If your computer got hacked by the WannaCry ransomware virus, you don't need any more persuasion. Your computer has been turned into a paperweight and you've lost, what, one day of work? Two or three days? And don't forget those files — a month's worth, six months' worth, nine months' worth? — you've lost forever. Even if you dodged the bullet this time, what happens next time when crooks in North Korea or Moscow or — hey, who knows? — a dorm room at MIT hack into your computer or tablet?
The good news is that you're not totally vulnerable to the bad guys. "You can take steps to protect yourself," said Mike Bruemmer, vice president of consumer protection for Experian, a global information services company that is the parent of one of the three major credit-reporting bureaus.
Here are 10 steps that you should take with computers and other devices, when appropriate, as recommended by Bruemmer; James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think tank based in Washington, D.C.; and Michael Kaiser, executive director of the National Cyber Security Alliance, a cybersecurity education organization.
Your work computers and devices may be protected by your company's technical services department. But what about your personal machines? These protective steps can be taken by any lay person, and don't require you to have a Ph.D. in computer science.
- Do not click on suspicious links or open attachments from unknown sources.
- Check the reliability of a link by hovering your cursor over it to make sure the URL matches the hyperlink. In other words, does the address in the link window match the location you're expecting to see? If it isn't, watch out. "When you do this, you can see if the link beneath the hyperlink is legitimate or spoofed," Scott told IBD by email. "Spoofed links, many times, carry a malicious payload."
- Install updates and patches on your operating systems and applications as soon as you receive them. Activate automatic updates for any applications that can be configured that way.
- Use complex passwords and logins. Include random, upper- and lowercase letters; numbers; and symbols. Do not reuse old passwords and logins.
- Make backups of your files on an external drive or other appropriate medium, so you'll still have access even if you lose access to your computer or other device.
- Keep the medium that contains your original operating system and applications, if you received them in the first place. This could be a CD. Make external backups of your operating system and applications so you have copies that contain all patches and updates.
- If you use a device running on an old XP operating system — which normally is no longer supported by Microsoft — get the online emergency patch that Microsoft is providing in the wake of the WannaCry attack.
- Install anti-malware software that is automatically updated. Norton and McAfee are probably the best-known names in the field to people who are not IT specialists. Malwarebytes and Kaspersky Lab are among the many other players. You can search online for "best" lists. Look for features like length of your subscription or coverage, number and types of devices that one purchase or subscription will protect, free tech support, suspect-file deletion, parental controls, privacy encryption and hard-drive accelerator. Many firms offer various combinations of features for different prices.
- Disable autorun settings on your systems. "Autorun is the feature of Windows that opens USBs and other devices the second that they are connected (to your computer or other device)," Scott said. "This can lead to the inadvertent spread of malware." You can find the easy steps at Microsoft Support.
- Remove apps you don't use. "Especially with mobile devices, Kaiser said, "delete stuff (apps) you no longer use. If you aren't using it, you may not be as careful about updating it. It could develop a security vulnerability over time. And you don't know what it is collecting and transmitting about you."