The price of online freedom is eternal vigilance. That’s the lesson cyber thugs keep shoving in our faces with attacks that steal identities, freeze networks, and make computer data disappear.

As Federal Trade Commissioner Terrell McSweeny suggested on C-SPAN, some blame for invasions and lockups can be put on internet service providers, which could be better gatekeepers, and on companies that make easily hacked IOT (internet of things)-connected gadgets.

The FTC is now bringing action against dozens of hardware makers that don’t follow “best practices rules” to safeguard consumer privacy and security, she said. And the commission would press broadband service providers harder to do the right thing, were its mission legally blessed by Congress and not being challenged in federal court (by AT&T Mobility).

So where does all that leave us consumers? Don’t wait for Congress to rescue you. It’s time to take the law into your own hands.

1. If you’re still running Windows XP, 8, or the newly support-expired Vista OS, buy Windows 10 software. Or better, a brand-new computer. As the gang at Lifewire point out, even a new entry-level $500 PC will run circles around your old XP-fitted model.

2. Turn on the Windows Update auto-patching feature on your Windows 10 computer that you turned off because it was so annoying. It used to be that those updates would rudely take over a computer as soon as a user signed on, disabling the machine for five to 10 minutes. That quirk has largely been eliminated in the Creators update.

3. You’ve probably heard the mantra that backing up all your data to an external hard drive or the cloud will save your butt if your computer crashes or is locked up. But know that creepy ransomware has long tentacles and can lock up backup devices and even cloud storage, too. So it’s wise to disconnect the hard drive as soon as you’re done with a data transfer. Or use a cloud service like Dropbox that offers “automatic versioning.” (It recovers an earlier version of the data if the last version has been encrypted.)

4. With vulnerable browsers and plug-ins such as Flash or Java, malware can sneak into your system when you visit a tainted site or tap on the wrong link or pop-up advertisement (often touting, ha ha, fake malware-protection software). To improve the odds, keep your browser and associated plug-ins up to date. And hover over a hyperlink (without clicking on it) to see if it points you to someplace strange.

5. Invest in an antivirus solution. Bitdefender and Norton are old reliables, though the latter sure took its good time before informing users that WannaCry had been neutralized. If your security suite is old, it might not have any protection against ransomware. To fill the gap, install a dedicated, free utility such as Cybereason Ransomfree and Malwarebytes Anti-Ransomware.

6. Don’t be a dodo and click on an email attachment from an unknown source. Or even from a sender that seems familiar but a little off. Say, the sender’s name or message has a spelling error. Or the enticement is vague: “Hey, look at this!” If in doubt, write back to an address you know. And spread the word to the IT department: “If you see something, say something.”

7. Don’t pay the WannaCry ransom ($300 in Bitcoin, per terminal). The culprits aren’t dipping into the kitty and the promised unlocks aren’t happening, reported Chris Wysopal, CTO of application security company Veracode.