So you’re on Facebook, and you receive a friendship request from a family member or close and trusted friend. You think nothing of clicking the Confirm button, then realize, “Wait, aren’t we already Facebook pals?” Or you receive an official-looking email from your credit card company, directing you to access your online account to execute a full profile update, or a notification from Netflix, announcing your account has been suspended unless you update your payment information. To click or not to click? That is the question.

What you don’t know about computer security and cybercrime can cost you, literally. Millions of people have found their bank accounts drained or their identities stolen by fiendishly clever cybercriminals who are only getting more daring and insidious in their bids to separate you from your savings. Siggi Bjarnason, a Seattle-based principal cybersecurity expert for T-Mobile, recently published an invaluable book, Your Safety and Privacy Online: The CIA and NSA, that provides the knowledge and tools a person needs to protect themselves.

Bjarnason writes in an accessible manner that will reassure the layperson who doesn’t know phish from malware that they can learn the basics and beyond of cybersecurity: 

There is talk in the industry about uneducated end users. Meanwhile, all training in that area requires a computer degree to understand. I aim to provide all the information an average computer user, without a technical background, would need to stay safe online in a friendly, helpful, and humorous manner. 

According to Kirkus Reviews, he succeeds: “The author largely delivers what he promises—a useful, sensible primer for the uninitiated on an essential and woefully esoteric subject. His expertise is beyond reproach.” That’s not a surprise; he’s been working in IT for more than 30 years. 

Bjarnason, who was born and raised in Iceland, had been “playing around” on computers for a year or two before he bought his first one—an Apple 2E—in 1982. But even as a young teenager, he was more likely to be learning BASIC programming language than playing “Donkey Kong Jr.” “I was just drawn to it,” he says. “I was never a gamer. Even when I was a kid, I spent most of my time [writing computer programs].”

Those were different times. “In those days,” Bjarnason says with a laugh, “there were no passwords.” He came to the United States in 1990 to attend Pacific Lutheran University in Tacoma, Washington. Upon graduation, he decided to explore job opportunities on his one-year work permit. “I thought, ‘Why not get some experience before going back home?’ ” 

He worked in a succession of IT jobs, including a stint at Microsoft. Computers and computer security, something he once considered a hobby, became his profession, and he earned his master’s in cybersecurity. One of his requirements for earning his degree was to write a paper, from which evolved Your Safety and Privacy Online: The CIA and NSA. It was a classic case of “one thing led to another,” the first-time author says. 

About that title: It’s a cheekily intentional example of clickbait, which Bjarnason defines as an intentionally provocative come-on in an attempt to get the computer user to click on a link to claim more viewers. He writes: “Usually, what [you] are doing is writing the title in such a way that the reader is bound to jump to the conclusion [you] want them to, which is not actually what [you] meant. Kind of like what I did with the title of this book.”

So, no, when Bjarnason refers to CIA and NSA, he’s not talking about the federal agencies, and no, the book is not some true-life Edward Snowden–like conspiracy tale. Instead, the references are acronyms related to computer security (NSA, for example, stands for Network Secure Architecture).

In the early 1980s, before computers were so embedded in our everyday lives, Hollywood produced movies that portrayed them as sinister contraptions of which we should be wary. One of Bjarnason’s favorite movies is the Matthew Broderick thriller War Games, in which a young computer whiz unwittingly and accidentally brings the world to the brink of war.

“My view of that movie is less about computers being scary and more about the insecurities being exploited,” he explains. “Broderick wasn’t a hacker, but he almost started World War III because he was playing around in a system he didn’t understand. There was no security in place.” 

That’s where Bjarnason and his book come in. “My goal is to help educate people on how to be safe online,” he says. “This book is for everyday folks, like my dentist or my doctor, who are dependent on computers for many different things but don’t really understand security online.” (Bjarnason also operates a website, InfoSec Help, that likewise identifies cybersecurity threats that can menace people’s computers.)

Bjarnason identifies the two most common mistakes people make regarding online security. The first is password maintenance. “A good password is something that’s long—at least 16 characters long—better a phrase or sentence than simply a word,” he advises. “The longer it is, the less likely it is that someone would be able to guess spelling or capitalization.” 

The second most common mistake people make is “clicking on links you shouldn’t be clicking on,” Bjarnason cautions. He spells it out in his book: “Critical thinking skills play a pivotal role in your online safety. In short: “If you don’t know what it is, don’t touch it.” 

Your Safety and Privacy Online covers a wide range of threats. In addition to scams and identity theft, Bjarnason also cautions users about threat actors who install malware on your computer. “A lot of people say I’m not worried about cybersecurity because there is nothing they can steal from me,” he says. “That is the wrong attitude, because it’s not just about stealing from you. It means a cybercriminal will compromise your computer so they can take your computer over and throw law enforcement off the scent. If your computer is used for criminal activity, the first call made by police will be to you and not the actual criminal.”

Another dangerous assumption people have is that computer experts are staying ahead of the hackers and cybercriminals. “It’s such a challenging proposition,” Bjarnason says. “The cybersecurity industry as a whole is constantly behind the eight ball simply because a cybercriminal only has to be lucky once.”

Donald Liebenson is a Chicago-based writer.