Security & Safety Resource Center

Use caution when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization’s helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net).

As over 20,000 USB memory sticks are lost each year in the U.S. alone, it’s a wise idea to protect any data you might keep on one with encryption. There are two ways you can do this. You can buy encrypted USB drives that use hardware to protect whatever you store on them, or you can use software to encrypt any USB drive you already have. Buying hardware encrypted USB drives can be more expensive than software, but it is more reliable and secure.

Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.

If you work from home and need to join conference video calls for work, make sure you keep your private home protected by using background blur or wallpaper features. An iteration of these are included in most video call programs and apps, but if you come across one that doesn’t have an option to obscure your surroundings, position yourself strategically to have as blank a background as possible. Face your camera away from walls with family photos or a view of the interior of your home.

Many applications allow you to set up regular automated backups of your data, which is great for day-to-day data preservation. But when you’re traveling — particularly abroad — this could be costly or ineffective due to connectivity or restrictions on your plan. To ensure you have a reliable account of your data before you go away, perform a manual backup which, should the worst happen, you can recover on your return. That way all you will have lost is whatever you’ve accumulated or changed whilst on your trip.

Scam artists are always on the prowl setting up new schemes for fake e-commerce sites. Before you make a purchase, take the time to read reviews and hear what others say about the merchant. Also, try to find a physical location and any customer service information you can gather. It’s also a good idea to call the merchant to confirm that they are legitimate and be sure the phone number came from their website and not from a search engine result.

When you upgrade your phone or computer, be sure to complete a thorough data cleanse of your old ones. Performing a factory reset isn’t sufficient to wipe all information from a device. Instead, invest in a dedicated program or app that will truly clear your personal data and account information from a device. This is a general best practice, but it’s especially important if you are selling your old device or giving it to someone else to use.

Being able to use your phone to complete contactless transactions is great, seeing as we almost always have our phones handy. But be sure to explore what settings you can use to make sure it is protected should your phone be lost or stolen. Incorporate biometric security with NFC so it requires your fingerprint to approve any NFC transaction; that way, only you are able to complete purchases using your phone.

A printer is an easily overlooked member of your IoT family, but consider how advanced modern printers are. Many are Wi-Fi and Bluetooth enabled, and they’re connected to your network, both at home and in the office. Without suitable precautions in place, your printer could be the backdoor a hacker needs to access your network. Home printer setup can seem really easy with the quick-start leaflet that comes with it, but take your time to go through the full setup process to check for security settings that you can enable.

For businesses, partition your printers behind a dedicated firewall and have a company printer policy in place with rules on things like not leaving printed documents unattended in the printer tray and setting up password access for users.

If you log in as admin on your computer for day-to-day use, you leave your whole system vulnerable to  infiltration. Should a hacker gain access to your admin account, they’ll be able to track, install and change pretty much anything they want. Instead, create a separate, dedicated administrator login that you only use when you have to, like if you’re installing things. That way, if you download something malicious it’ll be confined to a standard user account and have less chance of getting into administrative controls.

If you allow Google Chrome to save your passwords, you can find a full list of them by going to passwords.google.com while signed into your account. At the top of this page is an option to “Go to Password Checkup.” This does a comprehensive scan of all your saved passwords and flags any that are at risk of compromise. You can use this to update any at-risk passwords and keep your accounts secure.

If you’re the victim of or witness to cyberbullying, be sure to report the bully to a suitable authority. That could be an administrator or service provider, or in extreme cases the police. Just be sure to remain anonymous and avoid any confrontation or direct interactions with the bully. While they may only seem like a digital harasser, you can’t be sure what their capabilities might be when it comes to identifying you and tracking you down online.

If you hire vehicles when traveling — for leisure or business — avoid using the connectivity features in the car. Whether it’s Bluetooth for your phone or music, or synced GPS maps, you’re opening up your personal device to exchange data with an unknown entity that has been used by an unknown number of strangers. If you want to use your own device for music or navigation while driving, invest in a standard AUX lead and a removable phone mount so you can keep your phone functional, but safe.

Whenever you can, hardwire your internet connection. If you’re using your computer or laptop at home, reduce the risk of wireless infiltration by turning off the Wi-Fi and plugging in directly to your router. While this might limit where you can set up your desk or home office situation, it could provide you with an additional layer of security when it comes to the data stored on your personal or work computer.

Push notifications pop up on your phone home and lock screen so you don’t miss important information or updates. These can be really useful for you to see important information as soon as it arrives, but it also runs the risk of allowing others to see personal information you may want kept private. Adjust push notifications in the settings for each individual app to make them more secure. You could, for example, have your IMs still appear in full on your lock screen, but completely turn off push notifications for apps to do with banking or health. You can additionally hide email content while still receiving a notification that you’ve received an email.

Connections such as your home internet service or cellular (LTE/5G) connection through your wireless carrier. Public wi-fi networks are not very secure, which makes it easy for others to intercept your data. If you choose to connect to open networks, consider using antivirus and firewall software on your device or using a Virtual Private Network (VPN) service, which allows you to connect to the internet securely by keeping your exchanges private. When setting up your home wireless network, use Wi-Fi Protected Accessed 3 (WPA3) encryption. All other wireless encryption methods are outdated and more vulnerable to exploitation.

