Security & Safety Resource Center

Text messages, sent via carrier SMS, are fixtures of mobile communications. But they’ve lost ground to over-the-top (i.e., internet-based) services such as Apple iMessage, WhatsApp and Telegram. Those alternatives are not only more richly featured, but many have end-to-end encryption as well – something SMS and even its successor, RCS, do not support.

Advertisements provide crucial revenue for many sites. Some ads, though, are intrusive and can hijack your browsing experience. An ad blocker can neutralize the latter. However, you might want to whitelist legitimate sites with ads so that they can continue to make money on their display ads.

This type of attack involves someone secretly altering what seems like a direct exchange between two parties. A classic example is someone stealing information from a user connected to a public Wi-Fi network. One way to fend off such attacks is by using a virtual private network to shield your connection.

Most email services/client default to downloading HTML images in the body of the email. This content can be important for understanding what an email says. However, it can also be risky, as cyberattackers can embed malicious code in it. You might consider disabling these image downloads by default and then manually downloading them on a per email basis.

What if you couldn’t log into your email account? It would probably be a grim situation, given how central email accounts are to modern communications. The best way to ensure you’re not locked out is to set up a recovery email address or phone number, which can be used to create a new login.

Do you have critical items (like family photos or lists of passwords) saved only on a single device? If so, be sure to diversify your backup strategy and move these assets to other devices and locations. Cloud backup and external hard drives are both good options.

Some online accounts are more sensitive than others. Online banking, e-commerce and social media are often near the top of the list of accounts needing robust protection. It’s a good idea to enable two-factor authentication on these accounts and to secure them with strong password as well.

File sharing is the practice of disseminating or providing access to digital media, such as software programs, media (video, audio & images), or documents. File sharing may be achieved in a number of ways. Common methods storing and sharing include manual distribution using removable media, servers on computer networks, links on the web and peer-to-peer networks.

Be suspicious of unsolicited phone calls or email messages from individuals asking about personal information. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

Passwords prevent unauthorized access to wireless networks. If you see a Wi-Fi network that is open, without a password requirement, do not join it unless you have no other options AND have access to a virtual private network that will encrypt your connection.

Updates are integral to keeping all networked software secure. You can ensure updates are installed automatically, which is in fact the default for apps on Android and iOS, or schedule a big installation – like an OS update – in advance. These options are better and safer than having to apply updates manually.

July 6, 2008: Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2. It spread as malvertising from 247mediadirect through an advertising network via the social networking site Facebook.

As cybersecurity threats have evolved, longstanding protective tools like antivirus (AV) software have taken a back seat to different solutions like password managers and cloud backups in discussions of how to stay safe. AV still has its place though, particularly if you rely on a PC or Mac. It’ll scan for known threats and quarantine them to protect your data and privacy.

HTTPS is the secure version of HTTP, one of the key protocols of the web. How do you know if a site is protected by HTTPS? Look in the URL (address) bar. It should say “https://” at the beginning. Depending on the browser and site, it might also include a padlock icon or a green block displaying the name of the certificate holder.

Not being able to use your mobile device on the go can be a major hindrance, particularly if you need it for GPS or communicating your whereabouts. A portable, rechargeable battery pack is not only a good solution for staying charged, it also keeps you safer by lessening the need to use potentially risky public charging ports.

Airports, buses and other venues may feature publicly available USB ports you can use to charge your devices. Unless you desperately need a recharge, it’s best to avoid plugging in, as you might be putting your phone or tablet at risk of surveillance and malware infection.

If you log in to a computer you don’t own at a library, kiosk or other public place, be very careful about what you do while using it. Be aware that your activities could be monitored and that it’s probably not prudent to conduct sensitive transactions such as online banking. Most importantly, make sure to log out completely after you’re done, so that the next user doesn’t have access to your accounts and data.