cyberattack

cyberattackIn case you missed it, a major cyberattack swept the globe Friday. Per pretty much every major news outlet here in the U.S., hackers locked computer systems worldwide, then threatened to destroy data if the victim did not pay to be let back in.

In other words, they executed a large scale ransomware attack, targeting companies, government agencies, public institutions and ordinary citizens across continents. The attack comes just one week after Google Docs users were hit by a large-scale phishing scam. Google reacted swiftly to shut it down, but hackers are digital whack-a-moles: There’s no way to guarantee another won’t immediately pop up in your inbox.

Fortunately, there are steps that, taken together, can minimize your odds of falling victim — or mitigate the damages if you do get got. Here are 50 ways to avoid or deal with a cyberattack.

1. Update Your Computer Regularly

The recent ransomware attack exploited a vulnerability in Microsoft Windows servers. But here’s the thing: Microsoft released a security update to patch the vulnerability back in March. The lesson here: Enable updates when prompted. This goes for other devices, like smartphones and tablets, too.

“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems,” Microsoft president and chief legal officer Brad Smith wrote in a blog post. “Otherwise they’re literally fighting the problems of the present with tools from the past.”

2. Turn on Your Firewall

That’ll help keep malware off your computers by stopping suspicious programs from downloading or accessing the internet, should one get onto your machine.

3. Install & Update Security Software

If you don’t have anti-virus or anti-malware software on your laptop or desktop, change that sooner rather than later. Otherwise, you’re making yourself an easier target. There’s a lot of truth in the statement “it’s not a matter of if, but when” when it comes to hacking and identity theft. Still, it’s best to make it as hard as possible for the scammers out there.

4. Set Software Limits

To block malware attempts, both Microsoft and Apple suggest limiting what software, programs or applications can do to your computer. You can set these limitations via your PC’s User Account Control or Mac’s Security and Privacy preferences.

5. Install Security Add-Ons for Your Internet Browser

There are free tools that tell you the safety of webpages you’re browsing, like Web of Trust or McAfee Secure Safe browsing plugins.

6. Check for HTTPS

When browsing, make sure URLs start with ‘https.’ The s means any data going back and forth between you and the site is encrypted.

7. Heed the Warnings

Google’s Safe Browsing is designed to flag unsafe websites and URLs you happen to stumble upon. Similarly, many providers flag potential scam emails either by sending them to spam or issuing a warning at the top of an email. While it can be tempting to write said warnings off, it’s in your best interest to take them seriously and, if you do proceed, do so with caution.

8. Learn How to Recognize a Phish

Phishers pose as legitimate entities to get users to click on a malicious link in their inbox. Their emails can look legit, but there are often tell-tale signs you’re dealing with a scammer, including typos, misspellings, generic salutations and sketchy urls, which you can spot by hovering over embedded links in the email. (Check out this story about a reader who received a scam email that included his friend’s Social Security number.)

9. Don’t Click the Links …

Even if you don’t readily spot any red flags. Instead, call the company or person sending the email directly to verify legitimacy. You don’t want to unwittingly download malware onto your computer that can spam your friends or hijack any personal information or passwords you type post-click.

10. … Enter Sensitive Personal Information …

In lieu of malware, some phishers simply prompt you to enter info directly on a spoofed website once you click. Consider the request for bank account digits, Social Security numbers or other sensitive data a big red flag. After all, financial institutions and government agencies, like the IRS, aren’t known to conduct urgent business over email. (Note: The IRS reported an approximate 400% surge in phishing/malware incidents early last year, so it’s important to be careful what information you share and where.)

11. … or Download Phishy Email Attachments

They can be yet another way in which the phisher is trying to install malware on your device.

12. Really, Just Avoid Unknown Emails

Even emails that seem safe can be dangerous. It’s common for attackers to impersonate someone you know, and if a contact of yours got hacked, they may unwittingly be spamming their entire address book. If you’re not expecting an email, do not know the sender or are unsure, do some research before opening the email.

13. Unsubscribe From Email Lists

If you aren’t interested in getting emails from certain mass distribution lists, take your name off. This way, your inbox is cleaner and you’re reducing the likelihood you’ll get an email from somewhere that got hacked. (Want to declutter your life even more? Here’s how to opt out of mailed credit card offers.)

