Security & Safety Resource Center

If you’re sharing your laptop’s screen on a Zoom, Webex or Google Meet call, consider maximizing the window or app so that other participants can’t see what’s on your desktop. Also make sure to close out any unnecessary tabs that could be glimpsed during the session.

Twitter offers three options for 2FA: text message, authenticator app or security key. The latter is the most secure, since it requires a physical device plugged into a PC/Mac’s USB port. The other options are still safe enough though, especially if you primarily use Twitter on your phone or tablet.

In many examples of malware infection, the malware may only function using the privileges of the logged-in user. To lessen the effect of malware infections, think about using a standard or restricted user account (i.e., a non-administrator account) for day-to-day activities. Only log in with an administrator account—which has full operating privileges on the system—when you need to install or remove software or change your computer’s system settings.

Truncated links, created by services like Buffer and dlvr.it are common on Twitter, since they’re clean-looking and short. But they make it impossible to know what exactly is on the other end of the link. Consider using a URL expander, plenty of which are available for major browsers, to see what each link really leads to before clicking.

Instagram allows you to restrict a user, which is effectively a shadow-ban. Once restricted, their comments can’t be seen by anyone else. The restricted user gets no indication that they’ve been limited, making “restrict” often a better option than “block,” since the latter results in them noticing they can’t see your feed.

Amazon provides multiple two-step verification options for accounts. Using a supporter mobile authenticator app is usually the safest and easiest way to add an extra layer of protection. You can verify each login from your mobile device and not have to run the risk of intercepted SMS texts or voice calls.

Install and use antivirus software. Installing an antivirus software program and keeping it up-to-date is a critical step in protecting your computer. Many types of antivirus software can detect the presence of malware by searching for patterns in your computer’s files or memory. Antivirus software uses signatures provided by software vendors to identify malware. Vendors frequently create new signatures to ensure their software is effective against newly discovered malware. Many antivirus programs, like Total Defense offer automatic updating. If your program has automatic updates, enable them so your software always has the most current signatures. If automatic updates aren’t offered, be sure to install the software from a reputable source, such as the vendor’s website.

Yahoo Account Key is a password alternative. Rather than needing to re-enter your password to sign into your Yahoo account each time, you can simply confirm or deny a prompt from within an authenticated Yahoo mobile app such as Yahoo Sports.  

Cyberattackers can assault your computer by utilizing software vulnerabilities, so the less software programs you have installed, the fewer paths there are for possible attack. Evaluate the software installed on your computer. If you don’t know what a software program does, research the program to determine whether or not the program is necessary. Remove any software you feel isn’t necessary after confirming it’s safe to remove. Back up important files and data before removing unnecessary software to prevent unintentionally removing programs that turn out to be important to your OS.

Yahoo Mail can be protected with two-step verification. Each time you sign in from a new device or application, you will be asked for a unique code in addition to your password. The code may come via text or voice call. Note that the phone number may be different each time.

An Ethernet connection, if available, is ideal for streaming boxes/TVs, game consoles and other hardware that sits in one place most of the time. It provides more predictable performance and is also more secure since transmissions are not interceptable over the air.

Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings. Then, donate, resell, recycle, or otherwise properly dispose of your phone.

You can hide your Wi-Fi network’s name (SSID) by changing a few configurations in your router or residential gateway. While this isn’t a solution to all wireless security problems, it can marginally reduce risk by making it less likely someone can brute-force their way into your network.

When passwords are successfully guessed, it’s usually because they’re too simple. The inclusion of common single words within a password — e.g., “football,” “sunshine,” etc. — make them much easier to guess. Use phrases and initials, symbols and numbers instead to increase complexity and decrease security risk.

Apple iCloud offers end-to-end encryption for certain types of data including Maps searches and Siri information. To use it, though, you’ll first need to have two-factor authentication enabled for your Apple ID. 2FA is a win-win, as it strengthens your account security while unlocking access to a wider range of iCloud services.

Be sure to continuously check your accounts for any unauthorized activity. Good recordkeeping goes hand-in-hand with managing your cybersecurity. Another tip for monitoring activity is to set up alerts so that if your credit card is used, you will receive an email or text message with the transaction details.

To prevent unauthorized access to your Apple ID, set up two-factor authentication. Whenever a sign-in is attempted, both a correct password and a one-time code — sent to an iOS or macOS device registered with your Apple ID — are required for entry.

As part of Office 365, Teams is a widely used collaboration tool. Its popularity has made it a common vector for phishing attacks. Look out for strange emails saying you’ve missed a message in Teams and containing embedded links for replying within Teams. If you’re unsure about whether you have important messages to read, open Teams itself to check.

Avoid connecting your smartphone to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways you may not anticipate. For example, a malicious computer could gain access to your sensitive data or install new software.

Worried that someone might have accessed your Outlook.com email account? It’s easy to see where and when you (or anyone else) signed into it. Simply use the official Activity page to view all recent successful logins, plus any security challenges (such as asking for another authentication factor) for your account.

While it’s not advisable to sign into your personal email account on a shared machine, there are some precautions that can reduce the risk of doing so. For Outlook.com, choose to sign in with a single-use code instead of a password. You’ll need a linked mobile number to complete this process.

Using a credit card is much better than using a debit card; there are more consumer protections for credit cards if something goes awry. Or, you can use a third-party payment service instead of your credit card. There are many services you can use to pay for purchases – like Google Pay, Apple Pay or Pay Pal — without giving the merchant your credit card information directly.

Leaving a default passphrase unchanged makes it much easier for hackers to access your network. You should change it as soon as possible. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

If you use Outlook.com for your personal email, be sure to take advantage of its built-in phishing protections. One of the most useful is a green shield icon next to the text “This message is from a trusted sender.” Also look out for yellow (spam) and red (fraud) icons.

When you share a Google Doc, make sure you’ve set permissions that keep your document as secure as possible. You can opt to restrict access to a specific domain or to people who have the full link. Alternatively, you may make it public on the internet, but check whether you’ve enabled commenting or editing permissions before doing so. The default option of view-only is the safest.

Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.

Public Wi-Fi networks at places such as airports and coffee shops present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information, e.g., a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use.

If you have multiple Gmail accounts, close out any you don’t frequently use, or revisit and re-secure them with an updated password and multi-factor authentication. This reduces cybersecurity risk in several ways. First, it helps stop others from reading your emails. Second, it can prevent someone accessing one of these accounts and using it to receive password reset emails from linked accounts.

Beginning in 2020, Google began to provide alerts about potential Google Account security issues to users regardless of which Google app (Gmail, YouTube, Drive, etc.) they were using. Look for a small icon, with an exclamation mark next to your profile image, in the upper right corner of most apps. Tapping/clicking through will display the identified issues.

Be savvy with your apps. Before downloading an app, make sure you understand what information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. Consider foregoing the app if the policy is vague regarding with whom it shares your data or if the permissions request seems excessive.

If you have a phone that supports mmWave 5G (e.g., iPhone 12 and later) along with an ample data plan, it can be a good alternative to public Wi-Fi hotspots in dense areas. Not only is it much faster, but it’s also more secure, since there isn’t the risk of man-in-the-middle attacks. Just be mindful of data usage due to the high speeds.