Online Security Tips
While online banking is safe, as a general rule you should always be careful about giving out your personal financial information over the Internet. Review the following tips to protect your personal information while using the Internet.
HELPFUL TIPS TO PROTECT YOU
Listed below are helpful tips to help protect yourself while navigating the Internet.
- Regularly log into your online accounts to verify that your bank, credit, and check card statements and transactions are legitimate.
- Be suspicious of any e-mail with urgent requests for personal financial information.
- If you receive an unsolicited e-mail from any source asking you to click on a link to visit a site and input personal data, be very wary of it.
- Be cautious about opening any attachments or downloading any files from e-mails, regardless of who sent them.
- Instead of clicking on links in emails, type in the URL that you're familiar with, such as www.profinium.com or select the Web address saved in your browser's "Favorites".
- If an offer sounds too good to be true, it probably is and should be avoided.
- If you have any doubts about the validity of an email, contact the sender using a telephone number you know to be genuine.
- Before you initiate an online transaction, make sure your personal information is protected by looking for indicators that the site is secure. URLs for secure sites typically begin with "https" instead of "http" and display a lock in the lower right corner of your browser.
- Use anti-virus software and keep it up-to-date.
- Make sure you have applied the latest security patches for your computer. Most software providers, like Microsoft, offer free security patches.
- If you have broad-band Internet access, such as cable modem or DSL, make sure that you have a firewall.
We take numerous steps to keep your account information secure. However, you must take precautions as well.
- Choose a good passcode- Your online passcode, along with your access ID, authenticate your identity when accessing online accounts. You should carefully select a passcode that is difficult to guess and not use personal information or a word that can be found in the dictionary.
- Keep your passcode safe- Even the best passcode is worthless if it's written on a note attached to your computer or kept in your checkbook. Memorize your passcode and never tell it to anyone.
- Change your passcode regularly- It's important to change your passcode regularly. Every time you choose a new passcode, our online banking system runs a quick program to test its safety. If we can guess it, we will immediately ask you to choose another one.
- Remember to log off properly- You may not always be at your own computer when banking online. Therefore, it's important to log off using the "log off" link at the top of each Internet banking page. If you forget to do so, the system automatically signs you off after 10 minutes of inactivity.
At home or at the office, make cyber security part of your daily routine. Would-be attackers are generally indiscriminate; they look for opportunities to take advantage of people or situations no matter who or what. So help keep the conversation about security going. Inform your parents, friends, colleagues and kids of ways they can protect themselves and their information.
What you can do
• Use strong passwords, and change them often
• Store the passwords in a password vault -- don't write them down
• Look for and use encrypted websites and protect your information with encryption
• Inform your children of online dangers and teach them how to avoid pitfalls
• Only download and use legal software from reputable sources
• Keep all your devices up-to-date with the latest patches
• Use a personal firewall on your computer with auto-updating anti-malware software
• Use a firewall on your home network and password protect your Wi-Fi
• Turn off Wi-Fi and Bluetooth on your mobile devices when not in use
• Have limits with social media and remember the Internet is forever
• Know what you are agreeing to when using online services
• Backup your all your data: 3,2,1
• Don't click on links in email messages and don't participate in chain messages
Most importantly: See Something, Do Something! At the office know who to contact if you suspect a breach, virus or suspicious activity. At home you can contact local law enforcement, as well as several federal agencies to report cyber-criminal activity of all sorts. Together, we must remain vigilant!
Use Strong Passwords
Passwords are naturally subject to many different attacks. Making your password strong can limit the success of humans and/or computers in guessing your password.
What can you do?
When it comes to a good password, length equals strength. Adding numbers and special characters is good, but still not as important as the overall length of the password.
Avoid your username, conventions of the same password with just a different digit, seasons, and other easily guessable aspects to your password. The strongest passwords are in fact "passphrases" – essentially sentences – that are easy to remember and increase length. Favorite movie lines, song lyrics or even jokes are a few ways create passphrases. Once your passphrase is established, adding a mixture of case, numbers, and symbols adds another layer of complexity.
By today's standard computing power, any password of any 8 character combination is generally considered 100% guessable, so try to create passwords that are at least 16 characters and even longer when possible.