14. Review Ads & Emails

Smart consumers never assume an ad or email is from a reputable company. Always verify if the information is legitimate by doing some research online (type the company or product into a search browser along with the terms “review,” “complaint” or “scam”). If something looks shady, it probably is. That said …

15. … Let Yourself Get Suspicious

Seriously, it’s OK to be extra cautious. Delete any emails, texts or anything else you’re not sure about.

16. Read the Privacy Policy

Don’t click “agree” and ignore the policy — take time to read it, as it will explain how your personal information is collected and used by the site. You’ll find out whether your information is shared with third parties and how that data is accessed. If something gives you pause, consider taking your business elsewhere.

17. Be Careful When Downloading Apps

Like we said, read privacy policies, including those lengthy permissions before you download an app to your device. Think about all you do and say on your devices — do you really want a scammer to have access to that?

18. Channel Your Inner Ron Swanson

No one expects you to go fully off the grid (even Ron caved and got a cellphone), but remember every time you sign up for a new service or share your information with another entity, you’ve presented cyber criminals another way to get to you. Consider keeping some aspects of your life off the internet, apps and devices.

19. Don’t Overshare on Social Media

Past addresses, the names of people living in your household and photographs are useful to identity thieves. They can help thieves bypass security verification questions or create new accounts in your name. Always think before you share something online.

20. Know When Your Social Security Number Isn’t Required

Just because there’s a line on a form for your Social Security number doesn’t mean you have to fill it in. Here are five places you should never give your Social Security number.

21. Don’t Blindly Fill Out Forms at the Doctor’s Office

If you’re at a doctor’s office and aren’t sure if they need some of the personally identifiable information they’re asking for (like your Social Security number), ask about it. This is an especially smart move because medical providers are a big target for data breaches. Here are four things your doctor doesn’t need to know.

22. Safely Dispose of Personal Information

Disposing of a computer or smartphone isn’t as simple as tossing it in the trash bin. With computers, be sure to use a program that overwrites the hard drive. Before you throw out a mobile device, check your owner’s manual or the manufacturer’s website to learn how to save or transfer information to a new device before doing a hard reset. Be sure to remove the SIM card and things like your contacts, search history and photos.

23. Get the Team on the Same Page

Whether it’s a quarterly refresher course or something everyone does once a year, making sure all employees are on the same page about digital security can help prevent everyone from getting hit by an attack.

24. Tread Lightly With Open & Public Wi-Fi

Free internet in public spaces like coffee shops and hotels is great to have, but you don’t know the other people sharing the connection. Someone else could be “eavesdropping” on what you’re doing, so limit your internet use on public networks. For example, using online banking while you’re on an unsecured Wi-Fi is a bad idea.

25. Be Selective About Using Shared Computers

Sometimes you have to get online on the computer at the library or FedEx. If that happens, make sure you log out on any sites and wipe your browser history before you go.

26. Be Careful With Data Share Folders

Cyber attacks aren’t limited to sketchy links or emails. Hackers have found ways to take over your system right from file share programs. It may be easy to leave these logged in constantly, especially if you’re using them for work, but logging out may save you in the long run.

27. Turn Off Your Computer

While leaving your computer on “Sleep” mode makes it easy to get back to work, constantly leaving your computer on makes it more susceptible to viruses. Turn your computer off when it’s not in use.

28. Remember to Log Out

Whether or not you share your computer or device, logging out after each use is a good practice.

29. Don’t Save Your Login Info … 

It’s so much easier to let your browser and apps save your login credentials, but it’s not just easier for you — you’re making thieves’ jobs easier, too. A lot of cybersecurity decisions require choosing between convenience and safety. If you choose convenience, be prepared for some potentially unpleasant consequences.

30. … Or Your Credit Card Details

It may be easier to click once and your order is on its way, whether it’s from your favorite online store or the local pizza delivery place, but storing your credit card information can leave you vulnerable.

31. Lock Up Your Phone …

It may seem inconvenient to enter a passcode or have your finger scanned to access your messages and apps, but if you ever lose your phone, having it locked could be the difference between shelling out for a new phone and shelling out for a new phone and trying to find the person who drained your bank account and hacked your social media accounts.

32. … & Your Laptop

Experts recommend keeping financial information on your laptop only when necessary. It also helps not to use an automatic login feature that saves your username and password so it’s harder for someone to get at your personal information if your laptop is stolen.

