Total Defense

Security & Safety Resource Center

Learn about today's current internet threats and how to stay safe and secure.

Security Tip of the Day

Daily tips to create awareness of cyber threats and empower Total Defense users to be safer and more secure online.

January 2022

Keep in mind that hackers are usually liars

If your business or organization is extorted by a ransomware attack, the hackers will threaten to release “sensitive information” they obtain from your network. In most cases, however, hackers are actually lying — they don’t have any sensitive information at all. Keep this in mind before your company agrees to payment. Not only can you squash a would-be attack, you may save your organization millions of dollars in ransom pay.


Add a layer of security to your emails with SPF or DKIM

Protect your emails from phishing scams, malware and other attacks by using a Sender Policy Framework (SPF) and a DomainKeys Identified Mail (DKIM) system. In essence, SPF allows you to define exactly which IP addresses are allowed to send mail from a specific domain. If a bad actor attempts to spoof an email from a legitimate source, the SPF can flag the email because it didn’t originate from the correct domain. On the other hand, DKIM uses an encryption key and digital signature to verify an email’s authenticity.


The fewer devices and accounts you have, the more protected you are

The best way to stay protected online is to reduce the surface area for bad actors to attack. For every account, there’s a doorway into your private data. For every device, there may be a dozen different accounts. Risk, as a result, increases exponentially as this process goes on. Rather than spread yourself thin across too many surfaces, keeping your online presence within arm’s reach helps you stay vigilant and protected.


Be careful how much information you put in your online dating profile

If you use an online dating service, whether it be an app or a website, be wary of how much information you share publicly. Avoid including any personal information that can identify your residential address or place of employment. Likewise, be mindful of which details you include in your profile. Some details may help bad actors guess your password and compromise your information. Before physically meeting someone you’ve contacted online, be sure they are who they say they are. Catfishing isn’t just embarrassing, it can be a threat to your well-being.


Have your devices go to sleep quicker

Password-protected PCs, Macs, tablets and smartphones all have limit points at which they lock their screens, requiring re-entry of the passcode or PIN. The time frame for relocking is changeable, but the safest option is to force anyone attempting to log in to re-enter the device password immediately. That way, you don’t have to worry about someone picking up your phone or laptop and being able to access its contents.


Worried about protecting your business? Try a cloud-based solution

Businesses collect large amounts of data. This makes them susceptible to cyberattack, especially from hackers aiming to hold a company ransom. The best way for an organization to protect its data is to automate security protocols with cloud technology. Artificial intelligence and machine learning can patrol your network end-to-end so that suspicious activity won’t go unnoticed. When threats are identified, they can be quickly eliminated.


If you receive a gift card offer, it could be a trap

A popular trend in phishing scams is the unsolicited gift card prize offer. Malicious scammers pose as legitimate companies, like Amazon or Apple, and send convincing offers to their targets. They claim the target has the chance to win a valuable gift card, but they’ll need to act now if they want to win. Clicking their link will direct the target to their malicious website, where malware is surely waiting to strike. Take these steps if you receive a suspicious offer:

  • Look for inconsistencies in their messaging
  • Check for misspellings, especially in the link
  • Delete the email — the risk is never worth the reward

Don’t bank or shop on unsecure public networks

When viewing your online bank balance or making a purchase, it’s best to avoid networks you don’t normally use, especially public Wi-Fi hotspots that might reveal your activity to unwanted cybercriminals. Handle important transactions on your password-protected home network or with the help of a virtual private network (VPN) service.


Don’t be fooled by fake holiday deals

Scammers often time their cyberattacks around the holidays. With many consumers increasingly choosing to make their holiday purchases online, rather than in person, is an especially risky time for digital shoppers. Cybercriminals create false websites with spectacular deals to lure unsuspecting consumers into entering their payment information. Others send direct messages to consumers to entice them into making a false purchase. If a deal seems too good to be true, be sure to scan the link or website in question.


Disable unused/dormant IoT devices

With so many devices at your disposal, some might go unused for weeks, if not months, at a time. Unused IoT devices, sensors and modulators still pose a threat to your cybersecurity. As long as they remain connected to your network, hackers may still be able to use them in accessing your information. Keep an inventory of your IoT devices so that you’ll never let one slip through the cracks. Seeking them out, disconnecting them from the network and disabling them is the safest way to close any doors left unattended.


How to check your privacy is protected

Review the website privacy policy before submitting your name, email address, or other personal information on a website. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Businesses sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change, so you may want to check them regularly on sites you use often.


Check your banking account statements regularly

Review your banking, credit card, or payment service statements regularly to ensure there are no unauthorized charges or withdrawals. Be sure to shred bank and credit card statements before throwing them in the trash. Recent events have seen a increase in the use of online shopping, mobile payments and online banking, it’s more important than ever to watch your financial accounts for possible fraud.


Beware of scareware

Halloween may be long over, but scammers are always up to their old tricks. Scareware, as the name might suggest, is designed to scare users into navigating to malicious websites. Scareware convinces you to download software that you don’t need, promising that it’ll fix a virus you don’t have. Some scams even say your job, marriage or life are at risk. If you get annoying pop-ups that contain similar warnings, you’ve obtained scareware. Here’s how to remove it in three ways:

  • Use Ctrl-Alt-Delete
  • End the scareware in task manager
  • Hard shutdown your computer


A good secure way to pay online

Credit cards are one the safest ways to make online purchases because you can dispute the charges if you never get the goods or services or if the offer was misrepresented. Federal law limits your liability to $50 if someone makes unauthorized charges to your account, and most credit card issuers will remove them entirely if you report the problem quickly.


Connect no more than 50 devices to a single home router

Consumer routers should hold no more than 50 connections. The more devices, the greater the security risk. If one device is compromised, all other devices on the network could be, too. A good rule of thumb is to connect your most used devices — those with the most personal data — to a second home network.


Lock your mobile device

The United States Computer Emergency Readiness Team (US-CERT) advises locking your device when you are not currently using it. You might only step away for a couple of minutes, but that’s enough time for someone to steal or destroy your information. Use strong PINs, passwords and biometric (fingerprints, facial recognition) to prevent others from opening your device.


Don’t buy IoT devices from unproven vendors

The IoT (Internet of Things) is always increasing. Smart devices can range from your home refrigerator to your doorbell. For every device, however, there is an entry point into your home and your network. Check the reviews of IoT products before you buy and be on the lookout for any security complaints. The more confident you are in the product before it’s connected to your network, the better.


Prevent annoying adware by using an ad blocker

Adware is often used to collect information on us. It does this so it can decide which ads are most relevant to us as consumers. While helpful in theory, sometimes adware can interrupt the browsing experience with pop-ups and irritating displays. Ad blockers are usually free browser extensions that stop adware from being a nuisance.


Use your browser’s private mode for a little additional privacy

Most web browsers feature private browsing mode. While not the most protected way of browsing, this quick solution does prevent other users on your device from accessing certain information. Any searches performed or cookies obtained during private sessions are deleted once the browser is closed. For safer browsing overall, try a Virtual Private Network or VPN.


Be proactive and prepare for ransomware attacks

The best way to beat a ransomware strike is to prepare for one. Most organizations are unprepared for a breach, which is why they often pay the ransom. Know the best practices of ransomware attacks, the types of scams that are out there and the tricks malicious actors like to pull. If your business notices strange behavior on its network, like unusual metric performance or a repeated failure to access files, you may be under surveillance by ransomware extortionists.