Install and Update Anti-Virus Software
One of the top methods of computer attacks comes from malicious software (malware); to the extent that there are tens-of-millions new pieces of malware each year. Malware can be transmitted to a computer from file downloads, email attachments, USB thumb drives and other removable media. To make matters worse malware is often disguised as something safe or even helpful like anti-virus software.
What can you do?
Install anti-virus software--something that is going to address all types of malware. Choose a reputable anti-virus manufacturer (e.g. McAfee, Kaspersky, Sophos, Symantec).
In this space, you get what you pay for. With tens-of-millions of new pieces of malware developed each year, you need a team of dedicated professionals to keep the software effective. A paid subscription is well worth it.
Next, use that subscription and keep the software AND the virus definitions/signatures up-to-date. Use auto-update options within the software to check at least daily for updates to both. There are some days when vendors release thousands of new definitions/signatures through-out a given day – timing is everything if a new piece of malware is on the rampage!
Any time you use USB thumb drives (or other removable media) run a "full scan" on it. Often you will have such an option if you right-click on the drive letter in your explorer window. Be sure this is the first thing you do after connecting it to your system. Keep in mind that portable media like USB devices can carry all sorts of malware so make sure, even before plugging it in, you know where it came from.
This also holds true for email. All email attachments should be scanned before they are opened. Even though your email may be filtered by anti-virus before it gets delivered to you, take the extra step to scan again. You may have the option by right-clicking on the attachment, or some anti-virus programs will scan as soon as you attempt to open it. Know how your version works – either way give it another scan.
Only Download Software from Reputable Websites
Software downloads are a great way to disguise malware. There are numerous sites that serve as repositories for independent developers and/or open source software, which makes validating the source of the software and the download difficult. Without knowing where the software or the download originated, you could expose yourself to some very harmful software.
What can you do?
Major software vendors that we are all familiar with operate their own websites to distribute or sell their own software. Use a major vendor's site to download their software whenever possible.
How can I safely get software from open source or independent developers?
Even open source projects typically have their own websites where you can safely download the software. First, search for favorable references to the project or developers from sources like industry news and review sites or software publishers you've worked with in the past. There are trustworthy software repository for lots of independent developers and open source software. These sites typically take steps to scan the posted software for malicious intent to protect their users and their reputation as a trusted source. Even with trusted repository sites, it's important that you still consider the publisher of the application.
Know Your Location Settings
Have a mobile device? Then your location is probably being tracked at the expense of your privacy (and battery life). For you it's about convenience, but for your carrier, phone and application providers, it's about marketing profiles. Without taking certain steps, the information on where you are and where you have been is being shared with them.
What can you do?
The best thing you can do is be aware of Location-Based Services (LBS) and enable the service for your benefit – not the carriers, application vendors and phone providers. The more information organizations can obtain about you, the more focused their marketing and advertising can be. Knowing your location gives them personal insights into your daily routines or can alert them to deliver a specific ad based on where you are at that time.
For some this type of tracking isn't an issue, for others it is. The key is understanding how LBS can impact your privacy. Every mobile platform and operating system has LBS as a service. Many default to enabling it for all apps that want to know your location. This default allows you to be served location-based advertisements by apps and carriers, but more importantly it opens the door for behavior modeling.
Be selective about which applications you allow to use LBS – Maps, yes; Facebook, maybe; Find your phone, yes; Yelp, possibly; Angry Birds – No! Outside of the obvious location based applications I would turn it off. When an application prompts to use your location information, think about it before saying "Yes." A good rule of thumb: If it won't help you find, just decline. If you do allow your location information to be shared with an app, remember to go back and turn-it off. Your privacy and battery life will thank you.
Safely Store Your Passwords
Your password is the "key" to your account, your information and your digital life. In the wrong hands these "keys" can cause heartache and headache, and they might even cost you money.
What can you do?
NEVER write down your password and NEVER store it in your browser. If you have many user names and passwords (as we all do), it's impossible to remember them all. Some form of storage is needed.
Instead of putting them in your browser, planner or wallet, use one of many available "password vaults." Also called "passwords safes," these applications are available for download on your computer, as an online service, and as an app for your smartphone. All have various pros and cons offering different levels of functionality and security. When selecting a password vault, consider how you want to store passwords and later access them. Search for user ratings and know security issues with the programs implementation or developer.
When you set up your password vault, make sure it has a VERY strong password that you have memorized. Guard it with your life.