33. Use Built-In Biometric Authentication When Possible

Some thumb drives require your fingerprint to access the information stored on it. This is a great way to deter criminals and keep your data extra secure.

34. Create Strong ‘Phrase Passwords’

If you’re using a generic password like “Password123” or your dog’s name and your mailing address, it’s time to up your game. Have a favorite lyric, phrase, quote or poem? Use it. 2BorNOT2B is a lot harder to guess, and is still super easy to remember.

35. Don’t Reuse Passwords

Just because you’ve come up with a great phrase password doesn’t mean you should use it for your email, social accounts, bank app and everything else. Try to make a unique password for each of your accounts. At the very least, make sure your financial account passwords are different than your social media passwords.

36. Use a Password Manager

A password manager can generate strong, complex passwords to make hacking your accounts harder. Managers like LastPass can also store and remember them for you.

37. Update Your Passwords Often

The information exposed in a data breach may be old, but that won’t be much comfort to you if you’ve been using the same password for the last three years. Get in the habit of updating your login credentials every six months or so.

38. Use Two-Factor Authentication

If a service you use offers two-factor authentication for logging in, take advantage of it. This usually requires entering your password, then entering a confirmation code that will be sent to you by text, phone call or email. If someone gets their hands on your password, chances are they don’t also have your cellphone, leaving them locked out of your account.

39. Answer Security Questions Creatively

Sometimes it’s OK to lie, especially when coming up with answers to security questions. This way, a crook can’t guess their way into your finances. Don’t get so creative you can’t remember the answer, and create a cheat sheet to help you keep track. You can store it on an encrypted thumb drive. On that note…

40. Store Your Personal Information on an Encrypted Thumb Drive

Important documents and login information (for those who don’t use password managers) should be stored on an air-gapped device, such as the thumb drive. Experts recommend keeping one at home and storing the other in a safety deposit box or a safe.

41. Make Sure You Trust That Thumbdrive

We get it — sometimes curiosity can get the best of you. But if you find a USB or external hard drive, think twice before just putting it in your computer.

42. Don’t Forget About Old-School Back-Ups

A cyberattacker can’t get into your filing cabinet, and there are some things you really don’t want to lose. Consider keeping a hard copy of important documents like your last few years of tax returns, mortgage paperwork, student loan documents and insurance policies, so you still have the records even if digital forms have been compromised.

43. Backup Your Data Externally …

If something happens to your computer or other device, knowing your files are saved elsewhere can reduce the headache.

44. … & Then Backup Your Backups

Remember, no system is ever completely secure. Make it a habit to copy important files, especially financial documents you need for things like mortgages and student loans. Place the data on a removable disk or backup drive and store it somewhere safe.

45. Take a Deep Breath

It’s understandable to freak out if you’ve been hit by a cyberattack or are being asked to pay a ransom for stolen files, but try to stay calm. Disconnect from the internet, and call someone for help, whether that’s your work’s help desk or a reputable cybersecurity firm familiar with the technology you’re using.

46. Report the Problem

In the wake of the Google doc scam, the tech giant urged users to report suspicious email and content to it directly. You can report scams to your local attorney general and the Better Business Bureau to help prevent others from similarly falling prey.

47. Consider a Credit Freeze …

Fell for a phish? Consider freezing your credit reports so scammers can’t use the personal information they pilfered to open fraudulent credit accounts in your name.

48. … or Request Alerts

A credit freeze can be cumbersome, particularly if you’re in the process of applying for a loan yourself. If you don’t believe a thief scored any seriously sensitive info, you could at least request that the credit bureaus put a fraud alert on your credit report. That’ll prompt creditors to take extra steps to verify your identity before extending credit.

49. Accept That You May Not Get Back What You Lost

In the case of ransomware, you may be tempted to pay what the thief is asking so you can have your files back. Some experts recommend against paying because it further incentivizes ransomware attacks, and you may not get your files back even if you do pay.

50. Monitor Your Credit

Haven’t spotted any cyberattacks recently? It’s still a good idea to regularly monitor your credit for signs of identity theft. You can pull your credit reports for free each year at AnnualCreditReport.com and view your free credit report summary, updated every 30 days, on Credit.com.

This article originally appeared on Credit.com