Security & Safety Resource Center

Facebook provides a way for you to see when and where you logged into the site/app. If you are still logged in from a browser or device you haven’t used in days or weeks, it’s prudent to log out so that someone else doesn’t gain access to your account.

Many websites now give you the option to receive notifications directly from them, similar to an app. The prompt will usually provide options for “Allow” or “Block.” Most of the time, you’ll want to block them since they can be very intrusive and potentially lead you to risky sites.

Two-factor authentication is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are. A good example of two-factor authentication is being frequently used on gmail.com. Every fresh login would ask for the password & a system generated one-time password sent on the registered mobile number or email-id.

Tools such as Find My iPhone and Find My Device are useful for locating your phone from a computer if it ever gets lost. If you don’t have one our Mobile Security product has one. Usually, they’re on by default. Note however that you will need a cloud account (like iCloud or a Google Account) for the location service to work.

These terms are often used interchangeably but they refer to different threats. Viruses can self-replicate and spread easily through a computer or network. Ransomware is designed to hold data hostage by encrypting it and asking you to pay for the decryption key. Malware is a broad category that includes these two threats and many others.

Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information and determine what information you want the app to be sharing or transmitting. Delete any apps that you do not use regularly to increase your security.

Downloading apps from official sources such as the Apple App Store and Google Play is far safer than sideloading apps or buying them from third-party stores. Still, even official apps can have their security compromised or be problematic for privacy. The best way to mitigate your risk is to check the permissions the apps ask for (like microphone, camera, etc.) and to update them as soon as possible.

Take advantage of a site’s privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people. There is still a risk that private information could be exposed despite these restrictions, so don’t post anything that you wouldn’t want the public to see. Sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.

These skimmers were once a major issue at ATMs and point-of-sale terminals. They can still be risky if you pay by swiping. To stay safe, pay with a chip or tap. At ATMs, consider using an NFC-enabled phone to tap to access your account instead of your physical card. That way, there’s no card number to be easily skimmed.

Social networking sites, sometimes referred to as “friend-of-a-friend” sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.

The URL (address) bar of your browser contains a lot of important information. It will indicate if the connection is secure – via the text “https://,” a padlock icon and/or a green bar. Plus, some browsers will warn you if a page is not secure. Icons may also appear indicating that location services are active or have been denied, or that certain ads and scripts were automatically blocked (even without an extension).

Never supply your current or old passwords to someone on the phone claiming to be from tech support. If you need to reset your password, you can usually do so by clicking a link on the site in question and/or supplying your old password.

Pop-up ads aren’t as prevalent as they used to be, but they can still cause trouble. Many of them contain common scams, including telling you that your system is infected with a virus, that Adobe Flash Player is out-of-date or that you need to call a particular number. These ads should be closed immediately.

Third-party keyboards allow you to customize how you type on a touchscreen device, whether that customization entails swipe-based typing, new stickers and emoji, or something else. The tradeoff is that the keyboard can see everything you type. That might be harmless depending on the vendor, but it’s still a big risk to take and one to avoid if you’re cautious.

Text messages, sent via carrier SMS, are fixtures of mobile communications. But they’ve lost ground to over-the-top (i.e., internet-based) services such as Apple iMessage, WhatsApp and Telegram. Those alternatives are not only more richly featured, but many have end-to-end encryption as well – something SMS and even its successor, RCS, do not support.

Advertisements provide crucial revenue for many sites. Some ads, though, are intrusive and can hijack your browsing experience. An ad blocker can neutralize the latter. However, you might want to whitelist legitimate sites with ads so that they can continue to make money on their display ads.

This type of attack involves someone secretly altering what seems like a direct exchange between two parties. A classic example is someone stealing information from a user connected to a public Wi-Fi network. One way to fend off such attacks is by using a virtual private network to shield your connection.

Most email services/client default to downloading HTML images in the body of the email. This content can be important for understanding what an email says. However, it can also be risky, as cyberattackers can embed malicious code in it. You might consider disabling these image downloads by default and then manually downloading them on a per email basis.

What if you couldn’t log into your email account? It would probably be a grim situation, given how central email accounts are to modern communications. The best way to ensure you’re not locked out is to set up a recovery email address or phone number, which can be used to create a new login.

Do you have critical items (like family photos or lists of passwords) saved only on a single device? If so, be sure to diversify your backup strategy and move these assets to other devices and locations. Cloud backup and external hard drives are both good options.

Some online accounts are more sensitive than others. Online banking, e-commerce and social media are often near the top of the list of accounts needing robust protection. It’s a good idea to enable two-factor authentication on these accounts and to secure them with strong password as well.

File sharing is the practice of disseminating or providing access to digital media, such as software programs, media (video, audio & images), or documents. File sharing may be achieved in a number of ways. Common methods storing and sharing include manual distribution using removable media, servers on computer networks, links on the web and peer-to-peer networks.

Be suspicious of unsolicited phone calls or email messages from individuals asking about personal information. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

Passwords prevent unauthorized access to wireless networks. If you see a Wi-Fi network that is open, without a password requirement, do not join it unless you have no other options AND have access to a virtual private network that will encrypt your connection.

Updates are integral to keeping all networked software secure. You can ensure updates are installed automatically, which is in fact the default for apps on Android and iOS, or schedule a big installation – like an OS update – in advance. These options are better and safer than having to apply updates manually.

July 6, 2008: Bohmini.A is a configurable remote access tool or trojan that exploits security flaws in Adobe Flash 9.0.115 with Internet Explorer 7.0 and Firefox 2.0 under Windows XP SP2. It spread as malvertising from 247mediadirect through an advertising network via the social networking site Facebook.

As cybersecurity threats have evolved, longstanding protective tools like antivirus (AV) software have taken a back seat to different solutions like password managers and cloud backups in discussions of how to stay safe. AV still has its place though, particularly if you rely on a PC or Mac. It’ll scan for known threats and quarantine them to protect your data and privacy.

HTTPS is the secure version of HTTP, one of the key protocols of the web. How do you know if a site is protected by HTTPS? Look in the URL (address) bar. It should say “https://” at the beginning. Depending on the browser and site, it might also include a padlock icon or a green block displaying the name of the certificate holder.

Not being able to use your mobile device on the go can be a major hindrance, particularly if you need it for GPS or communicating your whereabouts. A portable, rechargeable battery pack is not only a good solution for staying charged, it also keeps you safer by lessening the need to use potentially risky public charging ports.

Airports, buses and other venues may feature publicly available USB ports you can use to charge your devices. Unless you desperately need a recharge, it’s best to avoid plugging in, as you might be putting your phone or tablet at risk of surveillance and malware infection.

If you log in to a computer you don’t own at a library, kiosk or other public place, be very careful about what you do while using it. Be aware that your activities could be monitored and that it’s probably not prudent to conduct sensitive transactions such as online banking. Most importantly, make sure to log out completely after you’re done, so that the next user doesn’t have access to your accounts and data.