Cyber Security Tips

A tip a day for 30 days

---

#30 Teach your kids how to protect themselves online.

---

Let them know it’s okay to decline “friend” or “buddy” requests on social networking sites and Instant Messaging programs. In fact, remind them that they should decline such requests if they don’t really know the person.

Other kid safety tips:

• Place the computer in a common area of the house, and encourage your child or teen to ask you questions or show you something onscreen if anything makes them feel uncomfortable. They’re more likely to do this if the computer is out in the open.
• Draw up an “Internet Use Contract” with your child or teen. Agree to some clear,simple house rules and post them on or near the computer monitor. This is a natural way to start a dialogue about online safety, too.
• If needed, use tools like parental controls, content blocking, and monitoring software. While you want to be mindful of your child’s privacy, if you have reason to believe there may be an unsafe situation, it may be time to investigate these services.
• Most importantly, teach your kids “trust your gut.” If something doesn’t quite feel right, it probably isn’t.

---

#29 Use a password manager.

---

In general, it’s not a good idea to say “yes” when your browser asks you if you’d like it to save your password, especially when the computer you are using is shared.

Although it’s convenient, allowing your Internet browser to store your password can leave you vulnerable to criminals.

For example, some computer viruses can recover your passwords from your Internet browser and then email them to random people or post them publicly on the Internet.

But it is hard to remember a different password for every Web site you visit.

A better option is to use a password manager. There are several out there, but if you use the Firefox Web browser, you can set a super-secret “master” password for all your other passwords. That way, you don’t have to remember them all—just one.

You’ll just need to be sure you remember your master password—and never, ever, ever share it with anyone!

---

#28 Check that credit report!

---

By federal law, you’re entitled to one free credit report each year. So use it!

Credit reports contain information about you, including what accounts you have and your bill-paying history.

It’s a great way to watch for any unauthorized activity and stop identity theft before it gets too costly.

You can request all three versions of your credit report at once (from each of the three credit reporting bureaus) once a year.

Or, if you’re really organized, you can request each report one at at time, once every four months, so you essentially get year-round credit monitoring for free.

You’ll especially want to check your credit report a month or more before you make a big purchase such as a house or car, to be sure there are no surprises.

---

#27 Don’t leave your valuables unattended.

---

Yes, it may go without saying, but guard your valuables—both the tangible (like your purse, wallet, picture ID, and credit and debit cards) and intangible (like contact information, Social Security number, and birthdate).

Carry only the identification information and the credit and debit cards that you’ll actually need when you go out. Be cautious when responding to promotions, giveaways, and sweepstakes. Identity thieves may create phony promotional offers or steal your valid entry form to get your personal information.

Keep your purse or wallet in a safe place at work. Do the same with paper copies of administrative and medical forms that have your sensitive personal information. Keep your personal information in a secure place at home, too—especially if you have roommates, employ outside help, or are having work done in your house.

---

#26 Read the EULA.

---

Read through the end user license agreement (EULA) before clicking “I Accept” and installing unfamiliar software. Yes, it’s a pain...all that fine print!

But...if you don’t, you may be sorry. By law, the EULA is where companies disclose what they’ll do with your private information (if they share it at all, you may start receiving a lot of spam, for example); what other software they may be packaging with your download (beware—many times what’s packaged with it is essentially spyware!); and any hidden fees or costs.

And if you can’t find or can’t understand the EULA, think twice before proceeding: the program’s creator may be trying to hide something from you.

---

#25 Make the switch to safer Web browsing software.

---

If you’re like most of the world, you probably just use whatever browser came with your computer—probably Internet Explorer—to browse the Web. But did you know there are other Internet browser options that may be more secure?

While more secure versions of Microsoft’s Internet Explorer have been released in recent years, criminals and hackers will still likely target users of this browser for frauds and scams for a long time to come, since it’s still most predominantly used.

You’re less likely to be targeted for phishing scams and spyware and adware if you use something else to surf the Web.

For example, Mozilla’s Firefox is a terrific, free, more secure Internet browser for both PCs and Macs—and has handy-dandy “extensions” you can download for free to enhance your browsing experience that will make you wonder how you surfed with Internet Explorer for so long. You may just find you like it better!

---

#24 Beware of phishing—and vishing.

---

In the latest twist on phishing scams, criminals are now “vishing,” too.

In a vishing scam, a crook sends fraudulent email asking you to call a telephone number to “confirm” your personal information (rather than clicking on a link in email).

