AMHERST, N.Y. -- Few companies in the U.S. were hit by Friday's ransomware attack, but our computers are still at risk.

2 On Your Side's Kelly Dudzik spoke with cyber law expert and U.B. law professor Mark Bartholomew Monday. He says in order to protect your computer, you should install the security updates for your software, you should not click on any attachments or emails from sources you don't recognize, and you need to update your operating system.

He also says the people and companies impacted by the ransomware were using older operating systems they hadn't fixed with a patch.

"I think there's two things going on. One is there's people who just say 'I'm not going to bother to update because I don't think this will happen to me.' That's kind of human nature. But the other thing is, there are businesses that run old software, or public agencies that run old software, because they can't afford the updating. Microsoft charges you for these patches now for their old operating systems. And a business or a hospital even might not want to pay for this kind of update. And now they're subject to this kind of attack," says Bartholomew.

Bartholomew says in a way Microsoft is partially to blame for leaving people open to attacks because it charges money to get patches now for older operating systems. It offered free patches on Friday after the attacks started.

As of Monday night, NBC News reported that the ransom has only been paid for about 180 of the 300-thousand computers that were attacked.