about common online messaging-based attacks, visit Stay Safe Online (https://staysafeonline.org/blog/5-ways-spot-phishing-emails/). Think you have the skills to spot a fake online message?  Try Google’s phishing quiz at https://phishingquiz.withgoogle.com/.
2. Avoid Less Reputable Websites – Although some websites pay attention to cybersecurity and attempt to keep their sites safe, many sites do not.  Their primary focus is to drive viewers to the site to increase advertising revenue or sales, and the maintenance and security of the site often take a back seat.  Regardless of whether the link is in an online message, search engine result, or other source, before you click on the link you should ask yourself whether the site is likely to be secure, and if you are unsure, don’t visit the site.  Advertising-laden sites are also more prone to unintentionally posting advertisements that can push malware down to your device and should therefore be avoided where possible.
3. Back up your data – Ransomware is one of the biggest threats facing organizations and individuals today.  Ransomware will encrypt your locally stored data and online storage, such as Carbonite, OneDrive or Drobox.  Some online storage companies keep multiple older versions of your data, helping to improve your chances of recovering unencrypted versions of your files.  However, we recommend that you back up your data to offline sources such as external hard drives that you keep unplugged from your computer except when backing up your data to them.  This allows you to successfully recover your data in the event the online backup provider is the victim of a ransomware attack or otherwise goes offline.
4. Use Antivirus and Firewall Software – Old antivirus software used to bog down computers, but today’s antivirus software is both highly efficient and effective.  If you don’t want to pay for antivirus software, Microsoft Windows even comes with its own antivirus software called Windows Defender that consistently receives high ratings in independent reviews.  Similarly, Windows Firewall does a good job of helping to keep attackers at bay.  If you need help enabling Windows Firewall or Windows Defender, visit https://www.microsoft.com/en-us/windows/comprehensive-security.  Several well-known companies, including McAfee, Norton, BitDefender, and AVG also make antivirus software for Android devices, and if you own an Android device you should consider installing one of those.  We also recommend downloading and running an alternative antivirus program, such as Malwarebytes, as a safety precaution every few months.
5. Enable Automatic Software Updates – Most operating systems, such as iOS, Android, and Windows, and most commercial software, such as Microsoft Office, Adobe Acrobat, Google Chrome, and Mozilla Firefox are regularly updated by their manufacturers.  Almost every update contains fixes for security vulnerabilities that were found in the operating system or software.  Most of these tools can automatically install the latest updates from the manufacturer, and it is a good idea to enable automatic updates.
6. Use Multifactor Authentication Where Possible – Usernames and passwords are not enough to keep attackers at bay.  A third form of authentication, called multifactor authentication, is a necessity and should be used whenever available.  Multifactor authentication can take different forms, including text messages or synchronized pseudo-random numbers that change frequently.  Although some forms of multifactor authentication are stronger than others, any multifactor authentication is better than none.
7. Use a Password Manager – Password mangers such as 1Password, Dashlane, and LastPass store your passwords in an encrypted form that only you can access and can automatically log you into your favorite websites.  The stored passwords can be synchronized across your mobile and desktop/laptop devices.  Password managers are safer than storing passwords in your browser, and they allow you to use unique passwords on every website.

For more practical cybersecurity news and tips, subscribe to our newsletter. Click Here to download a PDF version of this document, along with our impactful article on the role individuals play in cybersecurity.