In a fresh development, with some simple steps, you can easily protect your PC from malware and safeguard your personal data with very little extra effort. Online safety doesn’t have to be complicated.
According to the latest update, none of these tips cost money. In fact, most important security tools you need are completely free. You can keep yourself and your PC safe online without spending a single dime. Here’s how. The best part?
The report highlights that thankfully, you don’t have to go out of your way to get one anymore because all Windows 11 and Windows 10 PCs come with Windows Security and Microsoft Defender, giving you access to a minimal-yet-capable antivirus. Antivirus programs is a must-have for any PC.
The report highlights that you can go further and configure Microsoft Defender for extra security if you want. It automatically scans your system in the background and checks the files you download and the applications you run, spotting malware before it can take hold.
Industry observers note that if you decide to take this route, know that we currently recommend Norton 360 Deluxe, but any antivirus will do if all you care about is basic protection. Or you could opt for a third-party antivirus, many of which come with extra security functions.
The report highlights that recommended: The best antivirus programs for Windows.
The report highlights that don’t turn off real-time scanning because mistakes can happen to anyone—and when they do, you want your antivirus to be active. Just be sure to leave your antivirus’s real-time protection capability enabled.
The report highlights that so, if you aren’t using one yet, we highly recommend using a password manager. (A free one, even!). Once you start using a password manager, you’ll never go back—it’s that life-changingly convenient.
According to the latest update, recommended: The best password managers worth using.
The report highlights that the unfortunate truth is that many firms—no matter how big they are or how reputable they seem—end up facing data breaches and leaks that drop their password databases to the public.
As part of the ongoing story, if your password gets leaked in a data breach, hackers can use your email/password combination to break into your other accounts that use the same password. That’s why the biggest risk you can take online is reusing the same password for multiple accounts.
Industry observers note that use strong passwords that are unique every single time. The solution?
In a fresh development, remembering so many passwords is almost impossible—and that’s why you need to be using a password manager. The problem?
As part of the ongoing story, all you need to do is remember the master password; the password manager will fill in the appropriate password whenever you need to log in. A password manager remembers all of your passwords and associates them with their respective sites, apps, accounts, etc.
Industry observers note that if you skip these important patches, you’re opening yourself up to risks. Modern operating systems and all the applications on your system receive regular security updates that fix exploits and vulnerabilities.
As part of the ongoing story, the good news is that most modern applications—whether it’s Windows, Microsoft Office, Google Chrome, or something else—regularly check for and automatically install such updates.
The report highlights that there may be a niche reason to do so, but most of the time you’re just putting yourself in danger. If you’ve disabled automatic updates, you should reconsider.
As part of the ongoing story, if your operating system or web browser says it needs to restart to install updates, do it. Sure, it’s inconvenient to restart your Windows PC or web browser in the middle of something, but it just might protect you from an attack. And yes, sooner is better than later.
According to the latest update, it’s one thing for operating systems and applications to get automatic updates—it’s another thing when those updates are discontinued.
As part of the ongoing story, eventually, developers and firms end long-term support and stop issuing security updates for older devices and programs. At that point, the devices/programs should be treated as unsafe and you should stop using it as soon as you can. No programs lasts forever.
Industry observers note that older programs and unsupported devices gradually grow increasingly more vulnerable to attack, and it’ll only be a matter of time before you get hit with something. What happens if you keep using it?
As part of the ongoing story, the same is true for individual applications—like Office 2016 and earlier versions of Microsoft Office, which no longer receive security updates. For example, Windows 7 is no longer supported and using it puts you at risk because newly discovered security holes aren’t being patched.
Industry observers note that for example, you might download a malicious Word document that exploits an Office vulnerability to hack you. While an older version of Office might work well for your needs, it could open you up to an attack.
According to the latest update, that’s one reason why Microsoft Office 365 is a good deal: you’ll always have access to the most recent versions of Office on all your devices.
Industry observers note that in an ideal global stage, you shouldn’t have to worry about the sites you visit and whether something could go wrong—but the global stage is far from ideal. How you browse the web is important.
In a fresh development, more commonly, sketchy websites may try to download malware onto your PC, trick you with misleading advertisements, or get your personal information with phishing scams. Untrustworthy websites can attack your browser through unpatched security flaws.
In a fresh development, think twice before downloading programs, avoid dodgy sites that make promises that seem too good to be true, and don’t enter personal information on any website that you haven’t vetted and trust 100 percent. Take care when browsing the web and be mindful.
According to the latest update, even something as innocuous as a PDF or Word document can potentially wreak havoc on your PC if it exploits an unpatched flaw in your PDF reader or Microsoft Word. Any time you download programs, you have to be very careful.
