How to know if you need PC security software

Modern operating systems come with free security tools.

Windows has Microsoft Defender. macOS has XProtect, Gatekeeper and other built-in protection.

These do a good job for most people and don’t get in the way of everyday use.

For many, these tools are enough.

That doesn’t mean you can relax. Online security is more about habits than products.

Online threats never go away

The internet remains dangerous. You’ll meet risks no matter how careful you are.

Paid software can help in some situations, but often your money is better spent elsewhere — such as training staff or learning how to spot scams.

Even the best security product won’t stop a well-planned social engineering attack Alert, well-informed users are harder to trick than any paid security software.

Backups are your strongest defence

If you make regular, encrypted backups, you can recover quickly after an attack. Backups neutralise ransomware — if you have a safe copy of your data, it can’t be held to ransom.

Choose at least two backup methods:

• A cloud backup service.
• A local hard drive or server, ideally removable and stored away from your main system.

Check your backups regularly to make sure they’re working. Don’t wait until disaster strikes to find out they aren’t.

Given a choice between buying security software or paying for backups, choose backups first. Some commercial security products include backup tools, but you can set them up yourself.

When to spend on extra security protection

When do you need to spend on paid security software?

• You handle personal or customer data — legal obligations apply.
• You store valuable or confidential information, such as business plans or designs.
• You are a likely target for cybercriminals or state-sponsored attackers.
• You work in politics or activism and face hostile actors.
• You take risks online, such as using porn, dodgy streaming, gambling or download sites.
• You manage a small business network or share systems with people who may be less careful.

In these cases, extra layers of protection can reduce risk. They won’t make you invulnerable, but they may discourage attackers looking for easy targets.

The short version

For most people, built-in tools, regular updates, good passwords, multi-factor authentication and solid backups are enough.

If you have extra risk factors, then consider paid software — but never as your only line of defence.

An earlier version of this post was published June 15, 2021.