The idea that deleting files doesn’t truly delete the data in them is, for the most part, true. In order to truly secure your data, you’ll need to perform an overwrite on deleted files so information cannot be recovered by bad actors. This is especially important if you’re planning to sell or dispose of an old device. For Windows devices, you can use the in-built Cipher tool to do this. Simply open the Start menu and type “cipher” into the search bar to find this in the command prompt.

Most home Wi-Fi routers have a WPS button on them. This button allows you to connect to the Wi-Fi network without a password and therefore presents a liability to your home digital network security. Fortunately, you can easily disable this button. The method to do so varies from one manufacturer to another, but it’s generally achieved by opening a browser on your computer and entering a specific IP address to access your network settings. If you’re unsure how to do this, contact your internet service provider and they can walk you through it.

Emails that appear to come from a legitimate source and websites that appear to be legitimate may be malicious. An example is an email claiming to be sent from a system administrator requesting your password or other sensitive information or directing you to a website that requests your information. Online services (e.g., banking, ISPs, retailers) may request that you change your password, but they will never specify what you should change it to or ask you what it is. If you receive an email asking you to change your password, visit the site directly yourself instead of clicking on a link provided in email

If you have a family or shared computer, make sure your loved ones are safe by adding administrator controls to restrict downloads and installations. Many modern operating systems allow you to require approval from an administrator (i.e., primary user) before executing scripts, device drivers and system firmware. To set up an account as an administrator in Windows 10:

• Click the Windows Start button.
• Click Settings.
• Select Accounts.
• Choose Family & other users.
• Click on your user account under the Other users panel.
• Select Change account type.
• Choose Administrator from the dropdown.

As the administrator, your password or PIN will be required to authorize downloads and installations on the computer.

Especially when you want to do anything that requires you to log in, avoid using other people’s computers or devices. This goes for public access machines in cafes or libraries too. Bad actors can install a type of malware known as a keylogger, which tracks every keystroke and stores it, allowing them to discover your credentials and passwords. Additionally, be very careful of who you allow to access your devices, to ensure they aren’t installing malicious software too.

Manufacturers issue updates as they discover vulnerabilities in their products. Automatic updates make this easier for many devices—including computers, phones, tablets, and other smart devices—but you may need to manually update other devices. Only apply updates from manufacturer websites and built-in application stores—third-party sites and applications are unreliable and can result in an infected device. When shopping for new connected devices, consider the brand’s consistency in providing regular support updates.

When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.

Use the strongest, longest password or passphrase permitted. Don’t use passwords that attackers can simply guess, like your birthday or your child’s name. Attackers can use software to conduct dictionary attacks, which try common words that may be used as passwords. They also conduct brute force attacks, which are random password attempts that run until one is successful. When setting security verification questions, choose questions and answers for which an internet search would not easily yield the correct answer (e.g., your pet’s name).

Remove unnecessary software, modify or delete unnecessary default features that will reduce attackers’ opportunities. Review the features that are enabled by default on your computer, and disable or customize those you don’t need or don’t plan on using. As with removing unnecessary software, be sure to research features before modifying or disabling them.

Installing an antivirus software program and keeping it up-to-date is a critical step in protecting your computer. Many types of antivirus software can detect the presence of malware by searching for patterns in your computer’s files or memory. Antivirus software uses signatures provided by software vendors to identify malware. Vendors frequently create new signatures to ensure their software is effective against newly discovered malware. Many antivirus programs offer automatic updating. If your program has automatic updates, enable them so your software always has the most current signatures. If automatic updates aren’t offered, be sure to install the software from a reputable source, such as the vendor’s website.

Computers are an indispensable part of our daily lives. It’s imperative to correctly configure your home computer before linking it to the internet to keep it, and your personal information protected. Because computers play such important roles in our lives, and because we enter and view so much personally identifiable information (PII) on them, it’s crucial to apply and maintain strong computer security. Solid computer security ensures safe processing and storage of our important information.

Provide cellular Wi-Fi hotspots or tethering plans so remote workers can use portable Wi-Fi hotspots. These can be used instead of allowing connections through public Wi-Fi networks to help regulate access and increase connection security. Wi-Fi hotspots should be password and login protected so they’re only accessible to employees.

If you have a bring your own device (BYOD) policy at work, make full use of mobile device management (MDM) applications so you can remotely access, track and wipe the data from a device should it be lost or stolen. High end MDM will also allow you to set regular automated data backups to your company servers, preserving information.

Facebook allows you to set up alerts for when a new login attempt occurs on your account. You can choose to receive a text or email notification when your account is accessed from a new device, giving you a real-time warning of potentially suspicious activity. There’s also an option to go one step further and utilize login approvals; this sends you a code via text, which is needed in conjunction with your standard username and password to permit a login from a new device. If you’re the one doing the log in, you’ll have the code. If it’s not you, you can prevent a bad actor gaining access. This also acts as a great prompt to change your password!

Your business website may be a convenient backdoor into your systems which hackers could exploit to gain access to sensitive information, or simply hijack your website and hold it to ransom. As hackers will often bounce through VPNs across the globe, you can use Google Analytics to monitor where traffic is coming from and flag any suspicious changes. Knowing where in the world traffic is coming from can help investigations if you are subject to a cyber attack, and may even allow you to prevent one should you spot discrepancies.