Cyber Security Tips for NCSAM

cyber-month

 

Cyber Security Tip of the Day For National Cyber Security Awareness Month (NCSAM):

  1.  Protect online accounts with a different password for each.  Passwords need at least eight characters, letters, numbers and symbols.  Avoid using any part of your name, phone number or birth date.
  2. Be careful with email auto-complete. This is an email feature that automatically completes a name for you when you begin typing it in the TO field. However, your email client can easily complete the wrong name for you. If you are emailing anything sensitive, always be sure to check the TO field a second time before hitting the send button.
  3. Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it’s so important you use common sense and be wary of any messages that seem odd or suspicious.
  4. Rogue software or “scareware” is fake antivirus or security software. Bad guys usually try to get you to install it by generating a pop-up window as you surf the web. The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.
  5. It takes only a few seconds to secure your computer and to help protect it from unauthorized access. Lock down your computer every time you leave your desk. If you’re using a windows computer, press Ctrl–Alt—Delete before you walk away! On a Mac? Try Control–Shift– Power
  6. Banking Trojans can use a malicious webpage to ask you for your cell phone number and then attempt to install a malicious app that can bypasses security systems. Your bank will not distribute apps in this way. It is always recommended that folks download apps from the official app store and never through unknown text messages or websites.
  7. Before submitting your credit card number when shopping online, always look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmissions and make sure “https” appears in the website’s address bar. The “s” stands for “secure” indicating that communications are encrypted.
  8. USB drives, Flash Memory Cards, CD-ROMs, and other external devices can be infected with viruses and malware. Always make sure to scan them using virus scan software before opening files on them, especially if those files were not put on the device by yourself.
  9. Email is the gateway to almost every other account a user may have. When someone loses or forgets an account password, the reset is sent to his or her email.  Cyber security experts suggests email users set up multi-factor authentication, which means more than just a password is required for access; a code may be sent via text message that a user must also input for access,​ for example. It’s something most major email providers offer.
  10. A password is only as secure as the computer or network it is used on. As such, never log in to a sensitive account from a public computer, such as computers in a cyber cafe, hotel lobby or conference hall. Bad guys target public computers such as these and infect them on purpose. The moment you type your password on an infected computer, these cyber criminals can harvest your passwords. If you have no choice but to use a public computer, change your password at the next available opportunity you have access to a trusted computer
  11. One of the most effective methods you can use to protect kids online is to talk to them. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues, even going so far as to show them actual negative events that have taken place. If you don’t know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Quite often, kids love the idea of being the teacher and will open up.
  12. Just like you should shred mail that only has your name and address on it (the first pieces of information an identity thief needs to uncover more identity on the Internet), so should you eliminate the chances that something on the hotel key card will ever be used to steal your identity. It costs you nothing and takes less than 30 seconds to CHOP. And in the meantime, this will get you in the habit of destroying identity exposure so that when it does count, you’re prepared.
  13. One of the most effective steps you can take to protect your cloud account is to make sure you are using two-step verification. In addition, always be sure you know exactly whom you are sharing files with. It is very easy to accidentally share your files with the entire Internet when you think you are only sharing them with specific individuals.
  14. One of the most effective steps you can take to protect your cloud account is to make sure you are using two-step verification. In addition, always be sure you know exactly whom you are sharing files with. It is very easy to accidentally share your files with the entire Internet when you think you are only sharing them with specific individuals.
  15. Always check your settings on your mobile device to make sure they do not connect automatically to nearby wifi connections. Unsecured connections can expose you to networks that have been set up to steal your data.
  16. A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. It may be included in a larger software package or installed by an attacker who has been able to take advantage of a vulnerability on your computer or has convinced you to download it.  A rootkit is a piece of software that can be installed and hidden on your computer without your knowledge. Take appropriate precautions when using email and web browsers to reduce the risk that your actions will trigger an infection.
  17. There are many social media apps that may broadcast your location. On a smartphone, these apps will usually request access to your GPS coordinates. On the web, however, these apps may simply pick up your location from your IP address and never ask for permission. Be very cautious about this. Someone could use your location to stalk you. They could also use this information to determine when you are not home so they can rob you. Avoid the temptation to “check in” on social media.