Look for the Certificate
It's never been easier to shop, apply for loans, transfer money, or set doctor appointments. We transmit all sorts of financial and personal information across the Internet, and it all needs to be protected (encrypted) as it zigzags across cyberspace.
What can you do?
Check your browser for a "padlock" icon and the protocol "https" preceding the URL. Most modern browsers provide a "green" indicator when there is a valid certificate and an encrypted protocol is being used. Before you enter personal information--even a password when logging in--look for the confirmation that encryption is in use.
You can take some additional steps if you are less familiar with the site, or have never used a site before. You can click on the "padlock" icon and view information about the certificate. It will tell you what third-party was used to issue the certificate and validate the website's ownership and existence. Sometimes you will even see the organization name as a "green bar" instead of just a padlock. This indicates that the organization asked a third-party to do "Extended Validation" where the certificate issuer validated the existence and address of the actual organization in addition to the website.
By default the most popular browsers trust certain third parties (Certificate Authorities or CAs) to issue certificates. If a certificate is not issued by one of the trusted CAs, the browser will warn you prior to connecting to the site that the issuer of the certificate is not trusted. For that matter, any time there is a problem with the certificate or even the absence of a certificate, your browser will show a warning. If you navigate to a site where the browser has warned you, NEVER enter personal information or passwords. The site cannot be trusted.
Install and Enable a Personal Firewall
At the office you are probably familiar with the notion of a firewall. Even at home your router likely provides firewall protection, acting as the "security guard" allowing only the good in and out. If you're like many people, though, you don't just access your home and work networks. Laptops enable us to move from networks at coffee shops, airports, libraries, hotels, and other places were you don't know what protections are being used or who is on those networks and what they can see and access on your laptop.
What can you do?
You don't need to lug around a special device. Instead you can use what is known as a "personal firewall." Often this functionality is included with your anti-virus software or your operating system. Make sure it is on and active!
There are clear advantages to using a firewall that is bundled with your anti-virus software. When the two work together, they can detect more behaviors and better know what to block and what to trust.
Setting up a "personal" firewall the first time often requires tuning. It learns what is good and bad by asking you about applications and the network traffic they are generating. Take your time to read each pop-up, and don't blindly click "accept"--double-check it! You can always make adjustments later, but it's better to get it right from the start, otherwise you may be telling your firewall to trust application traffic that really shouldn't be trusted.
Personal firewalls don't just apply to laptops. In the case of desktops it's good to follow the concept of "layered protection"--the idea that having two layers of protection is better than one. So go ahead make sure your personal firewall is up and running, and take another step to protect your information.
Beware of Phishing
Phishing is one of the most commonly used attacks against users. By way of email, those with malicious intent will contact unsuspecting persons asking them to click a link or download a file. Generally, the end goal is to infect the user's computer with malware or get them to submit important personal information.
What can you do?
Understand that "spam" and "junk" filters do not catch all malicious emails. Secondly, know what signs to look for in a phishing email. The vast majority of phishing attempts are fairly easy to recognize and avoid. Here are a few aspects of phishing emails that can help you recognize their true nature:
- Look at the "From" address. Be sure you recognize it. Then take a second look at the domain name (that's the name after the @ symbol). Make sure it's spelled correctly. At the office, an internal email from your co-worker would display only his or her name. If it also shows the full email address, it came from the outside.
- Look for a "Reply" address that matches the "From" address.
- Check that the message is well composed with the grammar and spelling you would expect from the sender, whether it's your boss, your brother or your bank.
- If there is a link in the email, does it match the destination? By hovering your mouse over the link (without clicking on it), your email application will show the actual destination of it. Again, take a second look at the domain. Be sure it is a domain you would expect. Misspelling a domain is very common tactic (microsoft.com vs. microsft.com). At a glance they look the same, but one will take to Microsoft and the other will take you somewhere you don't want to go.
- Does the email ask you for personal information? Most organizations would never ask for personal information in an email or ask you to "re-confirm" your passwords and account information.
- Trust your gut! If something doesn't seem right it probably isn't. If you are not sure and are worried that there is something urgent that needs your attention, then contact that company/organization as you normally would. NEVER USE THE EMAIL LINKS OR ANY INFORMATION FROM A SUSPECTED PHISHING EMAIL (including the phone number!).
