These are the rules for being safe using a Windows computer in 2014.

The bad guys are even scarier this year. You will get phony email messages that look perfect – nothing to give away that the messages don’t really come from your bank, the IRS, UPS, Microsoft, or, well, anyone. If you click on a link in the phony messages, you are at risk of getting a virus.

The consequences are greater if you make a mistake. There will be more viruses like Cryptolocker that destroy files (or hold them for “ransom,” which is effectively the same thing).

Pass this article on to your friends, send it to your kids, leave copies in the office break room! Let’s stay safe this year.

Replace Windows XP computers. This is your number one priority. If you are still running a Windows XP computer after Microsoft stops supporting Windows XP on April 8, you will be at risk, regardless of anything else you do. It’s as simple as that.

Install updates from Microsoft promptly. Look in the lower right corner for the Windows update icon.

Install updates to Acrobat, Adobe Reader, Flash, Java, and Quicktime promptly. Each will alert you from the lower right corner. Most malware is installed by poisoned web sites exploiting an out-of-date version of one of these programs.

• The best way to keep up with updates: sign up for the Bruceb Remote Management service.

Uninstall Java. It’s still under intense attack by the bad guys. If you need it to run some other program, be particularly careful to keep it up to date. Look in Control Panel / Installed Programs – Java 6 is out of date and no longer supported and should be uninstalled if it’s still on your computer, even if you still need Java 7 for some reason.

Install security software and keep it up to date. Home users and small businesses should use Microsoft Security Essentials. Windows 8 users can rely on the built-in security protection, Windows Defender.

If a web site brings something up on your screen that might be malware, turn your computer off with the power button. Get your hands off the mouse and do not click on “OK,” “Cancel,” or the X in the upper right corner! Anything that you click might lower the defenses on the computer and install malware.

Antivirus software will not protect you against malware if you click OK at the wrong time. Use your common sense. Read and think before you click OK.

Hover over links in email messages or on web sites to make sure they lead where they appear. The address that appears above the link or at the bottom of the browser window when you hover over a link should look like something you’d expect.

Don’t click on links to web sites unless you know exactly where you’re going. Almost all malware starts from a link to a poisoned web site.

• Follow links to and from legitimate sites, but don’t click on links that arrive in spam e-mail, instant messages, or that start from an untrustworthy web site.
• Don’t click on links in email messages unless you deeply trust the judgment of the person who sent the message.
• Don’t click on links in forwarded messages.
• Shortened links are frequently used in Twitter, Facebook, blogs, and social networking sites. You can’t tell where they lead by looking at them. Don’t follow them unless you trust the person who created the link.
• Just because something is listed in a Google search doesn’t mean it’s safe. Make a judgment about where you’re going before you click.

Choose passwords carefully. Your passwords are your defense against identity theft, financial loss, compromised computers, and breaches of confidentiality and privilege. If you use a weak password, or if you use the same password over and over every time something calls for one, you are jeopardizing yourself and your business.

• The best way to manage passwords: use LastPass to create and manage your online passwords. If you’re not already using LastPass, install it only if you are willing to spend time learning about the program and how it works.
• If you are a LastPass user, periodically run its Security Check and update any weak and duplicate passwords.

Know the name of your security software. If you get a “security warning” that does not display the exact name of your security software, it is phony; if you click on anything, you will probably install malware.

Never, never, never open email attachments unless you know with 100% certainty that the attachment is something you expected and want to receive.

Back up your computers. Choose a backup strategy, understand how it works, and keep your backups up to date. Windows 8 users can use File History. Windows 7 users can use the built-in backup program.

Also back up your computers online. Use Bruceb Cloud Backup or another online backup service in addition to your local backup to an external hard drive. It will be your fallback if Cryptolocker or a similar virus gets on your computer and destroys your files.

Keep your mobile devices secure. Smartphones and tablets are easily misplaced or stolen. Set a PIN code, password, or fingerprint authentication to unlock your phone or tablet. Do not keep confidential or privileged information on a mobile device in an unprotected app.

Be careful out there!