The most recent SANS Institute Security Awareness Tips
Updated: 23 min 45 sec ago
You may not realize it, but you are a target. Your computer, your work and personal accounts and your information are all highly valuable to cyber criminals. Be mindful that bad guys are out to get you.
The first step to creating a cybersecure home is to start by securing your WiFi Access Point. Change your WiFi Access Points default adminstrator password to something only you know. Many WiFi Access Points or WiFi routers are shipped with default administrator passwords that are publicly known and posted on the Internet. The first step to creating a cybersecure home is to start by securing your WiFi Access Point. Change your WiFi Access Points default adminstrator password to something only you know. Many WiFi Access Points or WiFi routers are shipped with default administrator passwords that are publicly known and posted on the Internet.
Be careful with email auto-complete. This is an email feature that automatically completes a name for you when you begin typing it in the TO field. However, your email client can easily complete the wrong name for you. If you are emailing anything sensitive, always be sure to check the TO field a second time before hitting the send button.
Ransomware is a special type of malware. Once it infected your computer, it encrypts all of your files and demands you pay a ransome if you want your files back. Be suspicious of any emails trying to trick you into opening infected attachments or click on malicious links, common sense is your best defense. In addition. backups are often the only way you can recover from ransomware.
When shopping online, always use your credit cards instead of a debit card. If any fraud happens, it is far easier to recover your money from a credit card transaction. Gift cards and one-time-use credit card numbers are even more secure.
Using technology securelly can be overwhelming or confusing, especially for those who did not grow up with it. When helping secure those who are uncomfortable with technology focus on just the basics - 1) be aware of social engineering attacks 2) secure your home network 3) keep your systems updated 4) use strong, unique passwords 5) backup your key personal data.
When attending a video conference, make sure you are using the latest version of the conferencing software. In addition, if you are using the video option make sure there is nothing sensitive behind you that others would see.
If possible, have two computers at home -- one for parents and one for kids. This way they can't accidently infect your computer. If you are sharing a computer, make sure you have separate accounts for everyone and that kids do not have privileged access.
More and more scams and attacks are happening over the phone. Whenever you get an urgent phone call on the phone pressuring you to do something (such as a caller pretending to be the tax department or Microsoft Tech Support) be very suspicious. It's most likely a scammer trying to trick you out of money or pressure you into making a mistake. Protect yourself, simply hang up the phone or tell the person you can't help them. You are not being rude, the person on the other line is trying to take advantage of you.
Eventually, we all get hacked. The bad guys are very persistent and we can all make a mistake. If you suspect you have been hacked never try to fix the situation, instead report it right away. If you try to fix the situation, such as paying an online ransom or deleting the infected files, not only could you stil be hacked but you are most likely causing far more harm than good.
The Dark Web is a network of systems connected to the Internet designed to share information securely and anonymously. These capabilities are abused by cyber criminals to enable their activities, for example selling hacking tools or purchasing stolen information such as credit card data. Be aware that your information could be floating around the Dark Web, making it easier for cyber criminals to create custom attacks targeting you..
Make sure you have anti-virus software installed on your computer and that it is automatically updating. However, keep in mind that no anti-virus can catch all malware; your computer can still be infected. That is why it's so important you use common sense and be wary of any messages that seem odd or suspicious.
Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information.
Technology alone cannot protect you. Bad guys are constantly developing new ways to get past firewalls, anti-virus and filters. You are the best defense against any attacker.
Bad guys are targeting your social media accounts. One of the most effective ways you can protect them is with a unique, strong password called a passphrase. Enabling two-step verification (if your social media site offers it) is even better.
Do you plan on giving away or selling one of your older mobile devices? Make sure you wipe or reset your device before disposing of it. If you don't, the next person who owns it will have access to all of your accounts and personal information.
Virtual Private Networks (VPN) create encrypted tunnels when you connect to the Internet. They are a fantastic way to protect your privacy and data, especially when traveling and connecting to untrusted or unknown networks, such as at hotels or coffee shops. Use a VPN whenever possible, both for work and personal use.
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.
Two-step verification (also called two-factor authentication or 2FA) is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. At a minimum enable two-step verifcation for your most important accounts such as emai, financial and retirement accounts.
What happens to our digital presence when we die or become incapacitated? Many of us have or know we should have a will and checklists of what loved ones need to know in the event of our passing. But what about all of our digital data and online accounts? Consider creating some type of digital will, often called a "Digital Inheritance" plan.