Total Defense

Security & Safety Resource Center

Learn about today's current internet threats and how to stay safe and secure.

Security Tip of the Day

Daily tips to create awareness of cyber threats and empower Total Defense users to be safer and more secure online.

May 2022

Don’t interact with cyberbullies

Whether you’re a kid or an adult, it’s not uncommon to encounter a cyberbully while using the internet. In either case, you should never escalate the situation and antagonize a cyberbully – especially if they have access to any of your personal information. Responding with hostility will only provoke the bully and make matters worse. It’s best to ignore the verbal jabs and navigate elsewhere without feeding their animosity.


Beware of malicious code sent through external media

Malicious code, also called SQL injection, is a type of attack that places unwanted files on your computer. They may automatically install themselves into your device without your explicit permission. One good way to avoid these attacks is by disabling AutoRun or AutoPlay for external media sources. This prevents external media infected with malicious code from automatically running on your computer.


When possible, use cloud sharing instead of email attachments

Email attachments are pervasive, but risky – you never know what they could include. It’s usually more secure to share content with links to cloud services, since you’re not actually downloading anything onto your system.


Never block your full name or address in a chat filter when live streaming

Whether you’re a gamer, influencer or you just like going live once in a while, it’s important to take the necessary safety measures to protect your identity. This might include hiding your real name, address and other personally identifiable information. Some live streaming services allow you to block certain words or phrases from appearing in the chat room. It might seem counterintuitive, but you should never use chat filters to hide your personal information. Why? Because it confirms their validity for any malicious people trying to identify you online.


Disregard security “alerts” in pop-up ads

Some websites feature insistent advertising and tracking mechanisms. It’s common to see ads for free antivirus software and system scans, as well as warnings that your device has been compromised and requires immediate action, like calling a certain number. These schemes are regularly scams and should be disregarded.


Disable Remote Administration tools on your computer

Remote Administration was created for the purpose of remote IT support, but they represent a massive opportunity for bad actors to spy on your activity. If your device is compromised, they could use Remote Administration to monitor your behavior, find your location, enable your webcam, access files or take complete control over your computer. Close this scary backdoor into your personal life by disabling Remote Administration. Here’s how to do it on Windows 10:

  1. Type “remote settings” into the Cortana search box.
  2. Select “Allow remote access to your computer” to open the dialogue for Remote System Properties.
  3. Check “Don’t Allow Remote Connections” to this computer.

Protect your personal data when you’re not at home

Even if you’re not home and using your devices, hackers could still break their way into your network or crack your computer. One way to ensure this doesn’t happen is to disconnect the device from your internet connection entirely. Without a network connection, they can’t access your device or steal your data. But you can also take this one step further by turning off your Wi-FI before leaving the house. This way you won’t need to disconnect every device one by one.


Turn on your router’s Wireless Network Encryption

Encryption refers to the process of converting data into secret code so that outsiders can’t read the information if they were to access the communication. In other words, it keeps your information private. Most Wi-Fi routers have built-in encryption services that can be accessed in the settings. Log into your router’s settings and select the wireless network configuration section. Here, you can turn on encryption by selecting either the WPA or WPA2 option. Be sure to save and apply the changes and reboot your router for them to take effect.


Proactively train employees on cybersecurity

Establishing a culture of cybersecurity at your organization begins with training everybody on the basics and best practices that should be followed – but it doesn’t end there. You should be training and retraining your workforce throughout the year rather than sitting everyone down for an annual meeting. Provide timely updates about cybersecurity threats and guidelines and be sure to make resources available for continued education. The best way to mitigate cyber threats is to teach workers how to avoid them entirely.


Create a cybersecurity checklist for your remote workforce

With the rise of hybrid work and Bring Your Own Device policies, the attack surface for companies has never been so expansive. One of the first steps you should take to protect your corporate data is to enforce a security policy for all remote workers. Not sure where to start? Here are a few basic checklist items you should be asking your employees to follow:

  1. Maintain password hygiene: Use passwords that are strong but don’t include any personal information.
  2. Always use a secure connection: Virtual Private Networks help remote workers encrypt communications with the corporate network.
  3. Update regularly: Constant updates keep devices and software at their most secure.
  4. Don’t use public Wi-Fi: Public networks may put your data at risk if they’re unprotected.

Don’t respond to quizzes or polls on Facebook

Facebook quizzes might be a fun time at the moment, but they’re also a commonly exploited scam for cybercriminals. Hackers use these questionnaires as data gathering tools by asking you to provide personal or demographic information that helps them answer password hints. By first creating a fake account and using automation to gain followers, they then start creating quizzes based on their observations. And even worse? They often ask you to leave your answers in the comment section where anybody can see them. It’s best to ignore these opportunities and keep your information to yourself.


Check to see if your data has been breached

Are you positive your personal information hasn’t already been compromised? That’s a scary question to ponder, but an important one to have answered. Use a website that checks your phone number or email address against a database of known data breaches for free. This might give you peace of mind that your information is still secure, or it’ll help you know if any further action is needed.


Reboot computer devices to purge malware

Numerous malware variations are stored in RAM, meaning that when you reset the device in question, they disappear. That was the case for a VPN Filter malware that affected many routers. Reboot regularly to keep safe.


Remove deactivated plugins from your website

Building a website is often about taking advantage of useful widgets and plugins to beef up the user experience. But sometimes, certain plugins fade out of popularity and are no longer active. Keeping these outdated plugins can be a major risk to website security because they no longer receive updates from the developer. Hackers have scripts that are specifically designed for deactivated plugins and can obtain unauthorized access to your website through these unpatched entry points. Perform a thorough sweep of your site to make sure any and all vulnerabilities are taken care of before it’s too late.


Think twice before saving your payment information online

If you frequently shop from one particular website you may be tempted to save your payment information for a faster checkout process. Although quick and convenient, saving credit card numbers online means putting your financial information in the hands of someone else. If that data were ever compromised, your credit card information could be stolen by malicious hackers. When it comes to protecting your personal data, it’s better to be safe than sorry.


Be sure to lock all your mobile devices

You lock the front door to your house, and you should do the same with your tablets and smartphones. Employ strong passwords to lock down your tablet and phone. Securing your devices keeps prying eyes out and can help protect your information in case your devices are ever lost or stolen.


Shop online only from secure websites

Whether you’re shopping for a birthday present, holiday or just treating yourself to something special, ensure you’re doing so from a safe and reputable website. Anytime you input sensitive information, like credit card numbers, you risk exposing yourself to malicious third parties. Check that the website you’re buying from uses SSL protection by taking a quick glance at the URL. If it includes an “s” at the end of the “http,” that means you’re good to go.


Are you building a website? Choose your hosting company carefully

When it comes to launching a website, you put a lot of trust in the company that ultimately hosts it. If the host company suffers a data breach, your website’s information could fall into the wrong hands. That’s why it’s critical for you to ensure your host is equipped with ample cybersecurity. Be sure they offer dedicated servers and SSH File Transfer Protocol (SFTP). With SFTP, you gain an extra layer of security between your website and potential bad actors.


Use email filters to wrangle risky messages

Most major consumer email services offer filtering options, most times you can choose what happens to any message coming from a specific sender and/or contains a specific subject line or particular words. For example, you can immediately archive any email with “free” or “unsubscribe” in its body. This can help you clear out high risk messages without having to tangle with the bad emails.


Preventing Online Auction Fraud

Find out, as much as possible about, how the internet auction works, what are your responsibilities as a buyer, and what the are seller’s obligations before you bid. Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it’s a business, check the Better Business Bureau where the seller/business is located. Purchase items online using your credit card, you can often dispute the charges if something goes wrong with the transaction.


Do not conduct sensitive transactions on a public shared device

Even though computers available at libraries, college campuses and other public locations are convenient resources for low-risk activities like browsing the web or collaborating on documents. They’re less not to good for conducting online banking or shopping transactions, because you can’t be sure they’re totally secure. Bets staying with your own devices and networks for these financial activities.


Watch out for cyber risks when using social media

It’s best not to share personal information on social media. Take care with sensitive information especially anything that may help a person steal your identity or find you, such as your full name, Social Security number, address, birthdate, phone number, or where you were born.


Take a zero-trust approach to network access

Zero-Trust Network Access (ZTNA) uses the principle of least privilege that automatically defaults to the lowest level of access. In other words, when someone tries to access the business network, ZTNA will first verify their identity and apply permissions based on predefined rules created by the organization. In simple terms, users only have access to the applications or systems that are necessary to perform their roles. This ensures that unauthorized users aren’t obtaining sensitive information that could compromise your company’s network security.


What is a website security certificate?

A website security certificate is also known as an SSL, an HTTPS certificate, and an SSL server certificate. It allows websites to display that padlock in the web address bar. There are two elements that signify that a site uses: one is a closed padlock, which, depending on your browser, may be positioned in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields; the second isa URL that begins with “https:” rather than “http:”. By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information.


Vet your partners and vendors before sharing data

Your business may have a strict cybersecurity policy and a team that follows all the necessary best practices and guidelines. But that doesn’t necessarily mean that third-party vendors can say the same. Think twice before sharing your sensitive business data with partners and validate their data protection policies to ensure they’re up to your standards. A breach of their security could mean a breach of yours.


Worried about a cyberattack at your company? Perform a risk assessment

Cyberattacks are a hot-button issue given the state of global affairs. If you’re worried about your company being targeted, the first step is simple: Audit your network environment for risks and identify the most sensitive assets that need to be protected. This will help your business get a read on where your vulnerabilities are and how you can best allocate your cybersecurity resources.


Know the dangers of contactless payment methods

Contactless payment refers to using your smartphone, smartwatch or other wearables to make digital payments in lieu of physical tender. This can be a great convenience for people that prefer to leave their wallet at home, but also spells a great danger if your device falls into the wrong hands – especially if you’re using a smartphone. Why? Because many contactless payment methods can be used on mobile phones without needing to input a passcode. In many countries, including the U.S., smartphones can be used as transportation cards for public transit.


Don’t use public USB ports

Nowadays it’s not uncommon to find publicly available USB ports for charging phones and other devices. But did you know that malicious hackers can take advantage of these charging locations? Hackers can install malware or viruses and steal your information through these public USB ports. Instead, use one of your own chargers and plug it into an outlet for safer use.