Understand that email phishing works on unsuspecting people every day. Even emails that seem farfetched ("Send me $100,000 so I can give you my inheritance") work all the time, but those aren't the only emails that get sent. There are often crafty and well-constructed emails that require a close look to notice they are malicious. So take that second look and check before you click, download, or enter your information.
Use Different Passwords
You have lots of accounts. Don't use a single password for all of them, or for that matter, any of them. If one of the systems that stores your account information is hacked, any other account with the same password becomes vulnerable. Never use the same passwords for systems at the office as you do for personal accounts.
Ideally every system, service, and website should have a different password. Many times when there is a breach or passwords are guessed, that account information is tested at many other popular sites and services. Using a de-facto master password for all your accounts could expose them all in the event of a single password compromise. This is especially concerning if the password is also used for company systems and applications, too.
It may seem daunting to have all your accounts with unique passwords, but using a password safe/vault (See Security Tip #5) is a good way to manage the problem of volume while providing strong passwords with all your accounts – and siloing them from each other.
Five Ways to Secure Your Mobile Device
Technology advances have allowed mobile devices to work wonders in the palm of your hand. Mobile devices such as smart phones have made it easier to surf the Internet, check emails, VPN into work and even shop online from almost anywhere. When you add all the stored data on a mobile device with all of its features and abilities, you get an incredibly valuable piece of technology, which is why so many people say they cannot live without them.
Many people wouldn't trust their best friend, let alone a stranger, to use their smart phone. This is why mobile device manufactures have implemented security controls such as passwords and timeouts. When a smart phone is stolen or left behind--something that is becoming more and more common--the odds of getting it back are pretty slim. That combined with the access capabilities and data stored on the device explains why most companies consider a stolen or misplaced mobile device a security breach and implement controls and policies to remotely wipe the device of the wealth of sensitive information it contains.
What can you do?
1. Use long passwords (See Tip #1). Refrain from using pattern passwords because they are easy to guess. Most mobile device screens contain skin oils making the password pattern visible.
2. Set a timeout of no longer than 5 minutes requiring a password to unlock the device. This keeps your device safe from not only thieves but also nosy friends and family members.
3. Encrypt the SD card on the mobile device. This keeps your data safe even when your device is lost or stolen.
4. Run backups. How many phone numbers can you actually memorize if you needed to re-create your contact list?
5. Invest in an application that uses GPS to locate the device and has the ability to remotely wipe the data. Frequent backups are required if this option is used.
Use a Hardware Firewall on Your Home Network
While a software firewall on your computer is an excellent first step (See Tip #7: Install and Enable a Personal Firewall), it doesn't offer the same level of security as a hardware firewall. At the same time, not all devices on your network will have one either. A hardware firewall acts as a physical barrier that will shield your home network from unwanted and possibly malicious traffic.
What you can do
Make sure your router at home has a firewall built into it. Most do, but if your router was provided by your ISP ultimate control of your home network still rests with them. Inexpensive routers can be purchased at most retail stores and will allow you to take ownership of your security.
Know Who You Are Talking To
It's easy to lie about who you are on social virtual networks. Whether it's a small omission on a profile or something more nefarious, there is no question that people are generally free to create whatever identity they want online. That freedom occasionally leads to extreme cases of complete identity manipulation.
There are many serial predators online with fake identities waiting to victimize you. It's up to you to do the digging to know who is on the other end of the screen. Are they the real thing or something else? How can you trust that they are who they say they are? Do you take the same precautions on the Web that you tell your children?
What you can do
• Always think twice!
• Remember that online friends are not the same as real-life friends.
• Never agree to meet someone by yourself if you do not know them.
• Do not give your personal information online. Keep your last name, address, and phone number private.
• Profiles can be fake; don't trust simply on what is posted online.
• Understand the potentially dangerous situations that could occur online and in real life, and be certain not to expose yourself to them
Secure Your Wi-Fi with the Same Password Rules You Use for Your Computer
Your Wi-Fi password is broadcast over the air every time you turn on your computer. Hackers can trick your computer into resending the password any time that it's connected, and they can do it from across the street. When they see the password has been sent they can go home and let their computer break it. The time it takes to crack your password could be five minutes or five months depending on its complexity. When they come back will the same password still work? Once on your network they'll be able to watch everything you do online.
