近期，全球數十萬的電腦受到了WannaCry網絡攻擊的影響。WannaCry是一種勒索軟件，又稱WannaCrypt。黑客通過加密用戶電腦里的文件，并勒索其付費才能解密。此事件提醒了我們的數字生活一直在遭受威脅，也確實讓我們感到不快。

但只要人們對重要的網絡安全問題有所了解，便不會對此完全束手無策。但問題是他們并不了解。皮尤研究中心（Pew Research Center）近期對一千名美國成人進行了有關網絡安全問題的小測驗。所有接受調查的人中，只有1%理解測驗中的各個問題，并能夠回答正確。不到一半的人能正確回答13個問題中的6個。

測驗涉及的主題包括：識別雙重認證，以便了解勒索軟件的定義。也許這聽起來像一個只有電腦專家才懂的復雜術語，但是對其視而不見無異于玩火自焚。人們可以從學習網絡安全的基本概念并進行安全操作入手，來保護自己的數字生活。

勒索軟件

現在勒索軟件備受關注，它有可能摧毀人們的數字生活。你自己需要了解釣魚襲擊的方式，切勿打開任何未知發信人發來的郵件，特別是當一個你不認識的人向你發送的郵件內容包含附件或鏈接時，尤其要小心謹慎。當然，在非常小心的情況下，仍然可能發生失誤，因此確保你在線上線下均有按日、周、月備份的文件，并定期檢驗備份資料，確保數據安全。

HTTP vs. HTTPS

如果你想確保外人無法讀取或修改你向網站發送的信息，那么請使用HTTPS網站，而非HTTP網站。你所用的瀏覽器和某個HTTPS網站之間的所有交流都是加密的。現代的網頁瀏覽器會通過HTTPS顯示除URL以外的一個安全鏈接證書，來告訴你某個站點是否安全；可以用一個上鎖的標志或“安全”一詞來表示。此外，URL本身也會以“https”而非“http”打頭。

如果你忽略這些差異，你或你公司的知識產權將很容易被競爭者利用，或者作為互聯網服務提供商（ISP）的批量數據收集而被售賣。在進行敏感性交易時，請使用HTTPS，這樣一來，你的互聯網服務提供商或其他任何中間方將無法獲得你瀏覽或提交的資料。

給設備加密

二手電腦或硬盤的買賣中經常發現前物主的私密信息或個人信息，這非常可怕。解決這一問題的方法是對硬盤進行加密，用密碼保護你的文件。

利用這種方式，即便你的電腦落入不良分子手中，加密也依然能保證相關方無法從其中獲取任何有價值的數據。Windows系統的BitLocker和Mac FileVault均可引導你對你的設備進行加密。

虛擬專用網絡（VPN）

正確安裝的VPN可確保你在咖啡店、機場或旅館房間中使用網絡和在你自己房間里一樣安全。小心對待任何第三方提供的免費或便宜VPN服務，不要盲目相信它們不會監測你的上網活動。找到一個你信任的VPN軟件后，只需簡單打開它并登錄即可。

權限管理和位置跟蹤

如果你為手機、平板電腦或計算機安裝越多的應用和程序，那么你在為方便工作而接入很多訪問點的同時，也向犯罪分子提供了方便。當你允許手機上的應用接入位置跟蹤、麥克風接入、通訊錄等功能時，他們可以立即將他們選擇的任何信息進行轉換。當任何應用發出類似請求時，考慮一下你是否真的需要接入它們。如果不需要，果斷不允許接入。

然而，并不需要完全避開此類服務或避免連接設備，你需要聰明地決定你要分享的信息，包括什么樣的信息是你默認允許的，什么可以稍后允許，而什么樣的信息需要改變。（財富中文網）

譯者：汪皓

Shaun Murphy是sndr.com的CEO。他對文中提到的任何公司均未有過投資行為。

The WannaCry cyberattack recently infected hundreds of thousands of computers worldwide. WannaCry, also known as WannaCrypt, is ransomware, which holds a computer hostage until the user pays a certain amount of money to the hacker. This attack is an unpleasant reminder that our digital lives are constantly under threat.

That doesn’t mean there is nothing people can do, so long as they stay educated on important cybersecurity issues. The problem is that they don’t. The Pew Research Center recently quizzed over 1,000 American adults about cybersecurity issues. Only 1% of those surveyed understood every issue and answered each question correctly. Less than half of the people given the quiz were able to answer even six of the 13 questions correctly.

Topics covered in the quiz included identifying two-factor authentication to knowing the definition of ransomware. These might sound like complex terms only known to computer experts, but ignoring them is playing with fire. People can start to protect themselves by learning and establishing safe practices around these fundamental concepts of cybersecurity:

Ransomware

Ransomware is in the news now, and for good reason: It can devastate your digital life. Make sure you understand phishing attack methods and don’t open emails from unknown senders, and be especially wary if someone you don’t know emails you attached documents or links. Of course, mistakes happen, so make sure you have solid online and offline daily, weekly, and monthly backups, and periodically test these backups to make sure your data is safe.

HTTP vs. HTTPS

Use HTTPS—not HTTP—sites if you want to ensure outsiders are not reading or modifying the data you’re submitting to websites. All communications between your browser and an HTTPS site are encrypted. Modern web browsers will tell you if a site is secured through HTTPS by displaying a secure connection certificate beside the URL; this can be denoted with a lock symbol or the word “secure.” In addition, the URL itself will start with “https” instead of “http.”

If you ignore this difference, you or your company's intellectual property could be easily exposed to competition or sold as part of an Internet service provider’s (ISP) bulk data collection. For sensitive transactions, always use HTTPS so that your ISP or any entity in the middle of the connection will have no details on what you are viewing or submitting.

Device encryption

There are many horror stories of people buying old computers or hard drives off of the Internet that contain the former owner’s confidential or personally identifiable information. The solution to this is disk encryption, which protects your files with a password.

This way, if your computer falls into the wrong hands, encryption ensures that that entity won’t be able to extract any meaningful data from it. BitLocker for Windows and FileVault for Mac offer guides to enable device encryption.

Virtual private network (VPN)

A properly configured VPN will ensure that even if you’re in a coffee shop, airport, or hotel room, you are as safe as you were back at your desk plugged into your company's network. Be careful with free or cheap VPN services from third parties; don’t blindly trust that they won't monitor your traffic. Once you’ve found a VPN software you trust, simply open it up and log in.

App permissions and location tracking

The more you allow apps and devices to take over responsibilities on your smartphone, tablet, or computer, the more access points you create into your life for companies and criminals alike. When you give these apps permissions for location tracking, microphone access, your address book, and other functions, they can immediately start transferring that information anywhere they choose. Consider whether each app you have really needs access to these things. If not, don't allow it.

While it isn’t necessary to avoid these services or connected devices altogether, it is important to make smart decisions about what information you share, including what information you are granting by default, what could be granted later, and what is subject to change.

Shaun Murphy is the CEO of sndr.com. He does not have any investments of the companies mentioned in this article.