Originally posted by jeallen01 OH deary me as a relative internet "simpleton", most of the above is "above me and my capabilities"
Thus, for my part (and, I guess, many others here!) suggestions for a few "simple to implement" precautions would be much appreciated (apparently just having had my ISP's Primary a/c hacked, and thus with all the hassles resulting there-from!).
For private use there are only a couple of simple rules to follow, which most of the users do naturaly:
1) Keep your system up to date with latest security fixes
2) Use some kind of scanner software
Windows 10 has a build in AV-Software. It works suprisingly well. Still it is a good idea to use some third party software in addition
3) Keep your browser up to date
Install latest security fixes and be carefull with browser extensions, even those by av software. av-software browser extension in chrome, chromium and firefox brake parts of the sandboxing
4) Do not save credentials in the browser (they are saved in clear text)
5) Be careful what kind of third party software you install. Use trusted sources only.
6) Do not use admin users if not necessary.
7) Be careful what you get via email. Only open attachment of know sources you trust. If they are executables, do not open them. If they are office documents, do not allow makros.
8) If there are links in the mails carefully check where they head to
A nasty example is something like
https://paypal.comSomeEndlessStringLookingLikeAToken/ihackyou.com
A lot of software will shorten the string in a way it looks like it is actually send by paypal.com.
If they ask you to check account information do not use the link provided in the mail but go to the website and log in there. You might end on a clone where your credentials are phished.
9) Never answer data relevant questions on a phone or via mail if not part of old conversation. Nobody will ever call you to do computer service and asking for access to your computer first. The police will not threat you via mail, etc.
10) When browsing make sure to use SSL/TLS (shown by using
https://, usually port 443) encryption on websites where you enter information.
All up to date browser will warn you otherwhise. If the certificate is invalid and you do not know the reason why (own server with self signed certificate for example) do not ignore it.
11) For important services (bank, paypal, email, storage) do not use the same passwords. Do not use passwords that are easy to guess.
12) If there is any reason to think your data are lost, change passwords.
13) On really important stuff use two factor authentification