What you can do
Review your router's manual for information on connecting to the router's management interface. While on wireless, you usually just need to type http://192.168.0.1 into your web browser. Navigate to the wireless or wireless security screen and update the password making sure it is at least 16 characters long with letters, numbers and symbols. While there, make sure you're using a version of WPA2 wireless security protocol. It should be a radio button on the same interface. When you're done you will need to update the password on all of the devices that connect to your home network. You should repeat this process at least four times a year.
Keep Your Software Up-to-Date
Criminals and hackers are always looking to exploit holes within software to gain access to your computing devices. One method they use is to look for vulnerabilities within software code to target their attacks. Once these vulnerabilities are discovered, software providers re-write or update their software code to "patch" the holes so that they cannot be exploited. In fact, in 2012 Microsoft released 83 security bulletins to patch holes discovered in their software.
Microsoft isn't alone in the battle between finding and patching these holes. All software providers are in this cat-and-mouse game of staying ahead of the criminals. That is why it is important to update your operating system and installed software regularly.
What you can do
Make sure your software is up-to-date:
• Know what software you have installed.
• Check to see that you have the latest version – software and operating systems are dropped from support, so be sure you use a version that is actively being supported
• Check for new security patches and updates on a regular basis – the more frequent the better.
• Whenever possible, use an automatic updating feature and make sure you turn it on!
Patch Your Mobile Device Apps and Operating System
Reality check--your mobile device in most cases is just like your computer. You can access all the same information, store critical data, and conduct a significant portion of your business from it. Just like your computer, your mobile device can be exposed to vulnerabilities in poorly written software and holes in the operating system that your device runs on. The same care and consideration used to safely run a computer should be used on mobile devices to keep them secure.
What can you do?
Keeping your software up to date on your phone or tablet is pretty straightforward. Your operating system and application providers are constantly identifying enhancements and fixes in their software and publishing updates. Applying these updates in a timely fashion removes the identified vulnerabilities and reduces the risk of someone, or something, taking over your device or accessing information that is private or confidential.
It's also important to know that vulnerability in an application can expose your whole device – not just the data stored in that application. Look for updates wherever you purchase apps on your devices. Most smart phones and tablets have an automatic update feature for apps. Make sure it's turned on. If you are doing a major update to your Operating System it's a good idea to do a backup first.
Of course if your employer manages your mobile device you will have to consult with them on their policy for updating your device's OS and applications.
Secure Sensitive Data Before Moving It To The Cloud
Cloud storage services can hold files for you, but they do sometimes leak out. Consider what would happen if everyone in the world had access to your cloud storage folder. Would they be able to get into your bank account? Would they know when your house is empty? Encrypting this information before storing it to the cloud will help prevent this information in the event of a breach.
What can you do?
If you need to use a cloud storage service, create a secure container within your cloud storage that only you can access.
Limit What You Share On Social Media Sites
Social media sites are a great way to interact with other users over the Internet. Unfortunately a large number of social media users don't understand the importance of limiting what's posted on these sites. Attackers regularly use social media sites as reconnaissance tools. It's no longer surprising to hear about people falling victim to identity theft or networks being infiltrated because of information gathered from social media sites.
Profiles can include name, DOB, companies worked for, duration of employment, duties performed, experience, schools attended, and much more. All of this readily available information means that it wouldn't be hard to impersonate someone online. Similar information makes guessing someone's security questions easier, too. The more information obtained, the easier it is to craft credible attacks; whether it's gaining access to a system or influencing the target to take a certain action.
What you can do
• Assume that anything you post online is public and permanent.
• Don't post information that may damage you or your company's reputation.
• Be cautious of what you post as any information can be used to carry out additional attacks.
• Go through all your privacy settings and restrict who is able to view your profiles.
• Connect with people that you know.
Only Install Mobile Apps From Trusted Sources
Thousands of applications are downloaded each day for entertainment or to make our lives easier, but the fun and convenience offered by mobile devices comes an increased risk for malware. Money isn't just made from popular apps like Angry Birds. It is also lucrative to create malware disguised as legitimate applications to mislead users into allowing additional permissions that give access to accounts, storage, contacts, network communication, system tools and settings. Some malicious applications are known to mimic banks, deceiving users into entering their financial information.
