The Internet can be a dangerous place if you let your guard down. Hackers, spammers, phishers, identity thieves, purveyors of spyware and viruses, and other various rogues and scoundrels abound in the online world. It sometimes makes you want to yank the cable out of the wall and give up in exasperation. But there are some things you can do to minimize the risks of being online. All it takes are a few tools (many of which are free!) and some good common sense. Keep in mind that no system is capable of completely eliminating the risks associated with being online, just as no lock is capable of keeping out every burglar. Still, you can greatly reduce the intrusions into your computer and your private information, just by changing some of your routines and setting up a few software programs. There are too many online victims -- don't be one. Let's take a look at some solutions...

Start by reinforcing your system's protections.

Operating a PC connected to the Internet without any protection is like having a house with no locks on the doors. For adequate protection online, you need to start with a three-pronged approach:

• 1. Firewall
• 2. Antivirus
• 3. Anti-spyware

A firewall is designed to monitor data traffic between your PC and the outside world. Configured properly, a firewall will detect and block incoming data that is potentially harmful, or that which the firewall does not "recognize." Like the locks on your doors, it is the first layer of protection, as it intercepts many types of intrusions before they enter your computer system, while allowing legitimate data to pass. There are so-called "hardware" firewalls that are built into electronic communication devices such as a modems and routers. A firewall can also be in the form of software that is installed on your PC. Having both kinds offers the best protection.

Antivirus (AV) software detects harmful or questionable digital content (malware) that has entered your computer. Malware is malicious or nuisance software that usually infiltrates a user's computer without the user's consent or knowledge. It can take many forms, such as viruses, trojan horses, and worms. Some malware, called spyware, can track data from a user's PC, or install advertising/marketing data. A typical antivirus program can be configured to respond in different ways to intrusive malware, such as by alerting the PC user, quarantining the malware, disabling or deleting the malware, or all of the above. Moreover, the antivirus program should prevent the installation and/or execution of malware.

Anti-spyware software identifies intrusive programs that, at best, display unwanted nuisance advertising, and at worst, track user data and communications. Some forms of spyware sift through a user's computer files, looking for personal and financial data such as passwords, credit card numbers, and bank account information. Even the more "innocuous" programs can accumulate on your PC, burdening your system resources, causing it to slow down or even crash. As with other forms of malware, spyware/adware is usually installed on a PC without the user's knowledge or consent. A good, properly configured anti-spyware program will detect and scrub most unwanted spyware and adware from your PC.

The above descriptions of the three types of protections are, of course, oversimplifications. Also, be aware that the creators of malicious programs are constantly finding innovative ways to breach your computer. The makers of firewalls, antivirus and antispyware programs are racing to keep up with these new threats, but sometimes, the malicious programs do make their way through. The important thing is for the user to be aware of the risks and to take these protective measures. This will ensure protection from most of the common intrusions. All three types of protection can be purchased for under about $100, and there are even free versions available online that do a reasonably good job. I have included some links below, to help you learn about and find some of these programs.

Spam, spam, spam, spam, spam. As anyone with an email account can testify, the volume of unwanted, junk emails (spam) has skyrocketed in recent years. Most spam is merely a nuisance, wasting one's time and bandwidth. But sometimes, spam can be more invasive, carrying attached files that contain malware. Your email address finds its way into the hands of spammers via many routes: from the online merchants you do business with, online registrations of news sources and websites that prompt you for the address, postings on bulletin boards and discussion groups, online directories, government agencies such as vehicle licensing bureaus, purchased lists, even by use of random character generators. Unlike the tasty lunch meat bearing the same name, there is rarely any substance to be found in email spam. The specter of winning the lottery, buying low-cost pharmaceuticals, meeting beautiful women, sharing in the estate of a deceased African official, or getting a good deal on software, is usually a pipedream. If it sounds too good to be true, it probably is. And tempting as it may be, never respond to a spam message, even just to tell them to stop sending them. All this will do is confirm to the spammer that your email address is valid. Your email address will be moved up to a "sucker list," and you will receive even more spam.

Other types of email spam may ask you for personal information. This is called phishing, as the senders are "fishing" for sensitive information from unsuspecting recipients. The phishing spam will often appear to be originating from an "official" source, such as a bank, law enforcement agency, charity, collections firm, or online entity such as Ebay or PayPal. The phisher may even spoof the originating address to make it look like it came from the legitimate source. The message may ask that you confirm a credit card number, bank account, password or PIN number. Be aware that NO legitimate financial institution, merchant, or government agency will be asking for such sensitive data via email. You should immediately delete these messages. As with all forms of spam, never respond to them, even if it has an "unsubscribe" link.

