Security & Safety Resource Center

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

You might have heard that deleting something from a device or hard disk drive doesn’t really erase it, and that’s true. Accordingly, be careful if you ever throw away a hard drive or resell an old PC since your old activities and files are theoretically still recoverable. It might make sense to use a deep deletion utility first, or to remove the drive and put it into storage.

Antivirus solutions are among the oldest cybersecurity platforms out there, and they’re still vital pieces of the protective puzzle. Suites like Ultimate Internet Security from Total Defense provide advanced virus detection and mitigation so that you can browse, buy and chat with confidence.

What’s the most sensitive transaction you conduct online? Chances are, it’s either managing an online bank account, buying something or performing some task that requires your Social Security number. In all instances, restrict these activities to devices you own, connected to trusted networks like your home Wi-Fi, cellular connection or a virtual private network.

Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable. Avoid applications that seem suspicious, and modify your settings to limit the amount of information the applications can access.

To prevent attackers from stealing your personal information, online submissions should be encrypted so that the appropriate recipient can only read it. Many sites use Secure Sockets Layer (SSL) or Hypertext Transport Protocol Secure (https). A lock icon in the bottom right corner of the window indicates that your information will be encrypted. Some sites also indicate whether the data is encrypted when it is stored. If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor’s system could access your personal information.

Creating passwords is both an art and a science. It should be complex enough to thwart common guessing methodologies, but easy enough to remember. One way to strike a balance is to use an abbreviated phrase interspersed with a number and a special character, if applicable. That combination will give you a long yet memorable password for each account.

The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it easier to be more vicious because there is no personal contact. Unfortunately, the internet and email can also increase the visibility of the activity. Information or pictures posted online or forwarded in mass emails can reach a larger audience faster than more traditional methods, causing more damage to the victims. And because of the amount of personal information available online, bullies may be able to arbitrarily choose their victims.
What you can do to stop cyberbullying.

Many public access points are not secured and the traffic they carry is not encrypted. This can put your sensitive communications or transactions at risk. Because your connection is being transmitted “in the clear,” malicious actors could use sniffing tools to obtain sensitive information such as passwords or credit card numbers. Ensure that all the access points you connect to use at least WPA2 encryption.

If you’re flying somewhere, you might feel compelled to post a photo or video of your boarding passes to a social network like Instagram. It’s a risky move, though, as strangers can use the information contained in its various codes to change your contact information with the airline or even alter your reservation. Handle your boarding pass as if it were a credit card to stay safe.

Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly. The best approach is to adopt the highest level of security and only enable features when you require their functionality. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

If you ever want or need to change your phone number, be sure to check on your two-factor authentication (2FA) setups first. Many 2FA services use your phone number, meaning you might no longer get the needed texts or calls to access your accounts after changing. Use alternatives like authenticator apps or trusted devices instead of phone numbers for 2FA.

Some smart TVs can be controlled with simple voice commands. Voice makes it easier to change channels or open apps, while creating some new privacy risks. The TV itself might be constantly listening to your conversations to collect audio data and then sending this information to a server over an unencrypted connection. Turn off this voice-related features if you don’t absolutely need them.  

Automated service agents, AKA chatbots, have become increasingly important parts of customer engagement. They can be helpful, but sometimes awkward and even risky to interact with. If you get an unsolicited call asking “can you hear me?,” a voicemail saying your “warranty” (or something else you don’t even have) has expired or a chat asking you to enter sensitive information, do not engage and simply move on.

Multi-factor authentication (MFA) is a method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).

Just as it’s impossible to unring a bell, it’s difficult to control sensitive information divulged in emails, as it might be intercepted or surfaced in searches even long after the fact. Don’t share personally identifiable information over email if at all possible. In particular, do not hand it over in response to unsolicited requests from strangers.

Ransomware is a scourge. It denies you access to important files while demanding you pay for the right to have them back. Maintaining regular backups is a great hedge against ransomware. Instead of paying the ransom (which doesn’t guarantee safe return of your assets anyway), restore from a backup.

Backing up your data is essential. However, it’s easy to neglect since it can seem complicated. The good news is that you can make backups very straightforward with a solution such as Total Defense Ultimate Internet Security, which can automatically back up important files and allows for one-click restorations.

You can more easily manage notifications and offers from online retailers by creating an email address solely for engaging with them. This setup has the added benefit of making it easier for your to spot scam emails, which are often disguised as promotions, that wind up in your primary personal inbox.

End-to-end encryption means a message is protected throughout its entire journey from sender to receiver. Many common forms of communication, from email to many chat apps, don’t enforce it, though. Look for apps that provide a detailed explanation of their encryption measures, and explore encrypted email if you are worried about the contents of your inbox being exposed.

There’s nothing wrong with holding on to a phone, tablet or PC for years, with two important qualifiers. If its support has reached end-of-life and connected to the internet, you should consider moving on. Devices that meet these criteria are at heightened risk of malware infections since they contain unpatched vulnerabilities.

Decluttering is associated with wardrobes or collections of physical item such as books, but it’s just as applicable to digital assets, too – like your apps. If you’re updating apps and notice one that you haven’t used in months or even ever, delete it. You’ll be saving yourself not only a potential privacy and security risk, but also some valuable storage space.

April 2, 2003: Graybird is a Trojan horse that hides its presence on the compromised computer and downloads files from remote Web sites. There are many variations of this virus such as Backdoor.Graybird.P (the most recently discovered variation). It affected Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP, and Windows Vista.

Chances are that when you need technical support, you’ll reach out to the company – not the other way around. The latter situation is common with many scams, though. Someone will call or email you and ask you to take a few (likely compromising) steps, such as revealing your Social Security number or account login credentials. Never engage with a technical support member unless you’ve initiated contact via a trusted channel first.