It may shock you to know how often—it’s constantly—bad guys probe websites, networks, internet service providers, and your computers, tablets, and phones for weaknesses. Software developers and hardware manufacturers, under pressure to race new products to market, are often no match for these ever-more-sophisticated thieves and troublemakers. Unless you’re willing to live a completely unplugged life worthy of a Netflix series, there’s no way to completely secure your digital devices and your personal info from a sophisticated, diligent hacker—but there are several steps you can take to deter them.

1. Be careful on the internet and when opening emails.

Most cyberattacks rely on weak points for entry. Often, the weak point is you: Many baddies fool users into opening digital doors to them.

A common ploy is to send an email or text posing as a government agency, bank, or retailer to manipulate victims to hand over their user IDs and passwords. These messages are often designed to look legit might even send you to a website that also looks like the real thing. Don’t open emails unless you’re certain they came from a legitimate source. Don’t click on links embedded in emails or texts, or download any attachments, unless you’re sure they’re safe.

Also avoid visiting unfamiliar websites. Don’t download—or allow a site to download for you—anything unless you’re sure it’s a safe spot.

Some other guidelines:

  • Turn on email scanning so you are warned about potential threats.
  • Ratchet up your email software’s spam filter settings to reduce the number of dangerous messages. Allow it to deliver email only from your trusted contacts and from sites you trust. Check other incoming messages while held in quarantine before allowing delivery to your inbox.
  • Configure email software so it doesn’t display (and therefore open) email in a preview pane. Preview panes in many email clients allow part of the message to be downloaded, which sometimes is enough for a scripted virus to land on your computer.

2. Keep up to date.

Digital crooks spend a lot of time finding and exploiting weak spots in software code. Nearly every day, security patches are issued by device manufacturers and software companies. Turn on auto-update options to keep your operating system, device drivers, and all other software up to date.

If you receive an update alert, run it as soon as you can, and then check whether additional updates are available; sometimes big updates are pushed out in batches.

Avoid using unsupported, old operating systems (Windows 7 and older versions, for example, no longer get security patches from Microsoft).

3. Use security software.

Apple and Microsoft now embed into their operating systems free, strong security software. If you want extra protection, you can install a second security app; there are good free ones offered by Avast and Bitdefender. Keep all security software current by enabling automatic updates.

4. Use a password manager to create strong, unique passwords.

Create a long, complex, and unique password for each of your devices and online accounts. Recommendations:

  • Configure your devices to require your fingerprint or use facial recognition to log you on.
  • Choose a different password for your computer, your email, and each website login. If you use the same password everywhere, then a lot of databases will have your master password, and anyone who steals it from one site has access to your entire digital existence.
  • Make passwords long. Secure passwords consist of at least 16 characters, but the longer, the better.
  • Create long passwords, but avoid common phrases and words, such as “LukeIamYourFather” One effective strategy is to pick a relatively obscure but easy-to-remember secret phrase and add insert extra letters, numbers, and symbols. For example: “&IheartluvWorkingfor1625Checkbook!”

That’s a lot of passwords and precautions! It’s so much work that most of us don’t do it. Password managers software make it easy by creating strong, unique, and encrypted passwords for each of your online accounts. They’re stored in a digital vault that’s accessible from all your devices, and then you create (and have to remember) just one master password.

Consumer Reports tested 10 password managers, grading each on usability, security, and privacy. Its clear winner was 1Password ($60 per year). CR also gave favorable overall ratings to Keeper Password Manager ($60 per year) and Bitwarden ($12 per year, but its free version also earned good overall marks).

Coming in at the bottom of CR’s ratings were Dashlane Free, Norton 360 Deluxe, and McAfee True Key.

You may already have password managers on your devices. Apple’s embedded password manager is called “FileVault.” Most internet browsers also have them, with options to sync those passwords across multiple devices; While browsers’ “save passwords” features are convenient, they’re not as robust as what you’d get from a dedicated password manager program.

5. Take advantage of two-factor authentication

Even the best passwords can be compromised. So use two-factor authentication when available. It requires a password and a second identifying factor—such as a fingerprint or code sent to your phone, email address, or app—to log into that account. It’s not foolproof, but two-factor authentication can stop most hackers from using a stolen password to access important accounts.

It’s especially important to set up two-factor authentication for your retirement and investment accounts. As we’ve previously reported, unfortunately, while your credit accounts and bank deposits are largely protected from unauthorized transactions, your investment and retirement assets mostly aren’t, which can leave your life savings vulnerable in the age of identity fraud.