This type of scam still employs the usual false sense of urgency and often implies there might be an identity theft situation, encouraging recipients to call right away “to get everything all straightened out.” The phone number typically provided looks legitimate, too—either a 1-800 number or a number with a local area code.

The recipient, who may have heard about phishing scams and knows better than to click a dubious link in an email, feels more comfortable talking on the phone to “a real person.” That sounds so much more legit...

Once again, though, beware! Vishing is really just another phishing scam to get access to your personal information. If you get a message like this, call the organization directly—don’t use the number provided to you in the email.

---

#23 Watch out for spam—and spim.

---

Email isn’t the only thing that can bring you a phishing scams, viruses, spyware, or other electronic infections.

Unsolicited email messages (known as spam) have a close cousin—unsolicited Instant Messages (IMs), or “spim.”

So just as you should never click on links in emails, even when they appear legitimate, you should also avoid clicking on links in IMs you weren’t expecting. Those, too, could be phishing scams, or could give you a virus or spyware—or worse!

To avoid getting spammed and spimmed in the first place, closely guard your IM screen name and your email address. Treat them as personal, confidential information that you wouldn’t give out to just anyone.

Another smart option is to use a “throwaway” or free email address for junk mail and unimportant site registrations. This way, at least all the spam goes to one place!

---

#22 Evade telemarketers.

---

Avoid giving away information to telemarketers. Identity thieves may call you posing as legitimate enterprises such as your bank or a civic organization. So use caller ID, and if all else fails, just hang up—particularly if they seem to be fishing for your personal information, like your birthday. Phishing scams can start over the phone, too.

You can register on the federal government’s “Do Not Call” list to block telemarketing calls in the future. If you then receive such a call anyway, suspect it immediately.

---

#21 Don’t leave a paper trail.

---

Make it harder for identity thieves and easier on yourself by cutting back on unneeded paper. You’ll have less to shred if less of your private information is on paper in the first place!

Consider saving some trees and protecting your privacy by switching to online banking. Contrary to what many people think, this is very secure.

Consider that having 3 different 6-page statements with your bank and credit card account number(s) printed on each page sent to you in the mail every month is a juicy invitation for a criminal and a lot for you to have to shred each month. Your paper statements make your account information vulnerable while in transit, sitting in your mailbox, and then again once you’ve read them and thrown them away.

So if you’re comfortable using the Internet and can do it from a secure computer, online banking is a smart move.

---

#20 Take precautions when using wireless Internet.

---

If you don’t think twice about jumping onto whatever inexpensive or free wireless network is available—in airports, bookstores, and coffee shops, or even mooching off a neighbor at home—consider this: if it’s an “Unsecured Wireless Network,” it’s just as easy for a criminal to get on it as it is for you!

Unsecured wireless isn’t encrypted, so scammers could easily be logging the sensitive information you send over the network, such as logins, passwords, or credit card numbers. Plus, in a public place, someone could also “shoulder surf,” watching over your shoulder as you type.

So, avoid conducting your private business on public wireless!

---

#19 Follow the principle of least privilege.

---

Everyone in your household should have computer accounts with as few privileges as necessary for them to work productively.

Both Windows XP and Mac OS X allow you to set “User” and “Administrator” accounts—which have varying levels of “privileges” and access. In case of a virus or other malicious software attack, the damage may be less severe if being operated by a limited User account.

That’s why parents may want to consider setting kids’ accounts as Users. This way, parents can control what kids see online, protect critical files, and minimize damage from electronic infections.

Setting up User and Administrator accounts is pretty straightforward, too.

---

#18 When sharing is a bad thing.

---

Save your online errands—such as shopping, banking, and bill payment—for your own computer.

Conducting your private business on shared computers, such as the ones available at Internet cafés, libraries, hotels, and other public places, can be very dangerous.

Hackers can install keylogger hardware or software, capturing everything you type before it’s encrypted. Or, scammers could just “shoulder surf,” watching you type logins, passwords, and account information—even using their cell phone camera to photograph your screen!

It’s more common than you think. So, better safe than sorry.

---

#17 Headed out of town? Take care of business first.

---

Take a break from packing for your trip to make sure you’ve protected yourself from identity theft.

Don’t let your mail sit in your mailbox, even if you’re away for just a few days. A criminal would love to snatch those pre-approved credit offers and “convenience checks“ sent to you, open a credit card in your name, or go on a shopping spree that will cost you money and destroy your good name.

So, take a moment to visit www.usps.com to request a vacation hold before you leave town. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.

