How to Protect Yourself From Ransomware Like WannaCry

May 16, 2017

The WannaCry cyberattack recently infected hundreds of thousands of computers worldwide. WannaCry, also known as WannaCrypt, is ransomware, which holds a computer hostage until the user pays a certain amount of money to the hacker. This attack is an unpleasant reminder that our digital lives are constantly under threat.

That doesn’t mean there is nothing people can do, so long as they stay educated on important cybersecurity issues. The problem is that they don’t. The Pew Research Center recently quizzed over 1,000 American adults about cybersecurity issues. Only 1% of those surveyed understood every issue and answered each question correctly. Less than half of the people given the quiz were able to answer even six of the 13 questions correctly.

Topics covered in the quiz included identifying two-factor authentication to knowing the definition of ransomware. These might sound like complex terms only known to computer experts, but ignoring them is playing with fire. People can start to protect themselves by learning and establishing safe practices around these fundamental concepts of cybersecurity:

Ransomware

Ransomware is in the news now, and for good reason: It can devastate your digital life. Make sure you understand phishing attack methods and don’t open emails from unknown senders, and be especially wary if someone you don’t know emails you attached documents or links. Of course, mistakes happen, so make sure you have solid online and offline daily, weekly, and monthly backups, and periodically test these backups to make sure your data is safe.

HTTP vs. HTTPS

Use HTTPS—not HTTP—sites if you want to ensure outsiders are not reading or modifying the data you’re submitting to websites. All communications between your browser and an HTTPS site are encrypted. Modern web browsers will tell you if a site is secured through HTTPS by displaying a secure connection certificate beside the URL; this can be denoted with a lock symbol or the word “secure.” In addition, the URL itself will start with “https” instead of “http.”

If you ignore this difference, you or your company's intellectual property could be easily exposed to competition or sold as part of an Internet service provider’s (ISP) bulk data collection. For sensitive transactions, always use HTTPS so that your ISP or any entity in the middle of the connection will have no details on what you are viewing or submitting.

Device encryption

There are many horror stories of people buying old computers or hard drives off of the Internet that contain the former owner’s confidential or personally identifiable information. The solution to this is disk encryption, which protects your files with a password.

This way, if your computer falls into the wrong hands, encryption ensures that that entity won’t be able to extract any meaningful data from it. BitLocker for Windows and FileVault for Mac offer guides to enable device encryption.

Virtual private network (VPN)

A properly configured VPN will ensure that even if you’re in a coffee shop, airport, or hotel room, you are as safe as you were back at your desk plugged into your company's network. Be careful with free or cheap VPN services from third parties; don’t blindly trust that they won't monitor your traffic. Once you’ve found a VPN software you trust, simply open it up and log in.

App permissions and location tracking

The more you allow apps and devices to take over responsibilities on your smartphone, tablet, or computer, the more access points you create into your life for companies and criminals alike. When you give these apps permissions for location tracking, microphone access, your address book, and other functions, they can immediately start transferring that information anywhere they choose. Consider whether each app you have really needs access to these things. If not, don't allow it.

While it isn’t necessary to avoid these services or connected devices altogether, it is important to make smart decisions about what information you share, including what information you are granting by default, what could be granted later, and what is subject to change.

Shaun Murphy is the CEO of sndr.com. He does not have any investments of the companies mentioned in this article.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions