Security & Safety Resource Center

Avoid online shopping, banking, and sensitive work that requires passwords or credit card information while using public Wi-Fi. And only use sites that begin with “https://” when online shopping or banking.

Be aware that when you post a picture or message online, you may also be inadvertently sharing personal details with strangers about yourself and family members – like where you live. Post only about others, as you would like to have them post about you: the golden rule applies online as well.

Losing your computer can be as bad as losing your wallet or purse, since it probably contains a lot of extractable personal information, including financial details. Disk encryption eliminates this risk by making all data on your hard drive inaccessible to anyone without a specific key (password). Use FileVault on macOS or BitLocker on Windows to get started, but be sure to remember your key.

When making online donations make sure any charity you donate to is a legitimate non-profit organization and that you type in the web address instead of following a link. Know your charity. Online or offline never give to a charity that you know nothing about.

Pop-up windows, redirects and other aggressive webpage features aren’t just irritating – they’re also, in most cases, major drags on web browser performance, as well as harvesters of your personal information. Consider installing extensions (i.e., add-ons, available from each web browser’s official web store) that block these scripts. You can also configure them to whitelist trusted sites.

If your computer starts slowing down and doesn’t respond to reboots or other tweaks, it might be time to revert it to a system restore point. System restore functionality is native to both macOS and Windows. If enabled, it allows you to fully reset your operating system to a backup originally created when everything was still performing properly.

Many of us download apps for specific purposes, such as planning a vacation, and no longer need them afterwards, or we may have previously downloaded apps that are no longer useful or interesting to us. It’s a good security practice to delete all apps you no longer use.

Avoid clicking on hyperlinks in emails; type the URL directly into the address bar instead. If you choose to click on a link, ensure it is authentic before clicking on it. You can check a hyperlinked word or URL by hovering the cursor over it to reveal the full address.

Most modern laptops and desktops have built-in cameras for video conferencing. Unfortunately, these utilities can be hijacked by malware that continuously spies on you, like the all-seeing telescreens from the novel “1984.” For peace of mind, affix a piece of tape to your webcam when not using it.

Email is an old set of protocols that can easily leak your data. Don’t include information about your Social Security benefits or bank account in the body of a standard email. If need be, transmit such items instead via phone, fax, or even encrypted email, which is available via free tools such as GPG Suite.

Ransomware encrypts your files and demands payment for their decryption. It usually starts with a malicious link or attachment targeting vulnerability in outdated software. Don’t click these items if you don’t recognize them and/or if they were flagged by your security software. Also, never pay ransoms, since they don’t guarantee safe return.

“Theory of self-reproducing automata”, the first known computer virus appeared in 1971 and was dubbed the “Creeper virus”. This computer virus infected Digital Equipment Corporation’s (DEC) PDP-10 mainframe computers running the TENEX operating system. The Creeper virus was eventually deleted with a program known as “The Reaper” created by Ray Tomlinson. Some people consider “The Reaper” the first antivirus software ever written – it may be the case – but it is important to note that the Reaper was actually a virus itself specifically designed to remove the Creeper virus.

E-commerce sites are typically well-protected from attacks. However, you can further reduce your risk by paying with credit, or with a gift/prepaid card, instead of debit. That way, you have more protections from identity theft and no prospect of your bank account being cleaned out if your card number is stolen.

While some social networks might seem safer for connecting because of the limited personal information shared through them, keep your connections to people you know and trust. Also the default setting for the status update on most social networking applications is that anyone on the Internet can see it. If you only want your trusted contacts to see the updates, you need to check your settings so the social networking application keeps your updates hidden from everyone else.

Phishing emails are designed to fool you into clicking a link or attachment. To do so, they mimic the look and feel of official corporate or government communications. You can fight back by not engaging with any email that has a long/garbled sender address or subject line, is filled with typos and odd formatting, or comes from someone you don’t know.

Passwordless public Wi-Fi is unencrypted, meaning your data can be intercepted while using it. Consider setting up a virtual private network (VPN) to encrypt your connection and shield your activities from prying eyes on public networks. Short of that, look for “semi-public” alternatives such as coffeeshop/restaurant Wi-Fi with a requestable password (usually on a receipt) from the staff.

HTTPS encrypts the data you exchange with websites that use it. In contrast, HTTP sends that same information in plain text. Look for a padlock in the URL bar of your browser to verify HTTPS. Never perform sensitive transactions such as e-commerce purchases over HTTP. Use the HTTPS Everywhere Tool from the Electronic Frontier Foundation to ensure the safest connection to each site.

Have you ever wondered if someone was secretly listening to your conversations? Many mobile apps, including hundreds of popular games, do exactly that, by scanning for ambient audio cues to better target their advertisements. For your own privacy, consider disabling microphone access for such applications unless you’re actively using it in them.

Recycling the same password across accounts means that if it’s stolen even once, everything from your personal email to your Facebook could be hijacked. Plus, the most commonly reused passwords are easily guessed, such as “password” and “football.” Use a password manager to generate and securely store strong, unique passwords for each login.

Make sure all of your computers and mobile devices are equipped with antivirus software, firewalls, web filters, and antispyware. This software should be updated regularly; outdated security software offers no defense against the latest threats. Set up automatic updates or at least manually apply each upgrade. Be sure this software is active whenever you download something or use an unfamiliar, possibly unsafe Internet connection like public Wi-Fi.