SECURITY TIPS & INFORMATION
February 2014: Securing Your Home Network
Home networks have become increasingly complex. Not only are we connecting more devices, but we are doing more things with them. Here are some basic steps to secure your home network:
-Change the default administrator login and password for your wireless access point;
-Give your network a unique name which does not contain any personal information;
-Enable strong security on your wireless access point, the best is WPA2;
-Make sure the password used to connect the wireless network is strong, hard-to-guess.
For more information go to SANS Securing the Human at http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201401_en.pdf
January 2014: Protect Yourself from Email Tax Scams
It's tax season and criminals will use the opportunity for scams. Don't become the next victim. Scammers leverage every means at their disposal to separate you from your money, your identity, or anything else of value they can get.
Key ways to recognize an email tax scam. The email:
- requests personal and/or financial information;
- includes exciting offers to get you to respond;
- threatens a consequence for not responding to the email;
- has incorrect spelling;
- uses incorrect grammar;
- includes downloadable documents relating to new tax laws.
For more information visit http://msisac.cisecurity.org/newsletters/
December 2013: Tips for Safe Online Holiday Shopping
Before you start your holiday shopping:
-Make sure security measures are in place
-Understand the consequences of your actions and behavior
-Enjoy the benefits of the Internet
For more information visit:
November 2013: Has Your Email Been Hacked?
You get a flood of messages from friends and family. They're getting emails from you with seemingly random links, or messages with urgent pleas to wire you money. It looks like your email or social media account might have been taken over. What do you do? For starters, make sure your security protections are up-to-date, reset your password, and warn your family and friends. For more info go to http:\\www.onguardonline.gov/articles/0376-hacked-email
October 2013: October is National Cyber Security Awareness Month
Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Department of Homeland Security is committed to raising cybersecurity awareness across the nation and to working across all levels of government, the private sector, and internationally to protect against and respond to cyber incidents. Visit the DHS website at www.dhs.gov/national-cyber-security-awareness-month for more info.
August 2013: If you download FREE software...Make sure you don't get more than you bargain for
Free software that you download could be just what you think it is — a single software package. However, many times free software comes bundled with other unwanted, harmful programs including spyware, viruses, or even Trojan horse programs. To help keep your computer free from unwanted guests, make sure the site you are downloading from is one you know and trust. Also verify that your operating system and anti-virus software have been updated and patched BEFORE you click the download button! www.sans.org
July 2013: Disposing of Old Computers
Getting rid of your old computer? You can ensure its hard drive doesn't become a treasure chest for identity thieves. Use a program that overwrites or wipes the hard drive many times. Or remove the hard drive, and physically destroy it.
June 2013: See What Information About You Is Available Online
It can sometimes be shocking how much information is collected about you and made publicly available. Search engines will help you to do a quick query of your public information. You can also take a proactive approach and set up alerts for search terms of your name.
To Clean up Your Data:
- Remove data from sites you have access to
- Modify privacy settings
- Request that the account be deleted
- Contact website owners
- Opt out of data service providers
- Use a professional service
Info provided by MS-ISAC
May 2013: Update Your Mobile Device
Mobile devices are computers with software that needs to be kept up‐to‐date (just like your PC, laptop or tablet). Security protections are built in and updated on a regular basis. Take time to make sure all the mobile devices in your house have the latest protections. This may require syncing your device with a computer. Visit http://www.stopthinkconnect.org for more information
April 2013: Avoid being Scammed
Never reply to emails that ask you to verify your information or confirm your user ID or password. Don't click on a link or file of unknown origin. Check the source of the message; when in doubt, verify the source.
March 2013: Social Media
Use discretion when posting information or comments on social networking sites. Once information is posted, it can potentially be viewed by anyone and cannot be retracted. The more information you post, is that much more information available to commit fraud. The information gathered from these sites can be used to manipulate a person to perform fraudulent actions or divulge confidential information.
February 2013: Using Public Computers and Public Wireless Access
Be aware that public computers and public wireless access are not secure. Cyber criminals can potentially access any information you provide, such as credit card numbers, confidential information, or passwords. Do not conduct any sensitive transactions at the local free Wi-Fi site.
Information provided by MS-ISAC
January 2013: Understand If and How Location Data is Stored
Check to see if GPS location data is being stored when you upload pictures to your social media site from your mobile device, and disable it if you do not want the world to know exactly where the picture was taken. Information provided by MS-ISAC
December 2012: Secure Your Online Transactions
When submitting your sensitive information, look for the "lock" icon on the browser's status bar to be sure your information is secure during transmission. Also be sure that "https" appears in the website's address bar before making an online transaction. The "s" stands for "secure", and indicates that communication with the webpage is encrypted. Information provided by MS-ISAC
November 0212: Protect Portable Devices When Traveling
Just as your wallet contains lots of important and personal information that you would not want to lose, so too do your portable devices. Don't let them out of your sight! Never store your laptop as checked luggage. If there is a room safe available at your hotel, use it to securely store your devices. In addition, make sure you have strong passwords on these devices in case they are lost or stolen.
October 2012: October is National Cyber Security Awareness Month
Implement the Following Basic Cyber Security Best Practices
⁶ Secure your computer
⁶ Use strong passwords on all your accounts
⁶ Secure your online transactions
⁶ Do not reveal too much personal information online
⁶ Protect your laptop, smartphone, or other portable devices when traveling
⁶ Be aware that public computers and public wireless access are not secure
⁶ Understand if and how GPS location data is used
⁶ Do not e-mail sensitive data
⁶ Dispose of information properly
September 2012: Proper Disposal of Information
Before discarding your computer or portable storage devices, you need to be sure that data has been erased or "wiped".
