Security & Safety Resource Center

Blind carbon copy, or bcc, is the preferred way to send emails from one user to many. If your recipients don’t need to be able to talk to each other, then you have no need to share their email addresses in the carbon copy, or cc, field. They’ll appreciate the privacy.

The Security Checkup offered by Google is a step-by-step guide for making sure your account is secure and recoverable in case it’s attacked. Open your account page, then select the Security tab. At the top, you’ll see a message that says “We keep your account protected.” Click “Get started” and follow the on-screen instructions. If you already have a green check mark for each box, you’re good to go.

If you’re headed on vacation, it’s a good idea to set up automatic replies from your email. In Gmail, go to Settings and scroll down to “Vacation responder” under the General tab. You can include some amount of information, like when you’ll respond to emails, but keep it to a minimum. Remember, while you might be careful about not replying to any sophisticated spear-phishing attempts that make it past your spam filter, your “Vacation responder” won’t be so discerning about who it sends a reply to.

If your mobile phone is connected to your Google account and it becomes lost or stolen, you can remotely lock users out from accessing any of your personal data on Google from that device. From your main account page, open the Security tab. Then scroll down to “Your devices” and select “Find a lost device.” Once you enter your password, Google will walk you through potential actions you can take.

If you’re tired of trying to remember who you said your favorite actor was or whether you should use the abbreviation or spell out “Street” for the address of your first home, here’s some good news: It’s better to make up the information for your security questions anyway. This will make it easier to remember the answer and less likely that somebody could guess your responses by gathering personal information about you.

A wireless network means connecting an internet access point – such as a cable or DSL modem – to a wireless router. Going wireless is a convenient way to allow multiple devices to connect to the internet from different areas of your home. However, unless you secure your router, you’re vulnerable to people accessing information on your computer, using your internet service for free and potentially using your network to commit cybercrimes. One quick fix is to change the name of your router: The default ID – called a service set identifier” (SSID) or “extended service set identifier” (ESSID ) – is assigned by the manufacturer. Change your router to a name that is unique to you and won’t be easily guessed by others.

If you use the latest version of Firefox, you have access to a handy feature from the built-in Lockwise password management app. Whenever you open a new account online, right-click on the appropriate field, select “Fill Password,” and then choose to use a securely generated code. Firefox will create a unique string of alphanumeric characters including some capitalized letters, and it will automatically store this password for later use. If you need to add in a special character, go ahead. Lockwise will update the record accordingly.  

If you hover your cursor over any links in the body of the email, and the links do not match the text that appears when hovering over them, the link may be spoofed. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Additionally, cybercriminals may use a URL shortening service to hide the true destination of the link.

Enabling multifactor authentication is a good step toward better cybersecurity. However, if a determined hacker gains access to the account number associated with your phone number’s mobile carrier and they can guess the PIN you set up when you opened the account, these bad actors may be able to execute a SIM swap and circumvent SMS-based verifications. Contact your carrier to make sure that your PIN is secure.

Cellphone overheating is a real risk that can dramatically impact the functionality of your device. To avoid this issue, turn off your Wi-Fi and Bluetooth connections if you’re not actively using them. Then, turn down your brightness, and exit any minimized programs running in the background. For help with this last part, you may have to open Settings and select “Apps & notifications” under the General tab to forcibly stop some constantly running applications.

Reduce the risk of downloading potentially harmful apps by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store. Do not download from unknown sources or install untrusted enterprise certificates. Additionally—because malicious apps have been known to slip through the security of even reputable app stores—always read the reviews and research the developer before downloading and installing an app

Often, phishing attacks succeed with users who would otherwise know better. Why? Because they’re trying to do too many things at once. Schedule a certain amount of time each day when you can devote your full attention to your inbox. To make this easier in Gmail, open up your Settings. Then, under the General tab, scroll down to “Desktop notifications,” and turn them off.

It’s a good idea to periodically verify that you’re using the latest version of your preferred browser, even if automatic updates are enabled. For Firefox, simply open the hamburger menu, then select Help. From there, you’ll press About Firefox. If you’ve got the latest version, this screen will say “Firefox is up to date.” If not, it should begin downloading an update immediately. Restart your browser.

Even for the most sophisticated of users, it’s not impossible to download a popular app and then learn about security vulnerabilities later. To remove problematic apps from an Android device, from the Settings menu, click on the tab labeled General. Then select “Apps & notifications.” Click “App info” and select the app you want to remove. Press Uninstall.

Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

For many people, their Gmail account is the only personal email address they use. However, if your lose access to your Google account or it becomes compromised, selecting a secondary email address can help you recover the account. From your Google account page, open the Security tab. Then, scroll down to the section that says “Ways we can verify it’s you.” From there, open Recovery email. You might use the address for an account from an internet service provider or your work email. Just make sure to update this field if you change jobs or switch service providers.

The makers of popular web browser Vivaldi have partnered with DuckDuckGo on a built-in tracker blocker to help preserve user privacy. Vivaldi halts requests before they’re sent to URLs that appear on a comprehensive block list created and updated by privacy-focused search company DuckDuckGo. To enable this feature, open the Vivaldi Menu, then Settings. Navigate to Tracker and Ad Blocking, and select the Default Blocking Level of your choice.

Some apps have access to the mobile device’s location services and thus have access to the user’s approximate physical location. For apps that require access to location data to function, consider limiting this access to when the app is in use only.

Given that it’s possible to use SIM swap scams to get around traditional two-factor authentication, which typically relies on one-time passcodes sent over SMS, downloading an authenticator app can provide some additional security for select accounts. Google and Microsoft have apps that are widely used.

Google allows individuals to share their real-time location data with other trusted users. Family members may turn this feature on to help keep tabs on children or elderly individuals in crowded areas, for instance. Sharing locations can also potentially help you track down a missing device. Open Google Maps from your mobile device, and select your user icon. Click “Location sharing,” then select the person you want to share data with and set a time frame. Press Share.

Some apps are integrated with social network sites—in these cases, the app can collect information from your social network account and vice versa. Ensure you are comfortable with this type of information sharing before you sign into an app via your social network account. Alternatively, use your email address and a unique password to sign in.

Every child is taught basic physical safety and security, like not talking to strangers and fastening seat belts before driving. Teaching young people easy-to-learn life lessons for online safety and privacy begins with parents leading the way. What you post can last a lifetime: Help your children understand that any information they share online can easily be copied and is almost impossible to take back. Teach them to consider who might see a post and how it might be perceived in the future.

Videoconferencing can still enable you to spend face time with your colleagues and contacts without potentially exposing personal information. Set up a virtual background to ensure your privacy. Once you’re signed in, navigate to Account Management and select Account Settings. From there, under the Meeting tab, you’ll enable the Virtual Background setting. Then, under “Manage virtual background,” you can upload the image of your choice.

Dormant Google accounts can contain a treasure trove of information. It could be valuable to cybercriminals or provide crucial information that you want to share with your loved ones. To ensure that your data is protected once you are no longer able to access it, use Inactive Account Manager. From the main page of your Google account, select “Data & personalization.” Then, scroll down to “Make a plan for your account.” Google will guide you through the process, step by step, to determine if you want your data to be deleted or shared with somebody else.

Most households now run networks of devices linked to the internet, including computers, gaming systems, TVs, tablets, smartphones and wearable devices that access wireless networks. To protect your home network and your family, you need to have the right tools in place and confidence that family members can use the internet more safely and securely. The first step is to keep a clean machine and make sure all of your internet-enabled devices have the latest operating system, web browsers and security software. This includes mobile devices that access your wireless network.

Best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive, or separate device from the network or computer.

Using the default service set identifier (SSID) for your wireless router can give malicious parties clues about potential vulnerabilities they could exploit. To change the network name, enter the router’s IP address in your web browser, log in, and switch the SSID to something original that doesn’t contain any personal information or password hints.

Keeping a close guard on the password for your Wi-Fi network is a security best practice. However, if you’re having an outdoor gathering and you want to be a gracious host, you can still let your guests connect to Chromecast-enabled audio devices so they can select the music. While you’re logged into the same Wi-Fi network as your Chromecast, simply open up the settings for your device from the Google Home app. Then, under “Device settings” enable “Guest mode.”

Applications (apps) on your smartphone or other mobile devices can be convenient tools to access the news, get directions, pick up a ride share, or play games. But these tools can also put your privacy at risk. When you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. Apps may gather this information for legitimate purposes—for example, a ride-share app will need your location data in order to pick you up. However, you should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.

Do you have sensitive files sitting on your desktop or in an unsecured folder stored on your hard drive? If you have OneDrive, you can easily move those documents — like tax records or recovery codes — into a more secure Personal Vault. OneDrive users can open the Personal Vault from their file manager. Then they’ll be directed to verify the account using two-factor authentication. From there, they can transfer files to the Personal Vault and lock them. They’ll only be able to unlock the Personal Vault again with two-factor authentication.