The Internet can be a dangerous place, and there is no such thing as 100% security. Most of us will end up suffering an infection from malicious software at some point. Even the most security-conscious user, and even someone who never clicks on any kind of email attachment, can still get hit just by having the wrong “friends.” Many infections spread across networks, the result of someone else’s mistake, and there’s nothing victims could have done to prevent the attack.
It’s critical to accept this and plan for it: one day your computer will be disabled by a virus or ransomware—generally referred to as “malware.” This two-part story will tell you two things: what you can do now to ease the pain of this inevitability; and what to do if you are actively suffering an infection right now.
How to Prepare for Malware
People plan for real-life disasters all the time, says Morey Haber, vice president of technology at BeyondTrust, a computer security firm. It might help to take a moment now and plan a digital fire drill for your home or office. Here’s how to prepare for a cyber “fire.”
- Backups, Backups, Backups.
Get used to hearing this, because I’ll repeat it. There is no such thing as 100% security. The only completely effective anti-virus, antiransomware tool is good backup habits. Any data you care about—from baby photographs to tax returns to work documents—must be backed up on a regular basis. And that backup must be physically separated from your computer, lest an infection of your machine ruin your backup too.
Cloud services accomplish this. An external hard drive that lives somewhere other than your computer can also accomplish this. Imagine a real fire—could that destroy your computer and your backup drive? If yes, you need to move your backup drive. Ideally, you back up data continually, but at a bare minimum, you do so monthly.
New threats emerge every day, and no one can keep up with them. When your turn finally comes, and it will, restoring from backup may very well be your only choice. Make a backup plan now.
- Test Your Backup.
This is so important it needs separate mention. Many backup plans fail because people tend to set and forget them. Periodically check to make sure your automated backup tool is really completing automated backups, and that you know how to restore your files in a crisis. Consider running a backup test, when you aren’t under pressure.
- Don’t Be Promiscuous with Email.
Dating back to some of the first notorious worldwide viruses like Melissa (1999) or the LoveBug (2000), malware authors know that email users just can’t help themselves: they love clicking on attachments. Almost twenty years later, we still haven’t learned.
Booby-trapped attachments are still an incredibly effective way to infect users. In fact, today’s attacks are far more precise. Criminals now send “spear phishing” emails to workers, cleverly crafted to look real and personal, as if from a boss or co-worker. Never open an attachment you don’t expect, even if it appears to come from a friend. And always verify via a separate email or phone call before clicking.
- Don’t Be Promiscuous on the Web.
Many victims pick up infections because they visit the less-safe parts of the Internet, perhaps to download pirated software or engage in other less-savory activities. The solution here is simple: Don’t go there.
- Use Security Software.
There are many options for keeping your machine safe: antivirus software, firewalls, virtual private networks. Some are free, some require paid subscriptions. Your needs will vary based on what you do. But do SOMETHING. Know which security software is preloaded onto your machine, and make sure it is correctly configured. Check with the software maker for instructions if you need assistance.
Security is always about improving your odds. Nothing you can do would guarantee your car will never be hit by snatch-and-grab burglars. But you can keep your valuables out of sight, leave your under street lights, chose your parking spot carefully, and so on. Computer users need to think the same way. Pros call this a “risk-based” security. Take steps now to improve the odds that hackers might pass you and move on to the next potential target machine. In the end, you’ll suffer fewer digital headaches. Still, they will come, and it’s best to prepare now for the inevitable.