Looking ahead it's only going to get worse as mobile devices become more affordable. Security software companies have already rolled out malware detection applications due to the amount of malicious software already discovered.
What you can do
• Download applications from trusted sources such as Google Play Store or Apple Store.
• For Android users, leave the check mark unchecked for the "Allow installation of apps from unknown sources" in the security settings.
• Read the ratings and reviews. People love voicing their opinions and frustrations especially when money is involved.
Refrain from "rooting" or "jail-breaking" your mobile device which grant administrative access and allows the installation of anything.
Don't Mix Business and Personal
Just like individuals, organizations are creating a strong presence online. Whether it's Facebook, Amazon, eBay or another--businesses are leveraging a lot of the same services that individuals use. If you're like most people, you probably tie your accounts to your email for notifications, management and the like. When your company is in need of one of those online services, it's all too easy to leverage your personal account for business purposes.
Privacy and risk are two very important issues that arise when personal and business accounts are connected. For privacy, the demarcations between your individual privacy versus company rights are blurred when accounts are co-mingled. From a risk standpoint, the amount of useful information to leverage for a targeted attack (against you or the company) can increase dramatically. The fallout from such an attack against a personal account tied to one at the office can have serious ramifications for your organization.
A third issue tied to the first two is connecting with co-workers socially. Doing so creates added context about you for attackers, and it also gives your colleagues and your company an invited look into your personal online life.
What you can do
The answer to this problem is simple, but implementation is more difficult. You need to clearly identify those sites, services and applications that are for personal use versus those used for business. Where the services cross over, establish two separate accounts (e.g. create a second Facebook account for business purposes). This is an absolute must if you are managing or contributing to any online service on behalf of your organization. Also, think about what would happen if you left your organization or changed positions/duties within it. How would you hand off the account to your successor?
When it comes to socially engaging online with co-workers, think carefully before you invite all of your co-workers to be your friends online. Consider exactly what information you want to share with them versus what you want to keep private.
In the end, when faced with the temptation to combine personal and business accounts for social, managerial or any other reasons, draw a clear line and keep them separate.
Turn Off Wi-Fi and Bluetooth
Wi-Fi and Bluetooth wireless technologies are very useful, and they are often set up to connect seamlessly to other devices or networks with no input from the user. As you move from home to the local coffee shop, your network connection just works -- or from a headset to your car, Bluetooth keeps your phone calls connected. What you may not realize is that these radio protocols are constantly announcing your presence, and they are capturing information about other wireless protocols around you. These protocols work by looking for "beacons" that match your saved connection profiles. All of this activity is happening constantly and is visible and can be tracked by anyone who is interested.
What you can do
Turn off your Wi-Fi and Bluetooth if you aren't actually using them. Disable "automatic" connections to your wireless profiles and only save wireless profiles that you actually need to save. When you have Wi-Fi profiles saved on your device your Wi-Fi radio is sending out requests for those profiles and essentially advertising what coffee you prefer, the hotels you've stayed at, where you work, airports you've visited and the name of your network at home.
If your mobile device or computer is set for "automatic" connections, anyone interested could say "I'm that network" and connect to your device -- then wait for your network requests to pass through their hands. And for various smartphone applications, the combination of GPS, Bluetooth and Wi-Fi offer great data sets for companies like Apple and Google to map out where you have been and what is around.
So keep the radios off that you aren't actively using to ensure that you are connecting to the network or device that you expect to. Doing so will decrease risk, increase privacy and as an added bonus it will improve battery life, too.
If You Aren't Using Encryption, You Should
All of the information we send and receive across the Internet is valuable. This is true for any website you use, not just those connected to financial services, and it's especially true if the site requires authentication. Even the data on your computer, tablet or smartphone is valuable – and you should take steps to protect it.
What you can do
Any time a site offers HTTPS for connections, use it. Whether it is Google Search, Gmail, Facebook, Twitter or eBay – opt for and set your bookmarks to the HTTPS version of the site. This will ensure that not only your password, but your entire interaction with the site is encrypted.
For your computer, tablet and smart phone, use encryption on your storage. For iOS, using a password on your device enables encryption by default. Android is a little more complicated, but well worth the effort.
Don't underestimate the loss if your tablet, phone or computer is stolen. It's easy to believe that it will never happen to you or think there is nothing that important on it, until you stop and really consider all the details of your life that are on the device. So take care to encrypt your data in transit and at rest -- opt for it every time.
