Total Defense

Security & Safety Resource Center

Learn about today's current internet threats and how to stay safe and secure.

Security Tip of the Day

Daily tips to create awareness of cyber threats and empower Total Defense users to be safer and more secure online.

October 2019

Turn off auto-listening on a smart speaker if you’re not currently using it

Smart speakers like Amazon Alexa and Google Home listen for certain keywords that wake them up and prompt them to answer questions. You can turn this listening behavior off by pressing a button on the speaker itself. Doing so might be advisable if you’re concerned about privacy.


Use Google prompts to confirm logins on a mobile device

Two-factor authentication (2FA) makes your accounts more secure. For a Google Account, confirming each new login via a prompt is one of the safest and most convenient 2FA options. Once you enable the option from your account page, you can confirm or deny login requests from your mobile device. On Android, these prompts come from Google Play; on iOS, they come from either the Google or Gmail app.


Review which devices have access to your Google Account

The settings page on your Google Account is a useful place to review all of the devices that have been used for logging into your account. While most of these are probably devices that you own, it’s a good idea to review them and immediately log out of any that don’t look familiar or that have been sold or given away.


Know how to generate and manage app passwords

Services such as Gmail and Office 365 often require app passwords when you connect them to other applications. Adding your webmail address to a mail client is a classic example. These app passwords are different from the main passwords for the accounts they correspond to. You can generate them on each account setting page and also revoke them as needed.


Don’t put all of your important information on one device

If you have photos, documents and other data that you don’t want to lose, you should distribute it across multiple locations. Consider using local backup options like external HDDs with cloud-based services to diversify where your data lives and avoid creating a single point of failure.


Turn on autofill for passwords

Major web browsers and operating systems provide built-in tools for saving passwords. They can also autofill these logins for specific sites and applications. Make sure you’ve enabled the appropriate settings so that you don’t have to go hunting down a password each time you sign in to an account.


Avoid wrong password entry and lockouts by toggling password visibility

Most of the time, when you enter a password it shows up as a bunch of dots to obscure what’s actually being typed. Unfortunately, this setup makes it hard to know if you’re actually entering the right characters. Assuming no one is looking over your shoulder, consider toggling the visibility setting – it usually looks like an eyeball or something similar – so that you can see what you’re typing.


What is end-of-life software?

Sometimes vendors will discontinue support for a software program or issue software updates for it (also known as end-of-life [EOL] software). Continued use of EOL software poses consequential risk to your system that can allow an attacker to exploit security vulnerabilities present that could result in malware attacks. The use of unsupported software can also cause software compatibility issues as well as decreased system performance and productivity. Best practices recommend that you retire all EOL products.


How do you find out what software updates you need to install?

When software updates become available, vendors usually put them on their websites for users to download. Install updates as soon as possible to protect your computer, phone, or other digital device against attackers who would take advantage of system vulnerabilities. Attackers may target vulnerabilities for months or even years after updates are available. Some software (like Total Defense Ultimate) will automatically check for updates, and many vendors offer users the option to receive updates automatically. If automatic options are available, you should take advantage of them. If they are not available, periodically check your vendor’s websites for updates. Make sure that you only download software updates from trusted vendor websites. Do not trust a link in an email message.


What are patches?

Patches are software and operating system (OS) updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix performance bugs, as well as to provide enhanced security features. Vulnerabilities in software applications provide easy access for malware to infect your PC. Total Defense Ultimate Internet Security scans the most commonly attacked software and automatically patches any outdated and vulnerable software.


Share only with people you know

Although many users seek to establish as many contacts on social networks as possible, consider sharing personal information only with people you know. If you expand your contacts beyond people you are sure you can trust, check the service’s settings to see if you can group your contacts and assign different levels of access based on your comfort level. Attackers may adopt different identities to try to convince users to add them as contacts, so try to confirm that contacts are who they claim to be before giving them access to your information.


Treat everything as public information

A good way to protect yourself is to limit the amount of personal information you post to social networks. This recommendation applies not only to information in your user profile, but also to any comments or photos you post. It is important that you consider information that you post about yourself and about others, particularly children.


Choose internet connections you trust

Use your home service or Long-Term Evolution connection through your wireless carrier. Public networks are not very secure, which makes it easy for others to intercept your data. If you choose to connect to open networks, consider using antivirus and firewall software on your device.


Periodically review your Gmail settings

Gmail provides a lot of flexibility in how you send and check emails. It can even serve as a mail client for non-Gmail accounts such as those hosted at Yahoo and and send mail from their addresses. Every now and then, review the settings tab in Gmail to make sure that the “Send Mail As” account belongs to you and also that mail isn’t being forwarded to strange accounts.


Don’t reply to suspicious emails

When you receive a fishy email, the best course of action is to either flag it as spam or block the address. Do not reply to it, as doing so could put you at risk of further spam and possibly data interception. Most of all, do not disclose anything sensitive, such as your Social Security Number, via plain email, and don’t open any suspicious links or attachments.


Use Windows Hello on your PC

If you have a Windows-based PC, consider enabling Windows Hello if it’s available. Windows Hello allows you to log in using a biometric credential such as a fingerprint or face/iris scan. It’s much more convenient and secure that having to type a password each time.


Get backup codes for your Google Account

Google provides many options for securing your account with two-factor authentication. But what if you don’t have access to your phone or other device for confirming a login attempt? This is where backup codes come in handy. These numeric codes can be generated by your Google Account and will work for logging in if you ever find yourself locked out. It’s prudent to print and store them somewhere offline where they’re accessible only to you.


Secure your most important internet accounts with a hardware key

Hardware keys such as the popular YubiKey provide strong second factor authentication when signing into services such as Gmail, Facebook and Dropbox. They can either be plugged into a port on your device or be connected wirelessly through Near-Field Communication. Without this unique key, no one can access your accounts, even if they know the passwords for them.