6. Keep watch over your digital existence.

Several websites, including haveibeenpwned.com, let you check on whether hackers have stolen your log-ins or passwords from major websites such as Adobe, LinkedIn, Yahoo!, and so, so, so many others. You can use it to search for email addresses you use; it keeps track of which ones that were likely affected by breaches. Change up passwords for businesses that were hacked, and make sure you don’t use possibly stolen ones to access other sites.

7. Install software only if you’re sure it’s clean.

Download and install software and apps only from trusted sources. For your phone, download only from the Apple’s App Store or Google Play for Androids. Apple does a decent job of vetting available apps; Google Play…not so much. Avoid apps that have low numbers of user ratings or download counts.

If you’re still not sure something is safe, use a trusted verification tool such as Jotti or VirusTotal.

8. Use a firewall.

Because your computer’s firewall is its first line of defense against intrusion, make sure it’s turned on:

  • Windows—Search for “Windows Firewall” or find it in the Control Panel. Make sure it is toggled on. If you want to fine-tune your settings, search the web for “Windows [operating system version] Firewall Settings” and select the discussion hosted by Microsoft.
  • Mac OS X—Open “System Preferences,” click “Security & Privacy,” then “Firewall.” To block incoming traffic on ports used by one of the sharing services, disable that service in the Services pane. Apple has a discussion of settings at support at.apple.com/en-us/HT201642

9. Encrypt your hard drive.

If a thief steals your computer, encryption will prevent him or her from accessing sensitive files, such as your tax returns, medical info, and all that good stuff. Windows and Apple computers come with encryption tools, but they’re turned off by default. In Windows, search for “BitLocker” to check your encryption options; on Macs, they’re located in FileVault.

10. Be careful when using public Wi-Fi.

It’s a lot easier for hackers to get into your computer or phone when you’re using a poorly secured router at the coffee shop, airport, and other public spots.

Remain WiFi wary by connecting to public hotspots only if you’re sure you know who is providing it. Crooks often set up fake Wi-Fi accounts and name them innocuous-looking things like “Starbucks” or “Free Airport Wi-Fi.” After connecting, check that your browser shows a green padlock symbol in the URL bar area. If you don’t see one, know that the info you send and receive from websites you visit is snoopable.

11. For computers, use limited accounts for everyday work.

If you visit the wrong website while logged on to your computer with administrative rights, you open the door to big-time risks. Create a user account with limited admin rights for use when you do everyday tasks, like emailing and using the internet, and switch to your admin-privileged account only when you need it. PC owners can set up additional users by going to the Control Panel; Mac users can do it by clicking on “Users & Groups” under System Preferences.

12. Secure your router.

It’s not enough to secure all your devices; you also need to lock down your router.

  • First, determine the login IP address for your router by checking support documentation or the manufacturer’s website. It’s likely http://192.168.1.1 or http://192.168.0.1 or a slight variation of these two. Then enter it as a URL in an internet browser. That should display the login screen for your router.
  • Change the user ID and password. The default out-of-the-box logins and passwords assigned by manufacturers for most routers are vulnerable to hackers.
  • For a wireless router, make sure it encrypts traffic using WPA2. This requires users to use a strong key (passphrase) to connect to your network. If your router uses the older, weaker WEP encryption, consider buying a new router.
  • Check the website for your router’s manufacturer to make sure you have the most recent firmware updates for your router. Because installing firmware updates can be tricky, read instructions carefully and follow them to the letter.

13. Don’t plug in unknown devices.

If you find a USB storage device, don’t plug it in. One tactic used by crooks is to load up portable storage media with viruses and leave them lying around coffee shops, airports, and other high-traffic areas.

14. Consider alternative software.

Because the most popular applications attract the most crooks, consider using less-popular options (Firefox as a web browser instead of Explorer; Foxit Reader as a PDF reader instead of Acrobat, etc.).

15. Do what you can to lock down “smart” appliances, TVs, thermostats, etc.

If you own something that connects to your wireless router or has Bluetooth, it’s an entry point for hackers to all your other connected devices. While we focused here on securing your computers and phones, many of these tips apply to lots of other stuff in your home—especially making sure any gizmo’s software remains up to date. And if you don’t care about controlling your thermostat or fridge from your phone or computer, disable that feature.