Teach Your Kids To Be Good Online Citizens
The Internet is a wonderful place for kids to learn, play and discover, but it can also be a dangerous place if not used properly and under supervision. As parents, we must teach our kids how to safely use the Internet and how to be good online citizens.
What you can do
• Talk to your child about the potential dangers online.
• Spend time online together to teach your kids appropriate online behavior. Pay attention to the sites they use and show interest in their online communities and friends.
• Explain the implications of their online choices. Information that is shared including pictures, emails and videos can be easily be distributed to others and remain permanently online. Things that could damage their reputation, friendship or future opportunities should not be shared online.
• Protect your children from cyber bullying by limiting where and what they can post about themselves and family. Teach them how to respond if they witness or are a victim to cyber bullying. Visit http://cyberbullying.us/ for more information.
• Keep the computer in a common area, not in individual bedrooms, where you can watch and monitor use. This isn't about trust; it is about protection and open communication.
• Be aware of all the ways kids connect to the Internet. Phones, tablets, gaming systems and even TVs have become connected; teach your kids how to use each of these devices safely.
• Set up a separate account on your computer for your children to use that does not have administrator control if possible. This will prevent software programs, including malicious software/malware, from being downloaded without the administrator password. Do not share this password with your kids.
• Utilize parental controls on all Internet-enabled devices to filter, monitor and block inappropriate activity. OnGuardOnline.gov gives an overview of the different types of parental controls. Most Internet Service Providers (ISPs) have tools to help you manage your children's online experience, including blocking inappropriate websites and providing enhanced security features (e.g. pop-up blockers).
• Review the privacy settings on social networking, cell phones and other social tools your children use and decide together on which settings provide the appropriate amount of protection.
• Stay current with the technology your children use. The online world is constantly changing. It is important to understand the technology your children are using and the potential dangers that may be introduced. Be involved!
• Know who to contact in an emergency.
If you believe your child is in danger, visit http://kids.getnetwise.org/trouble/.
Backup Your Data
While it's impossible to predict when your hardware will fail, it's safe to assume that it will. What would happen if your phone and computer were caught in a fire? Would you still have access to your pictures? How much work would you lose? The best time to implement a backup strategy is before you need it.
What you can do
The standard backup strategy is 3-2-1. That means three copies of all important files, on two different mediums (hard drives and DVDs, for example), and one copy off-site. This can be implemented fairly easily by keeping important data in a designated folder on your computer. Frequently copy that folder to a thumb drive and burn a DVD with anything new. Off-site options might include sending the thumb drive to a friend or family – preferably one who lives a distance from you.
An even easier solution would be to store all of your files in an encrypted container that is synced with a cloud based file service. However, don't rely on cloud services as your only back up; you should continue to keep an additional copy of that encrypted container locally.
See Something, Do Something!
Personal ownership of security is important. Anybody can help reduce response time or prevent an attack from happening all together -- just by saying something.
What you can do
Be vigilant. For example, if you receive an email that asks you to download a patch or new software, notify someone in your IT department or your Security Officer. The same goes for physical security. If someone is loitering by a locked door or digging through a dumpster, contact your Security Officer. Whether on your computer or around the office, if you see something that isn't right; do something.
Don't be afraid to "Stop, Challenge and Authenticate." Stopping someone can be as simple as asking, "Hi, can I help you?" The next step is to find out if they should be there or not. Finally, ensure they are who they say they are and involve the Security Officer when appropriate. It's better to engage someone who does belong than to ignore someone who doesn't.
In the end trust your gut. If you see something that doesn't seem right -- it probably isn't! Do something!
Don't Forward Chain Emails
Email has become a part of daily life for most, but what many people don't know is how easily email can be taken over by hackers. Chain email messages are digital contents that are sent through email networks. A chain message, or chain email, is defined as any message sent to one or more people that ask the recipient to forward it to multiple others and contains some promise of reward for forwarding it or threat of punishment for not.
Why do people start off a chain email?
• To see how far a letter will go
• To harass another person (include an email address and ask everyone to send mail)
• To damage a person's or organization's reputation
• To trick people in to revealing their credentials
• To trick people in to sending money to the fraudster
What you can do
• Educate your kids that they recognize messages that are over-the-top or unbelievable.
