Security Tips & Info

2018 | 2017

2018

2017

Own Your Online Presence

February 2018

  • Personal information is like money. Value it. Protect it.: Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
  • Be aware of what’s being shared: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
  • Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and in the future.

For more information and other useful tips visit: stopthinkconnect.org

Back to top

Disposing of Old Computers

January 2018

Getting rid of your old computer? You can ensure its hard drive doesn’t become a treasure chest for identity thieves. Use a program that overwrites or wipes the hard drive many times. Or remove the hard drive, and physically destroy it.

Understand Your hard Drive: Computers often hold personal and financial information such as passwords, account numbers, license keys or registration numbers for software programs, addresses and phone numbers, medical and prescription information, tax returns and files created automatically by browsers and operating systems. When you save a file, especially a large one, it is scattered around the hard drive in bits and pieces. When you open a file, the hard drive gathers the bits and pieces and reconstructs them. When you delete a file, the links to reconstruct the file disappear. But the bits and pieces of the deleted file stay on your computer until they’re overwritten, and they can be retrieved with a data recovery program. To remove data from a hard drive permanently, the hard drive needs to be wiped clean.

How to Clean a Hard Drive: Before you clean a hard drive, save the files you want to keep to a USB drive, a CDRom, an external hard drive or a new computer. Check your owner’s manual, the manufacturer’s website, or its customer support service for information on how to save data and transfer it to a new computer. Utility programs to wipe a hard drive are available both online and in stores where computers are sold. These programs generally are inexpensive; some are available on the internet for free. These programs vary, some erase the entire disk, while others allow you to select files or folders to erase. Some overwrite or wipe the hard drive many times, while others overwrite it only once. Consider using a program that overwrites or wipes the hard drive many times; otherwise, the deleted information could be retrieved. Or remove the hard drive, and physically destroy it.

How to Dispose of Your Computer: Recycle it. Many computer manufacturers have programs to recycle computers and components. Check their websites or call their toll-free numbers for more information. The Environmental Protection Agency (EPA) has information about electronic product recycling programs. Your local community may have a recycling program, too. Check with your county or local government, including the local landfill office for regulations. Donate it. Many organizations collect old computers and donate them to charities. Resell it. Some people and organizations buy old computers. (Federal Trade Commission)

Back to top

Lock Down Your Login

December 2017

The process of authentication, or proving who you are, is key to protecting your information, such as your email, social media, or online banking accounts. You may not realize it, but there are three different ways to prove who you are: what you know, such as a password, what you have, such as your driver’s license, and some part of you, such as your fingerprint. Each one of these methods has advantages and disadvantages. The most common authentication method is passwords, which are something you know. Unfortunately, using passwords just by themselves is proving to be more and more insecure. You can protect yourself and lock down your login with something far better than just passwords. It’s called two-factor authentication.

Two-factor authentication (also called two-step verification, multi-factor authentication, or 2FA) is far stronger than just using passwords by themselves. It works by requiring not one, but two different methods to prove you are who you say you are.

Two-factor authentication is widely available on most major banking, email, social networking, and other sites. In addition, most of these sites offer simple step-by-step instructions how to turn on two-factor authentication. Once you enable two-factor authentication, you can expect it to work like this. First, you log in to your account using your username and password, just as you always have. This is the first of the two factors--something you know. Then you will receive a unique code, often by text to your smartphone. You then enter that code into the login screen. This is the second of the two factors--you must have your phone to receive that code. Now your account is truly locked down. Even if a cybercriminal steals your password, they cannot access your account unless they also have your phone.

For more information on two-factor authentication visit securingthehuman.sans.org/newsletters

Back to top

Using Caution with Email Attachments

November 2017

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

-Email is easily circulated – Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

-Email programs try to address all users' needs – Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

-Email programs offer many "user-friendly" features – Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

  • Be wary of unsolicited attachments, even from people you know
  • Keep software up to date
  • Trust your instincts
  • Save and scan any attachments before opening them
  • Turn off the option to automatically download attachments
  • Consider creating separate accounts on your computer with different privileges
  • Apply additional security practices - US-CERT, Security Tip (ST04-010)

Back to top

Busting the Top 5 Myths About Safe Web Browsing

October 2017

There are a vast number of myths and misconceptions about safe web browsing circling around. How many have you fallen for? Let's take a look at the top five myths.

Myth #1: My computer has never been infected with malware so I must be a safe surfer. Nearly a third of all computers in the U.S. are infected with some form of malware. You may not even know you're infected. Web malware is designed to steal personal information and passwords or use your machine for distributing spam, malware or inappropriate content without you knowing it.

Myth #2: Only gambling and illegal websites are dangerous. Not true. The majority of infected websites are ones that you trust. Hackers prefer to hijack and infect popular, high-traffic websites so they can silently distribute malware to unsuspecting visitors. Your computer can be infected just by visiting an infected site. Anyone who surfs the Internet is at risk.