  18. Always lock your mobile device with a pin or password. If using Android, consider installing anti-theft software so you can remotely lock or erase your device if it’s lost or stolen. If using Apple’s iOS software, turn on the find iPhone feature to easily put it in lost mode.
  19. A common method cyber criminals use to hack into people’s computers is to send them emails with infected attachments. People are tricked into opening these attachments because they appear to come from someone or something they know and trust. Only open email attachments that you were expecting. Not sure about an email? Call the person to confirm they sent it.
  20. The sharing feature that lets you share music, videos, documents, and printers with other computers in your home can represent a security risk if you use it in a public place. Others could use this feature to view or even alter documents that you have on your computer. When using your laptop in a public location, turn off the sharing feature entirely.
  21. It’s a good idea to open a free email account with sites like Gmail that you can give out when you’re required to provide an email online or open an ecommerce account. You’ll avoid spam at your primary address and reduce vulnerability.
  22. When you delete a file, it doesn’t actually go away–even after you’ve emptied the Recycle Bin. The actual bits remain written on the drive until some other disk activity writes over them. Even when you format a drive, the files are still there for those who want and know how to read them. If you want to truly and securely delete a file, or the contents of an entire drive, you need software that will overwrite the space where the file(s) once sat. Fortunately, several free programs can do this such as: Eraser, CCleaner, and Flashback Data
  23. Avoid using common words in your passwords or passphrases. Instead, break up words with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” and “L”; and Use a combination of upper and lower case letters.
  24. With the proper software installed, stolen laptops can be tracked to a physical location if they are connected to the Internet. Other software gives you remote access for computer security with the ability to erase your files or send them to a secure data center for recovery via the Web
  25. Be wary of SMSishing. You may receive a counterfeit text message that appears to be from a legitimate bank or credit card company asking you verify your account information. Once you supply your information via phone or Web, it will be in the hands of criminals. Be aware of information security by knowing when to ignore a text message
  26. Many apps want more permissions than actually needed for their function. For example, some flashlight apps want access to your contacts. Why? Usually for marketing purposes to build a better profile on you and your friends. Don’t install apps that require excessive permissions. Also, always install apps from a trusted source. This helps ensure the app isn’t fake or malicious.
  27. If You Are a Victim of Identity Theft:
    Report any identity theft immediately by following these steps:
    Contact the three major credit bureaus and have them place a fraud alert on your credit report.
    If a credit card was involved, contact the credit card company and have a new credit card with a new number issued.
    Contact your local law enforcement agency and file a report.
    File a complaint with the Federal Trade Commission.
    Document all conversations so you know whom you spoke to and when.
  28. One of the most effective methods you can use to protect kids online is to talk to them. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues, even going so far as to show them actual negative events that have taken place. If you don’t know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Quite often, kids love the idea of being the teacher and will open up
  29. JavaScript and other forms of active content are not always dangerous, but they are common tools for attackers. You can prevent active content from running in most browsers, but realize that the added security may limit functionality and break features of some sites you visit. Before clicking on a link to a web site that you are not familiar with or do not trust, take the precaution of disabling active content.
  30. Although you may be able to access your account from any computer, you need to make sure that the account is going to be available when you want to access it. Familiarize yourself with the service provider’s terms of service so that you know exactly what they have committed to providing you. For example, if the service ends or your account disappears, can you retrieve your messages? Does the service provider give you the ability to download messages that you want to archive onto your machine? Also, if you happen to be in a different time zone than the provider, you may find that their server maintenance interferes with your normal email routine.
  31. Scareware, such as ransomware and fake antivirus software, frequently use social engineering by making popup boxes look like messages from your computer. These messages try to look official and say things “System Warning!” and “Threats Found!” or “Your computer is infected. Click OK to remove the virus.” They hope you’ll click on the message, which allows the malware to be downloaded on to your computer. Often clicking anywhere on the message allows the malware to be downloaded, so instead hit the back button or on a Windows computer, use the Task Manager to close the popup window.

Leave a Reply