Don’t advertise that you’re not home and invite criminals to take a peek!

---

#16 Think before you click.

---

Change your Internet habits when you surf—always think before you click. It’s one of the best ways to protect yourself online.

Don’t click links in emails, Instant Messages (IMs), and pop-up advertisements. Be cautious about clicking links and downloading from people’s social networking site profiles.

And download free stuff only from sites you know and trust—so think twice about peer-to-peer (P2P) filesharing networks! Also, never install any software without knowing exactly what it does. You could end up with spyware, adware, or worse!

---

#15 Make better passwords.

---

If you’re like most people, your password is just something easy to remember like your pet’s name or favorite sports team, and then maybe a number. And you use the same password for everything.

But criminals have many ways of getting your password, and making it super easy for them to guess or crack just isn’t smart. Check out these tips for making better passwords.

---

#14 Be vigilant about protecting your loved ones from phishing scams.

---

Even if you know better than to click links in those “phishy” emails, make sure your family members do, too.

Consumers over age 60 and students are the two most targeted groups for phishing scams—the first because they’re likely to be too trusting and unfamiliar with the Internet; the second because they’re likely to feel invincible and to conduct almost all their personal business online.

So, warn your loved ones that they are targets. Remind them that no matter how convincing an email or pop-up message may seem, it’s probably not legitimate. They should never click such links, and if they are worried the message is real, tell them to contact the company directly instead.

You may be the only thing that stands in the way of them becoming a victim of identity theft!

---

#13 Run those scans.

---

Make sure you configure your anti-virus program to check for updates daily and run complete scans of your hard drive weekly. Also, schedule your anti-spyware software to run scans every week.

Then, if a scan finds infected or suspicious files, you will have to review the results and decide what to do with the identified files. You may opt to ignore, remove, or quarantine them. But such regular maintenance is essential for privacy protection and better computer performance.

Yes, it’s a pain to have to do this all the time, but at least you you can set your scans to run automatically!

---

#12 Know what to look for when shopping online.

---

Online shopping is great. But protect yourself by always checking for three things on the checkout or order page:

• First, the “plural URL.” The site’s checkout page should have an “https” instead of “http” at the beginning of the Web address.
• Second, a closed padlock or unbroken key. One of these should appear in the bottom or top window frame of your browser, letting you know your personal information will be encrypted.
• Third, the Web address generally. If the URL changes from what you would expect in the course of your transaction, log out immediately and shop elsewhere.

---

#11 Use anti-spyware and adware programs.

---

When you download and install software onto your computer, other applications may creep into your system as add-ons, without your knowledge.

Like viruses, these adware and spyware programs can sneak onto your hard drive with little or no warning, and hide their tracks in ways that make it difficult for even the most sophisticated computer users to find and delete permanently.

Gather enough of these unwanted add-ons, and they will slow down your computer significantly. What’s more, these intrusive applications can invade your privacy by sending information about you to strangers. They can even render your computer vulnerable to attack.

So, get and use at least two malware removal tools regularly.

---

#10 Don’t use your computer for a night light.

---

Turn off your computer or disconnect from the network when you’re not using it. Every minute your computer is connected to the Internet, either through broadband (DSL or cable) or a dial-up or connection, it’s at risk.

In fact, if you’re using broadband, you face a greater threat than if you used dial-up, since you are continually connected to the Internet. With an "always on" connection, such as cable or DSL, your computer may be vulnerable even when you think you’re no longer connected to the network.

Bottom line: use a firewall anytime you’re online, and disconnect from the network or power off your computer anytime you’re not.

---

#9 Protect your private information on paper, too.

---

To thwart an identity thief who may pick through your trash or recycling bin to capture your personal information, burn, tear, or shred receipts, insurance forms, checks and bank statements, expired charge cards, and all those pesky credit card offers you get in the mail.

For even greater security, you can opt out of receiving such offers in the first place. Just call 1-888-5-OPTOUT. Note that you will be asked to provide your Social Security number when you call. Check out these other tips to protect your privacy on paper.

---

#8 Be cautious about revealing your personal information on the Internet.

---

Before you share your contact information, daily routine, and personal attributes on your blog or on popular social networking sites like Facebook, MySpace, Friendster, Flickr, Blogspot, and Xanga, stop and think. You could be putting your safety— and your future—at risk.

Never forget: the words and pictures you post on the Internet may be available for years. Your profile may be viewed not only by your friends, but also by identity thieves, spammers, and stalkers—as well as future employers and school admissions counselors.

