How to protect yourself on the internet
The internet can be a great resource. It’s informative, entertaining, and it helps us communicate with friends, relatives and strangers alike. But it can also be a dangerous place if you don’t take proper steps to protect yourself from malicious threats like ransomware. Here are a few password recommendations and general computing tips to help keep you and your business safe from cybercriminals.
How to create a strong password
- Make passwords at least seven characters long, 12 is better.
- Don’t use real words.
- Don’t use things that are easy to guess, such as your user name, real name, birthday or company name.
- Include each of the following in your passwords: upper case letters, lower case letters, numbers and symbols.
- Change your passwords regularly — at least every 90 days.
- Each time you change your password, make it different than your previous password.
- Avoid sequential passwords, such as Password1, Password2, Password3 ...
Before you cancel a service or abandon an online account, change the password to something that is unrelated to your current password(s). Do this for any old email accounts, too.
Password best practices
- Change your passwords frequently.
- Use different passwords for everything.
- Never share your passwords with anyone.
- Avoid saving your passwords on applications and websites.
- If you must write down your passwords, store them in a secure place.
- Choose security questions that are hard to figure out.
Beware of common phishing attacks — If you get an email from one of your financial institutions asking you to confirm personal information, it’s probably fake. Your bank has all of your information securely stored. The only time you would need to confirm it is if you contacted them.
How to protect yourself online
- Email – Never send your credit card information or personal information such as your social security number in an email. Never open or click on email attachments from people you don’t know.
- Applications – Keep your applications up to date. Hackers often exploit vulnerabilities in outdated applications.
- IM – Use a nickname for your screen name and never send personal information through instant messaging programs.
- Public Wi-Fi – It’s best to avoid using free, public Wi-Fi. But if you must, verify the name of the network with staff before connecting, and never share personal information.
- Shopping – Only buy from reputable websites and never enter personal information unless you know the site is secure — make sure the URL of the checkout page begins with https rather than http.
- Online gaming – Be careful when playing online games and when communicating with other players when gaming.
- Kids – Always supervise your children’s online activity. Use parental control tools to keep them from accessing unsafe websites and sharing personal information.
Watch out for fake anti-virus — Be careful of pop-up windows that claim to have detected a virus on your computer and offer to remove it. In many cases, clicking on the link will launch a virus attack. Fake anti-virus often uses names that sound convincing, like “Anti-Virus Pro” or “Defender Pro.” Only use anti-virus from reputable vendors.
How to protect yourself from ransomware
- Backup your files regularly and keep a copy of your backup off site — in the cloud or another physical location. Make sure your backup service uses encryption.
- Never open an email attachment from someone you don’t know — or from someone you do know if it looks suspicious. Emails are common delivery mechanisms for malware.
- Watch for suspicious file extensions. Be wary of attachments with extensions such as “exe”, “vbs” and “scr.”
- Use an anti-virus program and keep it up to date.
What to do if you get hit with ransomware
If you have a secure backup:
- Disconnect the infected computer from the internet. Disconnect any computers connected to the infected computer. Discontinue any file sharing.
- Identify where the infection happened using anti-virus software (if you have it).
- Determine what form of ransomware you have — using a different computer, conduct a search based on what you see on your screen. Be careful not to download anything that comes up in search results.
- Remove the malware from your system(s). Options for doing this include:
- Searching online for unlock key(s) and using them to unlock your data
- Using a removal tool
- Deleting all infected files (if identifiable)
- Patching your software to eliminate the vulnerability exploited by that particular type of ransomware
- Enlisting the help of an IT professional
- Restore your data from the last backup before the ransomware hit.
If you don't have a secure backup, your options are:
- Pay the ransom and hope that the attacker unlocks your data (not guaranteed).
- Lose your data — wipe the system or buy a new one and start over.
- Hire an expert to try and help you decrypt your data. Note: this is very expensive, and depending on the type of ransomware, may be impractical or take far too long.
Learn more about ransomware in our Ransomware Preparedness & Recovery Guide