Many of these emails will be easy to spot. Tell-tale signs include: cryptic, nonsensical subject lines, poor spelling/grammar, use of ALL CAPS in the title and/or message, salutations to something other than your real name (e.g., "hello sir," "good day," "pleased to meet you," etc.), outlandish claims or offers, or missing subject lines. Other times, the spam will be hard to recognize. Sophisticated spammers use social engineering techniques in an attempt to dupe even the most savvy recipients. Others may even use your real name and write a convincing message. If you don't recognize the sender, or you are not expecting a message like what you see, it's best to err on the safe side and delete it. In the case of email that purports to originate from your bank, a merchant you've dealt with, or some government agency -- don't reply. Pick up the phone and call that entity to find out if they are indeed trying to contact you.

You can minimize spam by setting up an account on one of the free web-based email services, such as Yahoo, Gmail, Hotmail, etc. Pick a username that is not your real name and use this account for online shopping, discussion board postings, and instances where you need to give a valid email address to register at a site. These free services often have good spam filters, and even if your inbox eventually becomes clogged, so what? You can dump the account and set up another free one. Nothing ventured, nothing lost. Save your "regular" email account for communication with your family, friends and business associates.

Limit access to your computer and your information.

In the section above I discussed some ways to prevent intrusions into your computer by outside online sources. But you also need to consider the people who may have physical access to your computer and the information it contains.

Your PC may be a machine that you and you only have personal access to. Or, you may be in a living arrangement where there are family members, roommates, or guests using the machine. If your situation falls into the latter category, you must choose to either restrict others' access to your computer, or simply not store any information there that you wouldn't want them to see. Some operating systems, such as Windows XP, allow you to set yourself up as the "administrator" of the system. As administrator, you can create additional "accounts" for other persons on the same PC, and choose what files and applications those people may access. But be forewarned: these protections are far from infallible. Don't be surprised to discover that an average tech-savvy teen can quickly find a way to hack into the "good stuff."

Set up "strong" passwords. They should include alpha characters (mixed upper and lower case) and numerals, and be as lengthy as possible, while remaining easy for you to remember. At least eight characters in length is good. For example: QX45ajn1. If you use some mnemonic to compose a password, make sure it is based on obscure references. Protect these and keep them to yourself (memorize)

More and more home computer systems are being set up on wireless networks, such as WiFi. This enables multiple computers in a household to share a single internet access line, without the need to run cables between PCs throughout the house. But wireless connectivity has its risks. Wireless networks that are left "open" (unencrypted) can be eavesdropped by persons outside the building who are within coverage of the signal. With a range of up to 300 feet, computer users living in apartments or homes in densely-populated areas could be broadcasting their wireless signal within reach of many people.

In the business environment, there are a multitude of security issues and situations that go far beyond the scope of this article. But if you are an employee of a business or other organization and you use a PC at work, keep this in mind: generally, anything that you can see on your computer can also be seen (and archived!) by your employer. Information systems technicians have an arsenal of tools that enable them to snoop into your every movement on a company computer network. This somewhat unnerving reality is often overlooked by many unwary employees. Unless your employer has a stated policy allowing personal business on work computers, the best advice is to leave the personal stuff to your home PC. Horror stories abound of employees being disciplined or even discharged for their indiscreet online activities. High-risk activities performed on company-owned PCs, such as surfing pornography, downloading music, and divulging company confidential information are certainly beyond the pale. But employees have endured disciplinary action for more mundane things like blogging, sending junk emails, and just spending too much time loafing on the Internet. Therefore, doing your banking or ordering merchandise online from a work computer is a really bad idea, for reasons that should be obvious.

Portability of computer devices poses some new and unique risks. The growing popularity of portable PCs, USB flash memory drives, removable hard disk drives, text-messaging devices, and multi-function cell phones all present the opportunity for sensitive data to fall into the wrong hands. And there have been sensational horror stories in the news in recent years, chronicling blunders like the theft of government agency laptops containing sensitive personal data of thousands of people. If you carry around a device that stores important information, you need to constantly safeguard it. Leaving a notebook computer in a taxicab or dropping your USB thumb drive in a restaurant could end up costing you dearly. If you frequently take work home, consider setting up a secure, private network between your home PC and work, if your employer will allow it.

