We told you how to tell if you’re infected with malware. We told you how to clean up the infection if you get it. How about how to stop the infection from happening in the first place?

Yes, it’s possible to clean up an infected computer and fully remove malware from your system. But the damage from some forms of malware, like ransomware, cannot be undone. If they’ve encrypted your files and you haven’t backed them up, the jig is up. So your best defense is to beat the bad guys at their own game.

While no single method is ever 100 percent fool-proof, there are some tried and true cybersecurity techniques for keeping malware infections at bay that, if put into practice, will shield you from most of the garbage of the Internet.

Without further ado:

Protect vulnerabilities
One of the top delivery methods for malware today is by exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that’s an unprotected operating system, a software program that hasn’t been updated in months, or a browser whose security protocols aren’t up to snuff (we’re looking at you, Internet Explorer).

Here are some ways you can protect against exploits and shield your vulnerabilities:

  1. Update your operating system, browsers, and plugins. If there’s an update to your computer waiting in queue, don’t let it linger. Updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered. So while you leave those programs alone, cybercriminals can find their way in through the vulnerabilities.

    Bonus mobile phone tip: To protect against security flaws in mobile phones, be sure your mobile phone software is updated regularly. Don’t ignore those “New software update” pop-ups, even if your storage is full or your battery is low.

  1. Enable click-to-play plugins. One of the more devious ways that exploit kits (EKs) are delivered to your computer is through malvertising, or malicious ads. You needn’t even click on the ad to become infected, and these malicious ads can live on prestigious, well-known sites. Besides keeping your software patched so that exploit kits can’t do their dirty work, you can help to block the exploit from ever being delivered by enabling click-to-play plugins.

    Click-to-play plugins keep Flash or Java from running unless you specifically tell them to (by clicking on the ad). The bulk of malvertising relies on exploiting these plugins, so enabling this feature in your browser settings will help keep the EKs at bay.

  1. Remove software you don’t use (especially legacy programs). So, you’re still running Windows XP? Microsoft discontinued releasing software patches for this program in 2015. That means you’re wide open to exploit attack. Take a look at other legacy apps on your computer, such as Adobe Reader or older versions of media players. If you’re not using them, best to remove.

Watch out for social engineering
Another top method for infection is to scam users through social engineering. Whether that’s an email that looks like it’s coming from your bank, a tech support scam, or a fishy social media campaign, cybercriminals have gotten rather deft at tricking even tech-savvy surfers. By being aware of the following top tactics, you can fend off uninvited malware guests:

  1. Read emails with an eagle eye. Check the sender’s address. Is it from the actual company he or she claims? Hover over links provided in the body of the email. Is the URL legit? Read the language of the email carefully. Are there weird line breaks? Awkwardly constructed sentences that sound foreign? And finally, know the typical methods of communication for important organizations. For example, the IRS will never contact you via email. When in doubt, call your healthcare, bank, or other potentially-spoofed organization directly.

    Bonus mobile phone tip: Cybercriminals love spoofing banks via SMS/text message or fake bank apps. Do not confirm personal data via text, especially social security numbers. Again, when in doubt, contact your bank directly.

  1. Do not call fake tech support numbers. Ahhh, tech support scams. The bane of our existence. These often involve pop-ups from fake companies offering to help you with a malware infection. How do you know if they’re fake? A real security company would never market to you via pop-up saying they believe your computer is infected. They would especially not serve up a (bogus) 1-800 number and charge money to fix it. If you have security software that detects malware, it will show such a detection in your scan, and it will not encourage you to call and shell out money to remove the infection. That’s a scam trying to infect you. Don’t take the bait.
  2. Do not believe the cold callers. On the flip side, there are those who may pick up the phone and try to bamboozle you the good old-fashioned way. Tech support scammers love to call up and pretend to be from Microsoft. They’ve detected an infection, they say. Don’t believe it.

    Others may claim to have found credit card fraud or a loan overdue. Ask questions if something feels sketchy. Does the person have info on you that seems outdated, such as old addresses or maiden names? Don’t confirm or update the info provided by these callers. Ask about where that person is calling from, if you can call back, and then hang up and check in with credit agencies, loan companies, and banks directly to be sure there isn’t a problem.

Practice safe browsing
There’s such a thing as good Internet hygiene. These are the things you should be doing to protect against external and internal threats, whether that’s losing your device, walking away from your computer, using public wifi, or shopping online.

“While many of the threats you hear about on the news make it seem like there is no way to protect yourself online these days, the reality is that by following some basic tips and maintaining good habits while online, you will evade infection from over 95 percent of the attacks targeting you,” says Adam Kujawa, Head of Intelligence for Malwarebytes. “For that last 5 percent, read articles, keep up with what the actual security people are saying, and follow their advice to protect yourself.”

So here are some of the basics to follow:

  1. Use strong passwords and/or password managers. A strong password is long, is not written down anywhere, is changed often, and isn’t tied to easily found personal information, like a birthday. It’s also not repeated for different logins. Admittedly, that’s a tough cookie to swallow. If you don’t want to worry about remembering 5,462 different rotating passwords, you may want to look into a password manager, which collects, remembers, and encrypts passwords for your computer.
  2. Make sure you’re on a secure connection. Look for the padlock icon to the left of the URL. If it’s there, then that means the information passed between a website’s server and your browser remains private. In addition, the URL should read “https” and not just “http.”
  3. Log out of websites after you’re done. Did you log into your healthcare provider’s site using your super-strong password? You could still be leaving yourself vulnerable if you don’t log out, especially if you’re using a public computer. It’s not enough to just close the browser tab or window. A person with enough technical prowess could access login information from session cookies and sign into a site as you.

Layer your security
Sometimes all the safe browsing and careful vigilance in the world can’t protect you from all threats. Sometimes you need a professional to catch all the poo that cybermonkeys are flinging. So to keep your machine clean, invest in security software and layer it up with the following:

  1. Use firewall, antivirus, anti-malware, and anti-exploit technology. Your firewall and antivirus programs will detect and block the known bad guys. Meanwhile, your anti-malware and anti-exploit software can fend off sophisticated attacks from unknown agents, stopping malware infection in real time and shielding vulnerable programs from exploit attack.

Security professionals agree a multi-layer approach—using not only multiple layers of security technology but also user awareness—helps keep you protected from the bad guys and your own mistakes. Now go forth and fight malware!