Myth #3: You can only get infected if you download files. False. Hackers take advantage of vulnerabilities in web browsers, plug-ins and operating systems. You can be infected with malware by simply visiting an infected website. An attack of this type is called a "drive-by" download because the malicious code is downloaded and executed automatically.

Myth #4: When the lock icon appears in the browser, it means it's a secure website. Not true. The lock icon means there is an SSL encrypted connection between your browser and the web server which enables private communications over the Internet. SSL encryption doesn't provide any protection from malware. In fact, hackers often spoof SSL certificates on fake banking websites to make visitors feel secure.

Myth #5: Only computers and laptops can become infected. False. Mobile malware, which affects smartphones, tablets and other mobile devices, increased by 58% last year. This nasty malware can easily steal information on your device such as phone numbers and email addresses. It can even use the device's GPS to track your whereabouts.

These helpful tips are provided by InfoSight Inc, an information security consultancy working to help ensure the privacy and security of your corporate, personal and financial information.

Back to top

Securely Using Mobile Apps

September 2017

Mobile devices, such as tablets, smartphones, and watches, have become one of the primary technologies we use in both our personal and professional lives. What makes mobile devices so versatile are the millions of apps we can choose from. These apps enable us to be more productive, instantly communicate and share with others, train and educate, or just have more fun. However, with the power of all these mobile apps comes risks. Here are some steps you can take to securely use and make the most of your mobile apps.

  • Make sure you always download mobile apps from a safe, trusted source. Cyber criminals have mastered their skills at creating and distributing infected mobile apps that appear to be legitimate. If you install one of these infected apps, criminals can take complete control of your mobile device. By downloading apps from only well-known, trusted sources, you reduce the chance of installing an infected app. What you may not realize is the brand of mobile device you use determines your options for downloading apps.
  • Once you have installed a mobile app from a trusted source, make sure it is safely configured and protecting your privacy. Always think before allowing a mobile app access: do you want to grant the app the permission it asks for, and does the app really need it? For example, some apps use geo-location services. If you allow an app to always know your location, you may be allowing the creator of that app to track your movements, even allowing the app author to sell that information to others.
  • Mobile apps, just like your computer and mobile device operating system, must be updated to stay current. Criminals are constantly searching for and finding weaknesses in apps. It is recommended that you allow the system to update mobile apps automatically and make sure you verify any new permissions they might require. SANS Securing the Human March 2017

Back to top

The Price of Free Software

August 2017

Has your computer been acting strange lately? Maybe your default search engine or other browser settings changed, or you’re getting suspicious warnings about your computer’s performance. Are you seeing ads that don’t seem to belong – like ones that cover up parts of the webpage or are on a site that doesn’t usually show ads? If so, you may have unwanted software on your computer. Your next step: get rid of any malware.

But how does unwanted software get on your computer in the first place? If you installed some free software, you may have accidentally downloaded it at the same time. Extra software – and sometimes malware – can get bundled together with popular free software downloads, and you might not realize what you’re getting. To avoid this problem:

  • Be on the lookout when installing free software. Read each screen during the installation process. Choose the “custom” install option instead of the “express” option. Then, if you see software you don’t want in the bundle, decline the additional program or just exit the installation process.
  • If you want a particular download, go straight to that company’s site – or another source you trust. Sites that offer lots of popular software – for free – are more likely to bundle it with extra software.
  • Talk to your kids. If you let your kids download software, help them recognize reputable sources.
  • Don’t click on popups or banner ads. Clicking on popups or banner ads about your computer’s performance might start a download of unwanted software.
  • Keep your security software up to date. Up-to-date security software can catch malicious software and protect your computer.

By Amanda Koulousias, Attorney, Division of Privacy and Identity Protection, Federal Trade Commission

Back to top

Don't Overshare on Social Networking Sites

July 2017

If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites.

(Federal Trade Commission, How to Keep Your Personal Information Secure)

Back to top

Phone Scams

June 2017

Every year, thousands of people lose money to telephone scams — from a few dollars to their life savings. Scammers will say anything to cheat people out of money. Some seem very friendly — calling you by your first name, making small talk, and asking about your family. They may claim to work for a company you trust, or they may send mail or place ads to convince you to call them.

If you get a call from someone you don’t know who is trying to sell you something you hadn’t planned to buy, say "No thanks." And, if they pressure you about giving up personal information — like your credit card or Social Security number — it’s likely a scam. Hang up and report it to the Federal Trade Commission.

For more information on “Signs of a Scam”, “How They Hook You”, “Why They’re Calling You”, “How to Handle an Unexpected Sales Call", and “What to Do About Pre-Recorded Calls” visit the Federal Trade Commission website at https://www.consumer.ftc.gov/articles/0076-phone-scams for the complete article.

