Archives - Security Best Practice


Watch out for e-commerce sites asking for personally identifying information

E-commerce sites only really need two main data points from you: 1) your payment information, like a credit card number and 2) your shipping address. If they ask for anything else, consider finding an alternative. You don’t need to supply your Social Security number just to have a package shipped to your residence.

Do not engage with unfamiliar callers

Scam phone calls have seen a major resurgence despite regulations such as the National Do Not Call List. The best practice here is also the simplest: Don’t answer calls from unfamiliar numbers. Set up a voicemail inbox with a descriptive prompt so that legitimate callers can get in touch. Scam callers will often not leave […]

Type a URL or use a bookmark instead of clicking a link

This advice isn’t always feasible. However, when you can, consider visiting a website via a saved bookmark or by manually typing in the address, instead of clicking a link from an email or other source. The latter method might take you somewhere unexpected. Using a bookmark or typing (with or without browser auto-complete) is generally […]

Check the permissions a browser extension asks for

Browser extensions provide a lot of useful functionality, from quick ways to save a page to various filters that block intrusive content. It’s important to know what information these extensions have access to, though. For example, some can read and modify data on all the pages you’re viewing. Make sure you can trust the extension […]

Be wary of relatively new top-level domains like .click and .loan

Not all websites end in the familiar .com, .org and .gov top-level domains. Many new ones were introduced in the mid-2010s. Some of these, including .blog and .fitness, are widely used by reputable outlets, while others like .click and .loan are havens for scams. Watch what you type in your URL bar, as something like […]

Change your Facebook password every couple of months or sooner

Creating a strong password for all of your online accounts is a necessary but not sufficient measure for protecting your information. Even major services like Facebook suffer security incidents in which login credentials are stored in plain text, meaning anyone could potentially retrieve them. Set a reminder to change your password periodically and do it […]