Who’s watching you online? 5 ways to prevent cybercrime. [video]

People use online tools for everything from work to banking to health care. That means more information than ever before is at risk to cyber criminals who can steal your identity, use “ransomware” to hold your information hostage, or empty your bank accounts.

The U.S. has spent more than $100 billion over the last decade protecting government computer networks from people who want to steal information. It’s “a big problem,” President Donald J. Trump said at a recent meeting of the American Technology Council, which was created to modernize and protect the government’s outdated technology from cyberattacks.

Cybersecurity isn’t just for governments. Here are five tips to protect yourself online:

Illustration of hands using smartphone1. Exercise healthy suspicion when using email

Don’t click on links in emails unless you know the person sending it. Hackers try to trick people into clicking on fake links that look real, but the links actually download malicious software or go to webpages that will try to steal personal information. For example, hackers may send you an email that looks like it’s from your favorite store. Don’t follow the links in that email. Instead, visit the store’s homepage in a new browser window or tab. 

For the same reason, never open attachments from people you don’t know. You also should turn off any settings in your email that download attachments automatically.

Illustration of person, lock and password symbols2. Make passwords complex and unique

Most experts recommend using a password manager such as LastPass, 1Password or Keeper. These programs create complicated passwords for the sites you visit and make it easy to manage them.

If you don’t use a password manager, make sure your passwords have both upper- and lower-case letters, numbers and symbols. Don’t use the same password on more than one website.

Illustration of woman using smartphone3. Protect personal information

Companies and government agencies will not ask you for your password, so do not email your password or give it out over the phone. If you get an email with a link to a login page, do not click it; instead go to that website in your browser and log in there.

If a company unexpectedly contacts you and asks you to provide personal information, don’t! Hang up and contact the company, either by phone or through their website, to confirm the request is really from that company.

Illustration of laptop and tablet4. Use the latest technology

Make sure your computers, phones and tablets have up-to-date software. Additionally, when possible, use another layer of security called two-factor authentication. This approach goes beyond providing a password and username; it also requires information that you, and only you, will have. It’s a great way to verify that it’s you trying to log in and not someone pretending to be you.

Illustration of hand holding smartphone with warning symbol5. Keep an eye out for unusual activity

If your bank account or credit card offers text or email alerts, turn them on. That way, even if your account is compromised, you will be alerted. If you cannot turn on text alerts, make sure to monitor your bank statements frequently for charges you did not make.

Graphics by Julia Maruszewski/ Doug Thompson/ State Department

Recent cyberattacks

The so-called “WannaCry ransomware attack” caused havoc around the world in May, when hackers used it to take over more than 200,000 computers in more than 150 countries. Hackers were able to take over their victims’ computers because people were using an outdated version of Microsoft’s operating system (see Tip 4). The hackers demanded hundreds of dollars to restore access to the computers.

In late June, another cyberattack hit several key government and business sites in Ukraine; shut down a chocolate factory in Australia; and disrupted a Danish international shipping company. 

What is ransomware?

Ransomware is software that hackers use to take over a computer and encrypt all the files. The hackers then demand payment from the user to regain access to their files. If the user doesn’t pay, the hacker erases the files.