Back to top

Going Mobile: How to be Safer When Using a Smartphone or Tablet

May 2017

Everywhere you look, people are using smartphones and tablets as portable, hand-held computers. "Unfortunately, cybercriminals are also interested in using or accessing these devices to steal information or commit other crimes," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "That makes it essential for users of mobile devices to take measures to secure them, just as they would a desktop computer." 

Here are some basic steps you can take to secure your mobile devices.

Avoid apps that may contain malware. Buy or download from well-known app stores, such as those established by your phone manufacturer or cellular service provider. Consult your financial institution's website to confirm where to download its official app for mobile banking.

Keep your device's operating system and apps updated. Consider opting for automatic updates because doing so will ensure that you have the latest fixes for any security weaknesses the manufacturer discovers. "Cybercriminals try to take advantage of known flaws, so keeping your software up to date will help reduce your vulnerability to foul play," said Robert Brown, a senior ombudsman specialist at the FDIC.

Consider using mobile security software and apps to protect your device. For example, anti-malware software for smartphones and tablets can be purchased from a reputable vendor.

Use a password or other security feature to restrict access in case your device is lost or stolen. Activate the "time out" or "auto lock" feature that secures your mobile device when it is left unused for a certain number of minutes. Set that security feature to start after a relatively brief period of inactivity. Doing so reduces the likelihood that a thief will be able to use your phone or tablet. 

Back up data on your smartphone or tablet. This is good to do in case your device is lost, stolen or just stops working one day. Data can easily be backed up to a computer or to a back-up service, which may be offered by your mobile carrier.

Have the ability to remotely remove data from your device if it is lost or stolen. A "remote wipe" protects data from prying eyes. If the device has been backed up, the information can be restored on a replacement device or the original (if you get it back). A number of reputable apps can enable remote wiping.

To learn more about safely using smartphones and tablets, see the Federal Trade Commission's Computer Security Web page. (FDIC Consumer News-Winter 2016)

Back to top

10 Things You Can Do to Avoid Fraud

April 2017

Crooks use clever schemes to defraud millions of people every year. They often combine new technology with old tricks to get people to send money or give out personal information. Here are some practical tips to help you stay a step ahead.

https://www.consumer.ftc.gov/articles/0060-10-things-you-can-do-avoid-fraud

  1. Spot imposters-scammers often pretend to be someone you trust.
  2. Do online searches-type a company or product name into a search engine with words like review, complaint, or scam.
  3. Don’t believe your caller ID-technology makes it easy for scammers to fake caller ID info.
  4. Don’t pay upfront for a promise-you may be asked to pay in advance for a job, a prize or debt relief.
  5. Consider how you pay-credit cards have significant fraud protection, but some payment methods don’t, such as wire transfer.
  6. Talk to someone you trust-before you give up your money or personal information.
  7. Hang up on robocalls-if you answer the phone and hear a recorded sales pitch hang up.
  8. Be skeptical about free trial offers-some companies use free trials to sign you up for products and then bill you.
  9. Don’t deposit a check and wire money-if a check you deposit turns out to be a fake, you are responsible for repaying the bank.
  10. Sign up for free scam alerts from the FTC at ftc.gov/scams for the latest tips and advice about scams.

Back to top

Stopping Unsolicited Mail, Phone Calls, and Email

March 2017

Tired of having your mailbox crammed with unsolicited mail, including preapproved credit card applications? Fed up with getting telemarketing calls just as you're sitting down to dinner? Fuming that your email inbox is chock-full of unsolicited advertising? The good news is that you can cut down on the number of unsolicited mailings, calls, and emails you receive by learning where to go to "just say no." www.consumer.ftc.gov

Telemarketing

The federal government's National Do Not Call Registry is a free, easy way to reduce the telemarketing calls you get at home. To register your phone number or to get information about the registry, visit www.donotcall.gov, or call 1-888-382-1222 from the phone number you want to register. You will get fewer telemarketing calls within 31 days of registering your number. Telephone numbers on the registry will only be removed when they are disconnected and reassigned, or when you choose to remove a number from the registry.

Mail

The Direct Marketing Association's (DMA) Mail Preference Service (MPS) lets you opt out of receiving unsolicited commercial mail from many national companies for five years. When you register with this service, your name will be put on a "delete" file and made available to direct-mail marketers and organizations. This will reduce most of your unsolicited mail. However, your registration will not stop mailings from organizations that do not use the DMA's Mail Preference Service. To register with DMA's Mail Preference Service, go to www.dmachoice.org, or mail your request with a $1 processing fee to: DMAchoice, Direct Marketing Assoc, PO Box 643, Carmel NY 10512.

Email

The DMA also has an Email Preference Service (eMPS) to help you reduce unsolicited commercial emails. To opt out of receiving unsolicited commercial email from DMA members, visit www.dmachoice.org. Registration is free and good for six years.

Back to top