No one wants to become compromised by hackers or malware. Use this guidance to help you protect your accounts and devices.
Protect your accounts
It's important that you protect your accounts whether it's a personal account such as a Microsoft account, or a work or school account someone in your organization created for you.
Take precautions with sensitive info
Don't send emails that include sensitive information such as passwords, credit card numbers, passport numbers, or other government issued identification such as a social security number or other tax related identification.
Watch out for scams
Watch out for phishing attacks which try to trick you into providing sensitive information, or clicking a malicious link or attachment.
Some examples of phishing scams look like messages from what appears to be a legitimate source such as a bank or an official looking institution. The message invites you to sign in with your email address and password, but it's actually a fake website. Other scams look like emails from someone you know which asks you to click a link or open an attachment.
Phishing messages usually have links or attachments. When you click the link in the message or open the attachment, your computer can become infected or an attacker can gain access to your content.
If you receive an email that looks even slightly suspicious, do the following:
Hover over the link and look for the name of the actual website the link is sending you to. Make sure it's what you expect and not misspelled.
Go to the legitimate website using your own saved favorite or bookmark, or from an internet search, instead of clicking a link in the message.
If you receive a message from someone you know, but it looks a bit unusual, it could mean the sender's email account and contact list was compromised. Contact the sender directly and describe the mail you just received and ask if it was legitimate.
Use two-factor authentication
Two-factor authentication (2FA), also called two-step verification, or multi-factor authentication (MFA) is an extra layer of security to ensure that only you are accessing your account. When you set this up, any time you sign in to your account from an unrecognized computer or other device, or if you add your account to an app or a service for the first time, you're prompted to verify that it's okay. The verification message can be sent via an authentication app such as the Microsoft Authenticator app on your smartphone, a text message, an email sent to an alternate address, or a phone call which requires you to enter a pin.
If your work or school accounts are using Microsoft 365, your Microsoft 365 admin or IT department may have enabled this for all accounts in the organization. If so, you'll be prompted to take this extra step.
For a personal Microsoft account, you can set this up yourself and indicate your preferred verification method. For example, you can request verification from an authentication app such as the Microsoft Authenticator app, a text message, or alternate email account.
Protect your password
Don't use the same password for all your accounts.
Make sure your password is strong and avoid using actual words. The current recommendations for strong passwords include at least 12 characters, a combination of upper and lowercase letters, at least one number from 0-9, and a symbol.
Tip: Third-party online services are available to help you generate and remember unique passwords for sites you visit regularly.
Protect your phone or tablet
Only run and install apps from a legitimate source such as the app store for your device.
If you're using Microsoft 365, use Microsoft apps which work better with Microsoft 365 and are more secure.
Keep your devices, and any software or mobile apps you're using up-to-date. Many of the updates you receive are security fixes so be sure to install operating system updates, and any software or app updates.
Enable the lock feature on your phone or table that requires you to unlock the device with a PIN, fingerprint, or facial recognition.
Protect a computer running Windows 10 or a Mac
The following are specific things you can do if you're computer is running Windows 10, or if you have a Mac.
Turn on BitLocker device protection
Bitlocker protects data when devices are lost or stolen. BitLocker Drive Encryption provides full disk encryption on Windows 10 PCs. If the device is lost or stolen unauthorized users can’t gain access to files on the protected drives, including files synced from OneDrive for Business.
Protect your PC with Microsoft Defender
When you start up Windows 10 for the first time, Microsoft Defender is on and actively helping to protect your PC by scanning for malware (malicious software), viruses, and security threats. Microsoft Defender uses real-time protection to scan everything you download or run on your PC. Windows Update downloads updates for Microsoft Defender automatically to help keep your PC safe and protect it from threats.
Turn on Windows Firewall
You should always run Windows Firewall even if you have another firewall turned on. Turning off Windows Firewall might make your device (and your network, if you have one) more vulnerable to unauthorized access.
Use FileVault to encrypt your Mac disk
Disk encryption protects data when devices are lost or stolen. FileVault full-disk encryption helps prevent unauthorized access to the information on your startup disk
Protect your mac from malware
Microsoft recommends you install and use reliable antivirus software on your Mac.
You can also reduce the risk of malware by using software only from reliable sources. The settings in Security & Privacy preferences allow you to specify the sources of software installed on your Mac.
Turn on firewall protection
Use firewall settings to protect your Mac from unwanted contact initiated by other computers when you’re connected to the Internet or a network. Without this protection your Mac might be more vulnerable to unauthorized access.