In a fresh development, so, you should only download, install, and run programs that you completely trust—and only if you get it from a source you trust. Any file you download off the internet can do nasty things to your PC, and only an antivirus that recognizes it will protect you.
In a fresh development, on Windows, SmartScreen warnings pop up when you try to run programs that few people have downloaded and run before. You can tell Windows to run the application anyway, but you should always pause and consider whether you truly trust the application. If you don’t, then you shouldn’t run it. When in doubt, stick with known-as-trustworthy applications. Also, stop ignoring Windows SmartScreen!
According to the latest update, phishing scams have grown into a huge problem over the last several years, and you’re at risk whether you’re using a Windows PC, a Chromebook, a smartphone, or anything else.
The report highlights that this is usually done by tricking you into clicking a deceptive link. Long story short: a phishing scam is one where someone tries to bait you into giving away sensitive information or installing malware.
Industry observers note that more on this: The most common types of phishing scams.
As part of the ongoing story, that’s why is so important to learn how to identify phishing emails and text messages. Phishing scams are tricky because they’re usually disguised as coming from a trusted source: a reputable publisher like Microsoft, a widely used service like USPS, or even a friend or family member.
The report highlights that let’s say you click a phishing link and end up on a fake site pretending to be your bank. If you were on your real bank’s website, your password manager would know and automatically fill in your login details. But since it’s an imposter site, your password manager won’t fill in—a clue that something is amiss. A password manager can help here, too.
Industry observers note that if you never click on unsolicited links, you can drastically reduce your risk of malware. Every link should be treated as questionable, whether that’s on a website, on social media, in an email, or even a text message.
The report highlights that you don’t know whether it’s a scam or not—but you aren’t expecting a delivery, so you treat it as questionable. In most cases, you just successfully avoided being scammed. For example, let’s say you get a text message about a package delivery failure and you need to click this link and provide personal information to make sure you get it.
Industry observers note that it may have an alarming angle to it, such as claiming your account has been banned. This is meant to induce panic and cause you to lower your guard. But if you have a general policy of not clicking unsolicited links, you’ll be okay. The same goes for when you get a link that purports to come from Amazon, PayPal, or your credit card publisher.
As part of the ongoing story, got an alert email that claims to be from your bank? Don’t click it. Instead, manually navigate to the bank in your web browser. Got an urgent alert about a package from FedEx? Don’t click it. Go straight to the FedEx website yourself and confirm if it’s true. When in doubt, avoid unsolicited links and go straight to the source.
In a fresh development, when on Windows, we recommend using a “Standard” account type rather than an “Administrator” account type for day-to-day activity.
In a fresh development, but being logged into an Administrator account also makes it easier for malware to take hold. Yes, Administrator accounts are more convenient because they can install programs at the system level with fewer hurdles.
The report highlights that that way if malware does try to infect you, it will have a harder time doing so. For passive protection, it’s better to create a secondary Windows user account with Standard user permissions.
As part of the ongoing story, microsoft has a detailed help website with information about creating fresh user accounts. For best results, only use an Administrator account to set up your PC and install programs, then switch to a secondary Standard account for your day-to-day computer usage.
As part of the ongoing story, the good news is that Microsoft is making some changes to Windows that may make this unnecessary soon.
As part of the ongoing story, with this extra layer of protection for an account, even if someone knows your account’s password, they still won’t be able to sign in. Two-factor authentication is non-negotiable these days.
Industry observers note that because the intruder will also need a specific two-factor authentication code: perhaps a code sent to your phone, a code generated by an app, or even a physical security key. Why?
Industry observers note that it may be a tad more inconvenient to sign in—you’ll have to provide a code in addition to your usual password—but it’s an important way to stay safe online. I recommend setting up two-factor authentication with all accounts that support it, particularly bank accounts and email inboxes.
As part of the ongoing story, some are one-and-done (like using a Standard Windows account), some are repeated (like keeping programs revised), and some are passive (like never clicking unsolicited links), but they’re all simple. I think you’ll agree with me that the above tips and tactics aren’t very difficult at all.
As part of the ongoing story, in fact, there are several outdated security practices that may have been useful in the past but are no longer helpful. It’s better to stop doing them now. Now that you know what to do, you should also check out my other advice on what you shouldn’t do.
As part of the ongoing story, he's also the former editor-in-chief of How-To Geek and a veteran tech journalist whose work has appeared in The Recent York Times, PCMag, Reader's Digest, and other publications. Chris Hoffman is the author of The Windows Readme, a newsletter that brings Windows PC tips, tricks, and experiments to more than 10,000 email inboxes each week.