Buying a new PC is always lots of fun. It's nice to get new toys. But what do you do with the old one? You can sell it, give it away, donate it to an educational or charitable group, or recycle it. But in all of these cases, you run the risk of letting your data go along with the old PC. So you deleted all the files before you got rid of the machine? Guess what -- the data is still there. Merely "deleting" a file or folder merely strips it of its header. The data is still residing on your hard drive and it's not hard for someone else to recover it. You need to wipe the hard drive clean. There are a number of utilities that do this -- called "data shredders." Some are free and some are not. But this is a good investment of time and money before your old, trusty PC goes out the door.

Rethink your offline habits and routines.

Protecting your personal information doesn't end when you log off your PC. There are things you can do in the offline world to help secure your privacy.

Be careful what you throw away. In an era of identity theft and credit card fraud, it is much more important now to ensure the security of paperwork containing sensitive information. Items such as credit card and banking statements, medical bills and lab results, pay stubs, personal correspondence, tax documents, are but a few of the things you don't want some stranger fishing out of your garbage can. Invest in a good office paper shredder -- preferably the kind that minces documents into tiny bits of confetti. Better models will even slice up CDs and plastic cards.

If your mailbox is like most, it doesn't have a lock. Most are either mounted on the side of the house (real old type), or they are the ubiquitous farmer-style boxes mounted on posts alongside the curb. Get out of the habit of placing outgoing mail in these. That red flag in the upright position is tempting bait for identity thieves or check-forgers. Drop your outgoing mail in a public mailbox, or stop by your nearest branch of the Post Office. There might even be a mail drop at work where you can safely deposit your mail.

Protect your usernames, passwords, and PIN numbers. Don't write them down on a slip of paper tucked into your wallet or purse. If those get stolen, you will have made some thief's day, as he will have your bank cards and the PIN numbers to use them. Be particularly alert and cautious around ATMs. Lean into the machine to shield the keypad and screen from view. When approaching the ATM, if you see strange people lurking nearby, pass that one up and go to a machine in a more secure area. If your wallet or purse is ever lost or stolen, call all of your banks and credit card companies immediately, so that they can cancel or freeze those accounts.

Be suspicious of people who ask for information they don't need. Many store clerks are instructed to inquire for customer addresses, phone numbers, email, etc., at the checkout counter. While asking for an address or phone number may be a legitimate request for a check transaction, many merchants will still ask for this information in all purchases. Don't give it to them, unless you want to receive more junk mail, telemarketing calls, and spam. Don't be afraid to ask someone (or their manager) why they need to know.

While we're on the subject of store clerks, beware of an old scam. It's the "double-swipe" trick with a credit or debit card. Here's how it works: Clerk swipes the customer's card through the card reader and tells the customer that it didn't read correctly (though it did and the customer cannot see this on the clerk's display screen). Clerk then swipes the card again and rings up the transaction. The customer leaves the store, unaware that the first swipe is still sitting in queue of the card reader's memory. Later, the clerk retrieves the scanned-in data and rings up a transaction for himself. Although more and more stores are now implementing customer-usable card scanners, there are still a lot of places where the clerk takes the card and scans it (particularly in gas stations). If the clerk tells you the first swipe "didn't take," stop that person right there. Insist that he/she cancel that data (watch the screen) before making a second swipe and be sure to ask for a hardcopy receipt showing that the "transaction" has been canceled. Once that data is canceled, then let the clerk give it a second try.

Carefully look over all of your bank, credit card and utility statements each month. Keep an eye out for mysterious charges that you don't recognize. Many credit card scammers make small charges against thousands of credit card accounts, rather than one large one, so as to go unnoticed by many unwary card-holders. Call the company if you spot anything suspicious, or even something you cannot account for.

Unless you are opening a bank account, applying for credit or insurance, visiting a medical clinic, or applying for a job, you shouldn't be handing out your Social Security number (or even part of one) to someone. And whatever you do, never post a Social Security number anywhere online.

Don't leave cell phones, checkbooks and credit cards in a vehicle or an unlocked desk drawer at work. Empty these things from pockets before handing your coat to a coat-check or hanging it on a coat rack in a public place. When traveling, keep your luggage, documents and pocketbook with you at all times -- even if that means having to drag it all with you into the stall of a public restroom.

Good judgment is the best defense.

