From years inside ransomware defense — the practices that actually prevent ~95% of incidents.
95%
Incidents Preventable
10
Habits
$0
Most Are Free
1 day
To Implement
The 10 habits
#1 · TIER 1
Password manager + unique passwords
1Password / Bitwarden / Apple Passwords. Stop reusing.
#2 · TIER 1
Hardware MFA / Passkeys
YubiKey or platform passkey on every important account. Not SMS.
#3 · TIER 1
Patch fast
OS + browser auto-update on. Most exploits hit unpatched systems.
#4 — Backups, tested
3-2-1 rule. Restore from one quarterly. Backups you can't restore aren't backups.
#5 — Phishing pause
Hover before you click. URL legit? When in doubt — type it directly.
#6 — Encrypt your disks
FileVault on Mac, BitLocker on Windows. Free, mandatory.
#7 — Don't reuse work / personal
Separate accounts, separate browsers, separate auth contexts.
#8 — Network awareness
No banking on cafe Wi-Fi. VPN if you must. Most "incidents" start here.
#9 — Audit your installed apps
Quarterly. Delete what you don't use. Each one is attack surface.
#10 · IF NOTHING ELSE
Slow down on anything urgent
Almost every successful attack on a careful person relies on time pressure. "Wire this now," "respond immediately," "click this before the limit." Real urgency rarely demands you skip verification.
For Small Businesses
Most ransomware attacks on small businesses succeed via: phishing email → credential reuse → admin password works in 5 other places → encrypt + extortion. Habits #1, #2, #5 close 80% of this.
Pro Tip
Freeze your credit at all 3 bureaus. Free. Stops most synthetic-identity fraud at the source. Do this for your kids too.
If you have an hour today
If you have a weekend
Install a password manager Set master pw, generate uniques
Buy a YubiKey or set passkeys Email + banking first
Enable disk encryption FileVault / BitLocker
Turn on auto-updates OS + browser + apps
Audit Have I Been Pwned Rotate any leaked credentials
Set up backups (3-2-1) + test the restore
Freeze credit at all bureaus Experian, Equifax, TransUnion