You don’t need to advertise to the world what you’re doing or where you live. And once you publish something online, it is available to other people and to search engines. You can’t retract it!

---

#7 Back up your files regularly.

---

No, it’s not fun or exciting. But if you get a virus or other electronic infection and your system crashes or has to be wiped clean, you’ll be so glad you did.

Make copies of essential documents, photos, music files—anything you would be distraught to lose. You can use a variety of media—CDs, DVDs, thumb drives or “memory keys,” external hard drives, a server or Internet site that allows you to store documents, etc. Also, be sure to keep any software CDs that came with your computer, in case your hard drive is ever wiped clean and you have to reinstall everything from scratch.

If your hard disk fails—and if you use it long enough, eventually it will—you’ll need those backups!

---

#6 Beware of digital hitchhikers: don’t open emails from unknown sources.

---

Computer files are like people—there are some nice ones, and some not-so-nice ones, and you can’t tell the difference by just looking at them. So it’s a bad idea to put one on your computer if you don’t know where it’s been.

By now, most people know not to open email attachments that are from unfamiliar senders—and even to use caution when opening attachments from friends and family.

But downloading files from Web pages, social networking sites, Instant Messages (IMs), or peer-to-peer file-sharing networks can also be risky. Each time you encounter a new file, judge the reliability of the source before loading it on your computer. It might contain a virus or other electronic infection. Better to be cautious.

---

#5 Don’t share passwords with anyone, ever. Even family.

---

If you need someone to read your email, many email programs allow you use a “delegates” feature to enable certain persons do so without using your password. Check with your email provider.

Some types of exploits aren’t possible if the bad guy can’t guess the password. So, you should learn what makes a good password, create ones you can remember, and change your passwords if you think they might have been compromised.

---

#4 Don’t click on links in emails, even when they appear to be legitimate.

---

If you receive an email that appears to come from a legitimate source, like your bank or some other reputable company, but the message—which may look very authentic—instructs you to follow an enclosed Web link, beware! It may actually be a phishing scam, and the link may send you to a counterfeit Website that looks like the real one. Fall for a phishing scam, and could give away the keys to your financial accounts, your personal information, and your computer.

Remember, if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” And if you’re concerned that the message might be legitimate, and you need to do act immediately, contact the organization directly to inquire.

Also, make sure your loved ones—particularly students and senior citizens—know not to click links in emails as well. Criminals target these groups for phishing scams.

---

#3 Update your anti-virus software often.

---

You are not just protecting yourself when using virus software, but also others you communicate with. So, if you’ve let that anti-virus subscription lapse, you should renew it—today! You can get anti-virus software at low or not cost from many sources.

Also, many people don’t realize that there is a proper way to use an anti-virus program. Just having anti-virus software loaded on your computer is not enough.

You must keep the software up-to-date by running virus scans weekly, renewing your virus definitions file daily, and quarantining files as needed. If that sounds like a lot, don’t panic: most modern anti-virus software allows you to automate most of the work.

Remember, new computer viruses show up all the time, and your anti-virus protection is only as good as your last update!

---

#2 Use a firewall.

---

You can use a hardware or software firewall, or both.

The hardware kind are external devices that can be bought at most electronic stores for less than $100. Also, many Internet Service Providers (ISPs) offer routers that also include firewall features. (Check with your provider to find out about yours).

In addition, most operating systems (such as Windows XP, Mac OS X, or Linux) include a built-in software firewall. If yours does, activate it to add another layer of protection—even if you have an external hardware firewall.

Firewalls protect you from all sorts of intruders and attacks.

---

#1 Keep your application software and operating system up-to-date.

---

The mummy lives! If the software on your computer is old enough to live in a sarcophagus, it’s time to make a change. That’s because the older a program gets, the more opportunities hackers have to find the security holes in it.

So if the application software on your computer (Internet browser, word processor, graphics software, even your anti-virus program) is more than a few months old, check out the vendor’s Website for upgrades or patches that can make the program safer to use. And keep checking back periodically! Holes in such programs can be exploited by hackers and your whole computer could be compromised.

Do the same for your operating system (OS), the program on your computer—such as Windows XP, Mac OS X, or Linux—that runs all the other programs. Keeping your OS up-to-date is absolutely critical for safe computing.

Think that your OS is already current? Don’t be so sure. Microsoft and Apple have both released critical security patches quite recently! So, be sure your computer is configured to automatically update its OS, so you don’t have to remember to keep checking.