Awareness : Security Awareness Tips

How to Protect Yourself Online

With the multitude of security breaches and increasing concerns regarding the collection of personal information, here are a few suggestions on ways to keep your personal information more secure when you go online:


  • Social Media and Privacy. Don’t post anything you wouldn’t want to see on a billboard ad.  Assume that everything you put on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer. Use tight privacy controls to manage who can see your profile or photos.  Read the privacy policy for the website or app. Understand that the site/app can change its policy at any time and it’s up to you to read and understand the changes. A common way that hackers break into financial or other accounts is by clicking the “Forgot your password?” link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, pet’s name, home town, high school or mother’s middle name. If the site allows, make up your own password questions, and don’t use answers that anyone could find with a quick search.
  • Use Trusted Security Software Packages. An essential practice is to use trusted security software packages (with anti-virus, personal firewall, anti-spam, and spyware detection features) for those who engage in online activity, especially financial transactions of any type. This software may come pre-installed on a new computer or device, can be downloaded from your ISP or software company websites, or purchased in retail stores.  Since malicious individuals continually come up with new viruses and spyware, your software needs to be updated regularly.  Make sure the computer, tablet or smart phone you are using has the latest security patches. Security patches are frequently released by Apple, Microsoft, Adobe, Oracle (Java) and other vendors. Signs that your computer/device may be infected include slowing, repeated error messages, increasing numbers of pop-up ads, or going to websites other than the one you intend. Scan your computer/device regularly, and contact your security software provider or seek other professional help if you find problems you can’t solve.
  • Verify Secure Websites. The website address of a secure website connection starts with “https” instead of just “http” and has a key or closed padlock in the status bar.
    Even if a web page starts with “https” and contains a key or closed padlock, it’s still possible that it may not be secure. Some cyber-criminals create “spoofed websites” which appear to have padlocks. To verify, click on the padlock icon on the status bar to see the security certificate for the site. Following the “Issued to” in the pop-up window you should see the common name matching the site you think you’re on. For example the common name should be if you are on Yahoo. If the name differs, you could be on a spoofed site.
  • Be Careful What You Download. When you download a program or file from an unknown source, you risk loading malicious software programs on your device. Fraudsters often hide these programs within seemingly benign applications. Think twice before you click on a pop-up advertisement or download a “free” game, gadget or app. Many “free” apps for smart phones and tablets have the ability to track your on-line activities including your location.
  • Don’t Respond to Emails Requesting Personal Information. Legitimate entities will not ask you to provide or verify sensitive information through a non-secure means, such as email. Even though a web address in an email may look legitimate, fraudsters can mask the true destination. Rather than merely clicking on a link provided in an email, type the web address into the browser yourself (or use a bookmark you previously created). Especially for financial institutions (banks, credit card companies), if they actually need information from you, call the company yourself - using a known, trusted number (e.g. number on your credit/debit card, statement), not the one the email provides!
  • Be Smart About Your Password. The best passwords are ones that are difficult to guess. Try using a password that consists of a combination of numbers, letters (both upper case and lower case), punctuation, and special characters. You should change your password regularly and use a different password for each of your accounts. Do not use the same password for your social networks, email accounts and bank/credit cards. Don’t share your password via email. When resetting your password via an online option, change it immediately. You also shouldn’t store your password on your computer, unless it is encrypted via a secure password application. Many companies now offer an additional option to verify your identity at logon, such as a security token or text to your smart phone. Consider using these options for your banks, credit cards and other high value accounts.
  • Use Extra Caution with Wireless Connections. Wireless networks may not be as secure as wired Internet connections. Many “hotspots” - wireless networks in public areas like airports, hotels and restaurants reduce their security so it’s easier for individuals to access and use these wireless networks. These networks may also attract cyber-criminals who may attempt to intercept or eavesdrop on your communications. Some Wi-Fi networks can appear to be legitimate like a wireless network called “Hilton” or “McDonald’s”, when in fact it is a fake. You can learn more about security issues relating to wireless networks on the website of the Wi-Fi Alliance.
  • Log Out Completely. Closing or minimizing your browser or typing in a new web address when you’re done using your online account may not be enough to prevent others from gaining access to your account information. Instead, click on the “log out” button to terminate your online session. In addition, avoid allowing your browser to “remember” your username and password information.

For More Information