-Read/writable media (including hard drives) should be "wiped" using Department of Defense (DOD) compliant software. Software that meets DOD compliance standards can be downloaded from the Internet at no cost.
- Shred CDs and DVDs. This type of media should be physically destroyed.
-Media that does not have a need to be re-used or contains sensitive or private data that cannot be "wiped" should be physically destroyed.
Information provided by MS-ISAC
August 2012: Strong Passwords
Using strong passwords is critical to securing your personal information. Passwords should have at least eight characters and include uppercase and lowercase letters, numbers and special characters. It is important to keep different passwords for different accounts.
July 2012: Use Mobile Apps Safely
- Make sure you actually need an app. When you download an app you open yourself to potential vulnerabilities.
- Be careful about which app store you use. App stores have different standards for the apps they offer.
- Do research and check the source. If you are downloading an app, it is wise to do research on the application itself.
- Password-protect your mobile device. Protect it with a strong password, do not store passwords on the device, do not enable apps to remember your password, and set your device to auto-lock after a few minutes.
-Learn how to remotely wipe your mobile device. If your device has a remote wipe feature you should enable it.
- Do not use public Wi-Fi when performing financial transactions. Use only 3G or 4G networks for any secure transactions such as banking.
- Be alert to changes in your mobile device's performance. Such as slow response and draining its battery faster.
- Update apps. Update all apps when notified.
- Disable Bluetooth settings when not in use. If left on someone could potentially pair to your device and obtain information.
Information provided by MS-ISAC
May 2012: Protect Your Personally Identifying Information
When any site requests information about you, ask these questions:
Who is asking?What information are they asking for?Why do they need it?
Be sure you know why the information is being requested and how it will be used. StaySafeOnline.org
April 2012: Online Shopping
When shopping online make sure the page that you are entering personal information on is secure, https:// should appear in the address line located in the upper left hand corner of the web page.
March 2012: Report Cyber Crimes
Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center at www.ic3.gov, the Federal Trade Commission at www.onguardonline.gov, and to your local law enforcement or state attorney general.
February 2012: Protect Yourself from Identity Theft Ensure that any computer connected to the Internet has proper security measures in place such as anti-virus software.Do not follow links included in emails from unknown sources.Do not open e-mail attachments from unknown users or suspicious emails from trusted sources such as the IRS or your bank.Do not distribute personal information on social networking sites.
If you feel your personal information has been compromised be sure to contact bank personnel to assist in remediation efforts.
January 2012: Unsubscribe Link
Beware before you click on those "unsubscribe" links at the bottom of emails. Many spam emails are not from trusted sources and by clicking on the "unsubscribe" link will actually verify that the email has reached a valid email address, resulting in even more spam email being sent. Unless you absolutely know the sources of the email, and you know that you did subscribe to their mail list, do not click the "unsubscribe" link in any email.
December 2011: Be Web Wise This Holiday Season
Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information. Information provided by StaySafeOnline.org www.stopthinkconnect.org
November 2011: Connect with Care When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it's best to delete or if appropriate, mark as junk mail.Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.Protect your money: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with "https://" or "shttp://", which means the site takes extra measures to help secure your information. "http://" is not secure. Information provided by StaySafeOnline.org www.stopthinkconnect.org
October 2011: Protect Your Personal Information Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.Write it down and keep it safe: Everyone can forget a password. Keep a list that's stored in a safe, secure place away from your computer. Information provided by StaySafeOnline.org www.stopthinkconnect.org
September 2011: Keep a Clean Machine Keep security software current. Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.Automate software updates. Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.Protect all devices that connect to the Internet. Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.Plug & scan. "USBs" and other external devices can be infected by viruses and malware. Use your security software to scan them. Information provided by StaySafeOnline.org www.stopthinkconnect.org
July 2011: Don't Agree to Save Passwords
When presented with a pop-up that asks to save your password never select "Yes". While saving a password will speed up the login process, it will also speed up the login process for anyone who has access to your PC or laptop. Hackers have utility programs which can find your stored passwords, allowing them unhindered access to your records.So the next time you are asked to save your password "X" out of the box or select "Cancel".
June 2011: Reuse of Online Banking Passwords
The practice of using your online banking passwords to access other non-financial websites is discouraged due to the ability of criminals to acquire login credentials from less secure sites. It is recommended that a person maintain three different logins: the first set to be used with financial websites, the second to be used with non-financial websites that hold information about your identity, and the third to be used with non-financial websites that do not maintain confidential information about you.
May 2011: Protect Your Personal Information Stop sharing personal information on your Facebook, Linkedin, or MySpace pages with the general public. Permanently stop phone calls from telemarketers, by signing up with the National Do Not Call registry. Stop most direct mail. The Direct Mail Association provides a website letting you opt out of various types of promotional mail from its members. The opt out lasts for 5 years.
April 2011: Ways to Protect Your Computer Do not click on pop-ups that advertise anti-virus or anti-spyware programs. Contact the retailer directly.Do not download software from unknown sources.Use and regularly update firewalls, anti-virus and anti-spyware programs.Patch operating systems, browsers, and other software programs.Regularly scan and clean your computer.Back up your critical files.
January 2011: Fake Anti-virus Software
Beware of messages appearing on a website urging you to clean your infected computer. These messages are often scams that attempt to install malicious software onto your computer. The names of the fake programs sound legitimate and may prompt you to pay an annual subscription so as to further appear legitimate.
November 2010: Email Solicitations
Customers are advised not to trust unsolicited email messages requesting the clicking of a link or an attachment which is not legitimate. Do NOT reveal personal or financial information over the Internet, and do not respond to email solicitations for this information.