• Don't worry about messages with scary subjects, for example: "If you don't get this to ten more people you will die in two days" – these are hoaxes
• Deleting any chain e-mail messages you receive, do not forward them to anyone.
• If you know the person who sent you the mail, you can respond to the sender with a request to not be included in the future.
Block or mark as junk email addresses that send unwanted emails.
Be Cautious When Using Public Computers
Many coffee shops, airports, hotels, printing/shipping companies and libraries have computers for public use. Certainly these can come in handy when your computer battery is dead or you are on a road trip and didn't bring your laptop along.
Whatever the reason, if you find yourself thinking about using a public computer, you may want to think again. Public computers may not have protections like anti-virus and firewalls. But even more importantly, you don't know what was installed prior to your session. There is no lack of opportunity for installing key loggers, remote access, or other monitoring tools on public computers, so when unsuspecting persons use the computer and log in to their email, Facebook or banking sites – their credentials can be harvested without any indication.
What you can do
Avoid using public computers if at all possible. Though some are managed better than others, it's hard to know the real state of that particular computer or how well it is protected. You may even want to think twice about document printing. If the document has sensitive information, is the hotel computer or printing/shipping computers the best one to use? Keep in mind that even loading a document on a computer to print, can leave copies of that document on the computer, print server, and the printer itself. So better safe than sorry and avoid using public computers!
Don't Use P2P Streaming
Files enclosed in torrents and advertisements on peer-to-peer (P2P) torrent and streaming sites are common attack vectors for hackers. Even media files can be infected with viruses and exploits. Users who believe they are "good at downloading" are as vulnerable to exploits as anyone else, while at the same time downloading copyrighted media and games from P2P networks or torrents are likely violations of media/game licenses. So not only could you expose yourself to infection by a virus, you could be breaking the law.
What you can do
Use games and media provided by legitimate companies. There are many safe and legal sources for downloading games and consuming media of all types. Be safe and support the author!
Think Before You Post
Like diamonds, your actions online are forever. The idea that you can completely "delete" or "remove" something is a fallacy. When you post, update or engage online there are numerous ways that your content gets backed-up, repeated, linked, indexed and otherwise spread across the Internet.
Today's speed of information sharing means that other users can rebroadcast your statements to any number of profiles and services within seconds, effectively creating thousands and thousands of copies.
Beyond rebroadcasting, search engines actively gather content across the Internet and store it on their databases, even storing the pages themselves. Organizations like Archive.org and the Library of Congress make it their mission to preserve the Internet by copying billions of pages. So whatever you post, comment, tweet or share is immediately captured by something you don't control – and can't delete!
What you can do
Employ what you've learned in communications about the responsibility of the sender and the perspective of the receiver. Quick phrases without context, mixed with emotion, and combined with a lack of non-verbal cues are easily misread. Always think about how you want to be viewed, and don't believe that it doesn't reflect on you away from the keyboard. If it's posted online – it does!
Online gaffes are played out online all the time--whether by a politician, a celebrity or even among your friends. Odds are you know someone whose relationship has been affected by something said online. So always take a moment before pressing "Enter," and exercise a strict rule about how and when you will engage online – remember this is ink for all the world to see, and not only immediately, but likely to the end of time.
Know The End-User Agreement
An End User Agreement (EUA) is a binding legal document between you and the service provider. This agreement explains your rights and obligations as the user of the product(s), although typically it focuses more on the rights of the provider. The "End User" is either you or your organization. Be cautious of what you are agreeing to. Before you click "Agree" you should read the agreement carefully to see if 1) your personal data is sold to third parties for advertising or telemarketing, 2) your data will become the property of the provider, and 3) you can even delete it. When you agree and use free services provided by Facebook, Google and countless others, understand that your data is the actual payment for the services rendered -- they own it.
What You Can Do
When signing up to any service, see how they protect your data and what they can and will do with it. Signing up for services that are free and offer "good deals" are usually the ones that are most interested in the data you enter and your usage data. Today it's incredibly difficult to avoid these types of services. Most importantly know what your personal data requirements are, the requirements of your company (if for company use) and verify that the service can meet those standards. It takes careful reading and understanding of the EUA to do so, and even services that have fees will limit the control and rights of the user. Everything costs something and the adage, "You get what you pay for," almost always applies -- read and know your EUAs!