Security & Safety Resource Center

Platforms like Facebook and Twitter have a seemingly endless array of settings you can tweak for security and privacy. Don’t leave the defaults on – instead look through the options to find the ones that limit who can see your data and reduce your overall exposure. Twitter’s option to mute specific accounts and keywords is a great example.

It’s always advisable to backup your data with a solution like Total Defense Ultimate. An added benefit is that you are at less risk when you update your applications and OSes. If there’s a technical glitch during the upgrade, at least you have a backup to fall back on.

Email is based on an old set of protocols with few privacy protections. Don’t send your most sensitive information (like your Social Security number) over email if possible. Use encrypted chat or a voice call instead.

If you spend enough time on a PC or Mac, you’ll probably run across websites begging you to click a link or button to download a program. Many of these programs should be avoided. You can increase your safety by configuring your device to only run programs from the official app store for its operating system (OS), or from trusted developers registered with the OS developer.

Typing in a few letters in the “to:” field of an email often results in your email service/client suggesting an autocompletion. This is a handy feature, but one that can backfire. For instance, it might result in you inadvertently sending sensitive data to someone who shouldn’t have it.

Explain the risks of technology, and teach children how to be responsible online (see Keeping Children Safe Online for more information). Reduce their risk of becoming cyberbullies by setting guidelines for and monitoring their use of the internet and other electronic media (cell phones, PDAs, etc.) If you notice changes in your child’s behavior, try to identify the cause as soon as possible. If cyberbullying is involved, acting early can limit the damage.

A type of malware that disguises itself as a normal file to trick a user into downloading it in order to gain unauthorized access to a computer.

The “Nigerian prince” scheme is one of the best-known email scams, but it’s hardly the only one. Others to look out for include messages purporting to be from government agencies (which pretty much never communicate with individuals this way) and communications from ISPS and software vendors, if they claim to include software patches/updates that would never legitimately be distributed this way.

Email attachments can be dangerous. They might contain malware that triggers an infection when downloaded. Even if you receive an attachment from someone you know, think about it before opening it and, if you’re unsure if it’s legitimate, follow up with that person separately. Cyberattackers have become adept at spoofing return addresses to make it seem like compromised attachments come from trusted sources.

When you have friends, family or other visitor to your home, chances are some of them will want access to your Wi-Fi. Rather than typing in a long password that the other person might see, you can use the Wi-Fi sharing feature in iOS 11 and later that allows you to grant access to others who are on the same network and listed as contacts in your device’s address book.

Disasters such as Hurricanes and Floods prompt fraudsters to solicit contributions purportedly for a charitable organization or a good cause. Do not respond to unsolicited (spam) e-mails. Also, be skeptical of individuals representing themselves over e-mail as officials soliciting for donations. Do not click on links within an unsolicited e-mail. Be cautious of e-mails claiming to contain pictures in attached files, as the files may contain viruses. To ensure contributions are received and used for the intended purposes, make contributions directly to known organizations rather than relying on others to make the donation on your behalf.

Having your payment card details stolen can be a traumatic experience, especially if the card in question was a debit card tied to a bank account. Prepaid cards offer a safer alternative. You can just load a small amount onto them each time you need to make a purchase. If the card is compromised, there’s a limit to how much anyone could do with it.

In very basic terms, encryption is a way to send a message in code. The only person who can decode the message is the person with the correct key; to anyone else, the message looks like a random series of letters, numbers, and characters. Encryption is especially important if you are trying to send sensitive information that other people should not be able to access. Because email messages are sent over the Internet and might be intercepted by an attacker, it is important to add an additional layer of security to sensitive information.

There are multiple proven ways to make your passwords stronger, including the use of password managers to automatically generate and store all of your logins. Alternatively, you can take matters into your own hands by thinking of nonsensical phrases – e.g., “the Walrus and the Carpenter were preparing three pancakes!” and abbreviate it into a string (WatCwp3p!) that doubles as a strong, unique password.

