Last week we covered what do to if someone was in your system and what steps to take once you’ve realized it. This week, we take a quick look at how to take quick steps to prevent it. Today we’ll chat about how to defend against the different vulnerabilities we brought up two weeks ago as well as some additional things to help protect yourself.

The first and foremost way someone gets your password is the large company data breach where one of your same 3 passwords was used. The best way to prevent this is to change passwords significantly (i.e. more than 6 characters different than the last one, no adding just an exclamation point or increasing the number by 1, I mean a whole different word and a whole different order!) and frequently. This is difficult given the variety of accounts we have across the internet! The best thing from there is to use a program like LastPass or Dashlane and have the program handle setting and managing the password. Keep a complicated master password (like a favorite song lyric or two), and then the password manager will make your account on that site a jumbled mess that is useless to an attacker. This helps protect against password crackers, as 16 characters result in a possible 20922790000000 combinations (or so). Another option is to turn on 2 factor authentications for everything you can. Even if they have your password, it is unlikely they have your cellphone and can listen in to any phone calls. There are even some options like Trusona which use your smartphone’s camera in coordination with your log in to verify that it’s you.

For website spoofs and phishing emails, the only defense here is keeping a keen eye out for anything that looks suspicious. Treat any request for a password like a request for your Social Security Number. You should know who exactly is asking for it, and where they’re asking for it. It’s ok to give it to the bank teller at the bank, but it’s a little sketchy if someone calls out of the blue and asks for it.

For malware in embedded files, the easiest method is to be honest about where you’re getting the software from. Pay full price from the vendor themselves. In all honesty, they worked hard to create the product and if software is offered for free, chances are the developers are selling your behavioral data to a marketing firm (looking at you Google). A more robust way is to check if the download website offers a cryptographic hash such as MD5 to verify the integrity of the file. That’s out of the purview of most of us, but for those in the most sensitive of computer environments, it is a must.

If you’re out in public on someone else’s Wi-Fi, assume something or someone is watching you. At a business, chances are they have a firewall that logs all web traffic and at the airport coffee shop, you never know who you’re sitting next to. Your best protection while browsing out in public is a Virtual Private Network or VPN. That creates a tunnel between you and a server somewhere else where the data your machine is communicated is routed through a secure tunnel to a secure location. Even if someone hacks the Wi-Fi to see what network traffic is flowing back and forth, they won’t see into the VPN.

Another step is to encrypt your devices. It’s relatively easy to encrypt a laptop’s hard drive with Bitlocker, and that protects against someone getting into the machine if they steal it and try to read the data that way. An additional device control is to be strict about who has privilege to what information. Set security policies on files and folders to make sure that only certain users should use. There’s a great video from Micro Center here on how to do that on your PC. That way your kids can’t open up the Christmas Shopping list and other users on the computer can’t see the poetry that you write on your machine during lunch.

Another step that you will need help from your friendly IT professional is sealing up any unused ports. Computers use ports to divide up internet traffic. For example, RDP connections usually come through port 3389, and HTTPS normally goes through port 443. This is getting into technical jargon territory, but the best analogy is closing unused ports is like locking the windows in your house. You open these windows occasionally, but usually you leave them locked lest someone opens it up and climbs in.

Last is a silly sounding one, however regular operating system updates are important. Microsoft identifies vulnerabilities all the time and does their best to patch them up. A quick search of “Microsoft CVE” will show you all the Microsoft Security Updates they have released recently. These updates patch up something no anti-virus, properly configured port, or special security settings can protect against. These vulnerabilities are within the operating system itself meaning in the code there is a way around the security measures. The security patches block those holes in the wall. I agree that the updates are annoying, which is why I recommend firing them off a day or two after they are announced, and usually when you leave for the date or when you’re done using your PC for the day at home.

These steps are a great start to keeping unwanted eyes out of your computer and keeping your information safe. This is not a comprehensive guide by any means, but it should get you started in thinking about keeping active control over your data. The hardest part about cybersecurity is the human element, we humans are so easy to fool and no matter how many security measures and programs we put in place, it is up to us to carry it out and stay vigilant.