Total Defense

Security & Safety Resource Center

Learn about today's current internet threats and how to stay safe and secure.

Security Tip of the Day

Daily tips to create awareness of cyber threats and empower Total Defense users to be safer and more secure online.

October 2018

Create a password reset key on Microsoft Windows

If you forget the password to your local account on your PC, all might seem lost, since there’s no one to email for a reset link. However, you can hedge against this possibility by creating a password reset disk beforehand. “Disk” is a misnomer; all you’ll need is a USB stick or SD Card. Simply search for “password reset” in Windows and follow the instructions.


Avoid unofficial app sources on Android

Android devices provide considerable flexibility in how you download software. In addition to official stores run by Google and OEMs like Samsung, there are third-party storefronts offering many apps that never underwent any security screening. Stick to the main options to avoid installing compromised apps.


Beware cyber risks you may face when using social media

Don’t’ over share personal information on social media. Sensitive information includes anything that can help a person steal your identity or find you, such as your full name, Social Security number, address, birthdate, phone number, or where you were born.


On this day in history – backdoor trojan Bitfrost infects Windows

October 12, 2004: Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Windows 10 (although on modern Windows systems, after Windows XP, its functionality is limited). Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor).


Update your router’s firmware

Outdated internet router firmware is a major security risk. Unfortunately, many people aren’t aware of this issue because they don’t do much with their routers unless they have issues with their internet connections. Take a look at your router to find its IP address, which you can enter into your web browser. From there, you can check if there are any firmware updates available.


Backup regularly to reduce the risk of ransomware

Ransomware is one of the most dangerous cybersecurity threats because its damage is so hard to roll back; you end up having to choose between paying a ransom that won’t even guarantee safe return of your data, or possibly losing that information forever. Local or cloud-based backup can help by giving you full, restorable copies to fall back on.


Consider partitioning your computer into separate user accounts for child safety

Most operating systems give you the option of creating a different user account for each user. If you’re worried that your child may accidentally access, modify, and/or delete your files, you can give them a separate account and decrease the amount of access and number of privileges they have. If you don’t have separate accounts, you need to be especially careful about your security settings. In addition to limiting functionality within your, avoid letting your browser remember passwords and other personal information. Also, it is always important to keep your virus definitions up to date.


Protect your accounts with two-factor authentication

The hit video game “Fortnite” recently began providing rewards to players who set up two-factor authentication on their accounts. You should take this step on any service that provides it. That way, you’ll be safe even if someone gains access to your password and username.


Be careful with “free” VPN services

A virtual private network is a great way to protect your online activity by encrypting your connection. However, in many instances you get what you pay for. Free VPNs might still log your actions and keep those records or sell them to third-parties; the Facebook-owned Onavo VPN, recently removed from the iOS App Store, showed the reality of such risks. Consider paying for real protection.


Get savvy about WiFi hotspots

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services on these networks. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection on the go.


Don’t rush to click links

Hyperlinks are tricky. When they’re included in text, you can’t immediately see where they lead, meaning a simple click could take you somewhere you don’t want to go, like an adware-infested page. Consider hovering over them with a mouse, or copying them with a press and hold contextual menu on a touchscreen and pasting them into a separate document, before following them.


Let your common sense guide your decisions about what to post online

As a general practice, before you publish something on the Internet, determine what value it provides and consider the implications of having the information available to the public. Identity theft is an increasing problem, and the more information an attacker can gather about you, the easier it is to pretend to be you. Behave online the way you would behave in your daily life, especially when it involves taking precautions to protect yourself.


Rotate your passwords

Many services will allow you to keep the same password for years. That’s dangerous, since data breaches along the way might expose credentials that you use across multiple sites. Create strong passwords using a generator, and update them periodically, every six months or so, to ensure you’re not using anything that’s already been exposed in a breach.


What are web site certificates?

If a company wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. There are two elements that indicate that a site uses: 1. a closed padlock, which, depending on your browser, may be located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields; 2. a URL that begins with “https:” rather than “http:”. By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit.


Watch out for man-in-the-middle attacks

A man-in-the-middle attack involves someone interfering with your attempted communications with another party, typically a website or application. It might entail monitoring your traffic via a non-secure public Wi-Fi connection or sending you to a compromised website. To stay safe, make sure your URL bar always displays HTTPS when conducting sensitive transactions, and use a VPN to encrypt your traffic.