Phishing is one of the oldest and most effective cyberattack techniques. To reduce your risk of having sensitive data stolen, never click on any emailed or texted links purporting to take you to your account page for a password reset or other modification. Instead, if you’re unsure whether action is merited, navigate to the account page yourself in a web browser, which is much safer.

The Messages app on any iPhone or Mac collects both your SMS texts and iMessage chats. For the latter, you can configure a setting that disables notifications for any iMessage from a phone number or email address that’s not already in your contacts list. That can filter out phishing scams and general message spam.

Someone looking up your name on a search engine like Google might find results related to your previous jobs and addresses, along with information about your relatives. This data could be used against you, for example in determining the answers to security questions. Luckily, Google offers a URL removal tool for requesting takedowns of specific content.

Be sure to thoroughly review the details and specifications of an application before you download it. Be aware that the app may request that you share your personal information and permissions. Delete any apps that you are not using to increase your security.

Password-protected PCs, Macs, tablets and smartphones all have cutoff points at which they lock their screens, requiring re-entry of the passcode or PIN. The time frame for relocking is adjustable, but the safest option is to force anyone attempting to log in to re-enter the device password immediately. That way, you don’t have to worry about someone picking up your phone or laptop and being able to access its contents.

Make electronic and physical back-ups or copies of all your important files. Data can be lost in many ways including malware, computer malfunctions, theft, viruses, and accidental deletion. Use an online backup tool to keep your important documents safe.

When checking your online bank balance or making a purchase, it’s best to avoid networks you don’t normally use, especially public Wi-Fi hotspots that might expose your activity to unwanted third parties. Conduct important transactions on your password-protected home network or with the help of a virtual private network (VPN) service.

September 9, 2010: The virus, called “here you have” or “VBMania”, is a computer worm that successfully attacked tens of thousands of Windows computers in 2010 when it was sent as a link inside an email message with the text “Here you have” in the subject line. The final extension of the link was hidden by default, leading unsuspecting users to think it was a mere PDF file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book.

If you use two-factor authentication, it’s best to rely on codes sent to other devices or applications such as Duo or Google Authenticator instead of SMS texts. That’s because SIM hacking is on the rise. This practice entails a cyberattacker tricking a customer service representative into reassigning a phone number to a new SIM card.

A dark pattern is an intentionally misleading user experience in an app or on a website. A classic example is having to click a bunch of buttons to try to close an account, only to find you actually have to call someone. Needing to deselect a huge list of options is also common. Be aware that sites/apps employing these features might be putting your data at risk.

Cyberbullying refers to practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers and smartphones are current tools that are being used to conduct an old practice. Forms of cyberbullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyberbullying is a growing problem in schools.

This might seem like strange advice, but hear us out: If someone finds key details about you online, that information could help answer the security questions for accessing an important account. Considering lying on purpose to mislead would-be attackers. Alternatively, select opinion-based questions like “What is your favorite color?”

There are many sites that offer customized toolbars or other features that appeal to users. Don’t download programs from sites you don’t trust, and realize that you may be exposing your computer to malicious spyware by downloading some of these programs.

The recent VPN Filter malware revealed the abundance of security issues in many of the Internet routers we rely on every day. One vulnerability you can close right away involves universal plug and play (UPnP), a service for automatically configuring some devices on the network. Turn it off unless you’re sure you need it.

Check the privacy policy – before submitting your name, email address, or other personal information on a website, look for the site’s privacy policy. This policy should state how the information will be used and whether or not the information will be distributed to other organizations. Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists. If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site. Privacy policies sometimes change, so you may want to review them periodically.

If you have multiple profiles on platforms like Facebook and Twitter, it might be advisable to consolidate them. Old platforms might contain personally identifying information you forgot to take down. Plus, they could be secured with weak passwords that you never got around to upgrading. Fewer accounts means less exposure to hacking as well as tracking.