While there are many protective devices you can and should use to safeguard your computer and the information contained on it, exercising good common sense is still necessary to reliably protect yourself. Here are a few DOs and DON'Ts:

DO:

• Have good firewall, antivirus and antispyware programs installed on your computer. Make sure that the updates to those are downloaded and installed on a timely basis.
• Keep your computer's operating system updated by downloading and installing patches as soon as they become available.
• Make sure your browser's security levels are set to a reasonably high level to protect you while surfing the Internet. Many browsers set these security levels quite low by default, and it's up to the user to configure those settings. In Internet Explorer, go to Tools, Internet Options, and click the "Privacy" tab. In Firefox, go to Tools, Options, then choose the "Privacy" icon (also go to the "Security" icon).
• Use secure, "strong" usernames and passwords.
• Set up a "throwaway" free email account to use for online purchases, registrations, etc.
• Make sure Internet merchants you do business with employ secure data practices. Look for the little padlock icon at the bottom of your screen. Read the site's data secuity and privacy policies before entering any personal or credit card information. If the site lacks any explanation of their secure practices, or their stated policies are hard to understand -- move on to some other merchant.
• Use screen names when posting to discussion groups, chat rooms, etc. If the site asks for "real names" or addresses and doesn't state some policy of protecting that information, they obviously don't care about your privacy. Move on.
• When using shared or public computers (e.g., in libraries, coffee shops, etc.), never make any online transaction involving the dissemination of private data, such as credit card info or Social Security numbers. Make these transactions from your home PC or a computer owned by a trusted friend or relative. Be aware that your employer may have policies regarding personal use of company computers. After using a public-access PC, be sure to clear the browser cache, close (not "minimize") the browser, and log off completely before walking away.
• If you use wireless networking, such as WiFi, make sure that you have set up your network using effective security protocols. Use encryption to keep out neighborhood eavesdroppers who may try to tap in to your network.
• Protect your physical data, and avoid throwing papers with sensitive information into the trash. Get a good shredder and use it.
• Deposit mail in a public mailbox or at the Post Office.

DON'T:

• Fall behind in the installation of updates for protective programs, such as antivirus, etc. This includes updates and patches for your computer's operating system.
• Respond to emails from sources you do not recognize or trust.
• Use obvious terms for passwords, such as names, birthdates, anniversaries, occupation, school names, etc.
• Write down passwords and keep them on your person or in a place where others can obtain access.
• Give out Social Security numbers, passwords, bank account and routing numbers, credit card information, employer names and addresses, home address -- to anyone you don't know and who doesn't have a legitimate need to know this information.
• Make postings to an Internet site, discussion board, or usenet group, using your real name or address.
• Make online purchases using a credit card to any site that does not use a secure means of data protection.
• Operate a wireless network with an "open" unencrypted connection.

Now that you have a grip on your data security, help out the vulnerable people around you.

Unfortunately, many online malfeasors unfairly target vulnerable people like children and the elderly. If you have kids in your household, make a point of teaching them good, safe Internet practices. Teach them to treat communications with strangers online just as they would with strangers in public. Emphasize that they not give out personal data to unfamiliar people on the Internet. And if someone appears to be crossing the line, instruct your children to contact authorities immediately. You don't need cyberstalkers or potential sex offenders lurking about.

You can help elderly relatives, friends and neighbors who own a computer. Make sure that they have adequate protective programs installed and that those programs are up-to-date. Warn them of the scams that crop up on the Internet an in email. Don't let your loved ones fall victim to these online dangers.

Some useful resources:

Free stuff:

FOLDOC computing dictionary. An exhaustive reference of computer and communications terms.

Quatloos. The cyber-museum of scams and frauds.

Scambusters. Internet scams, identity theft, and urban legends explained.

Firefox. Get the free Firefox browser from Mozilla.

ZoneAlarm. Free ZoneAlarm firewall from Zone Labs.

AVG. Free AVG antivirus and antispyware programs from Grisoft.

Panda ActiveScan. Free online virus sweep of your PC.

F-Secure Security Center. Virus descriptions, alerts, removal tools, and a free online virus sweep.

Windows Defender. Free antispyware program (for genuine MS Windows users only).

Spybot. Spybot Search & Destroy antispyware program.

Ad-Aware. Ad-Aware antispyware -- free from Lavasoft.

Spyware Blaster. Free antispyware program from Javacool.

Active KillDisk. Free data shredder from LSoft Technologies.

Fake Antispyware Apps. List of fake antispyware programs, some of which actually install spyware.

StopBadware. Clearinghouse of information listing software and sites that carry malware.

Not-so-free stuff:

Symantec. Home of Norton Antivirus and other products. Site includes extensive malware threat information and removal tools.

McAfee. Antivirus and intrusion prevention solutions.

F-Secure. Antivirus software.

Panda Software. Antivirus software.

Spy Sweeper. Antispyware programs from Webroot.