Security Resources

README.md

Internet Safety

Kevin Bost

Security and Privacy

1. Privacy: Refers to how your information is used and controlled. It is often related to security but just because something is not private does not mean it is not secure.
2. Security: Refers to how refers to your information is protected. It is important to keep sensitive information secure.
3. Information that should be private
   • Financial information (Credit card number, account numbers, bank names, financial status)
   • Personal information (Social security number, family member names, driver’s license number, birth place)
   • Insurance information
   • Subscriptions, services, utilities

What to do if you are a victim

Review steps on https://www.identitytheft.gov/Steps

1. Contact the companies where the fraud occurred. Ask for a fraud department and explain that someone stole your identity.
2. Ask to have accounts closed, or frozen.
3. Change all access information (passwords, pin numbers, etc)
4. Put a fraud alert with the credit bureaus
   • Experian
     • https://www.experian.com/help
     • 1-888-EXPERIAN (888-397-3742)
   • TransUnion
     • https://www.transunion.com/credit-help
     • 1-888-909-8872
   • Equifax
     • https://www.equifax.com/personal/credit-report-services
     • 1-800-685-1111
5. Monitor your credit report (you can do it weekly)
   • https://www.annualcreditreport.com
   • 1-877-322-8228
6. Report the theft to the FTC
   • https://www.identitytheft.gov/assistant
   • 1-877-438-4338
   • If you choose to not create an account, you will need to print your Identity Theft Report
7. Optionally: File with local police department

Calls and Text Messages

1. The person who initiated the call must prove who they are to the person that they called.
2. Do not trust caller ID as proof of identity
3. Politely ask to call them back and return the call to a number that you verify, not one they provide
4. Government agencies will rarely call or text
   • https://www.irs.gov/newsroom/how-to-know-if-its-really-the-irs
5. Banks/Financial institution will never call you and ask for personal information. When you call them, they may ask you to provide them information.
6. Microsoft and Apple will never proactively reach out to you to provide unsolicited technical support
   • https://support.microsoft.com/topic/avoid-and-report-microsoft-technical-support-scams-392515fa-c630-b41d-2039-a637d5eaaec2
   • https://support.apple.com/en-us/102568
7. Never provide private information to any recipient you cannot verify
8. Never forward information to any recipient you cannot verify
9. Never allow anyone you do not trust to access your devices.
10. Be very wary of anyone trying to get you to install AnyDesk, TeamViewer, RemotePC, Zoho Assist

Web Sites

1. Never call a number you see in a popup message
2. Look for https, and the lock symbol in the website address. Verify the connection is trustworthy.
3. Identify the domain of the URL.

Email

1. Be skeptical of attachments, images, and links; when in doubt either confirm with the sender, or delete it.
2. Instead of clicking on links, access the site directly through saved bookmarks to validate information.
3. For legitimate businesses, use the unsubscribe link if you no longer wish to hear from them.
4. Mark emails as spam. Be extra cautious about things that were already flagged as spam.
5. Identify the domain of the sender.

Devices

1. Always install updates as soon as possible
2. Anti-virus
   • Windows Defender - built into Windows
   • Norton/McAfee – Fine but overpriced and often slow down your system
   • Comparisons between anti-virus options. https://www.av-comparatives.org/latest-tests/
   • BitDefender (recommended option) https://www.bitdefender.com/solutions/free.html (Windows, Android, macOS)
   • Malware Bytes https://www.malwarebytes.com/mwb-download
3. Wi-fi
   • Avoid using any wireless networks that do not require a password
   • When using a network with a password, consider who else might be using that same network.
4. Turn on two-factor (2FA) wherever possible. Two factor means to login you will need something you know (typically a password), and something you have (typically an authenticator app or phone number that can receive texts)
5. Set a pin number or password on your mobile device. Consider using biometrics (fingerprint or face identification) as a simpler way to login.
6. Use a password manager with a secure password
   • Bitwarden (recommended free option): https://bitwarden.com/products/personal/
   • Password1 (recommended paid option): https://1password.com/pricing
   • Check for stollen passwords with https://haveibeenpwned.com/
7. Remove un-used software
   • Windows: https://support.microsoft.com/windows/uninstall-or-remove-apps-and-programs-in-windows-4b55f974-2cc6-2d2b-d092-5905080eaf98
   • macOS: https://support.apple.com/102610
   • iPad/iPhone: https://support.apple.com/101550
   • Android: https://support.google.com/android/answer/13627402
8. Remove un-needed browser extensions
   • Chrome: https://support.google.com/chrome_webstore/answer/2664769
   • Firefox: https://support.mozilla.org/kb/disable-or-remove-add-ons
   • Microsoft Edge: https://support.microsoft.com/microsoft-edge/add-turn-off-or-remove-extensions-in-microsoft-edge-9c0ec68c-2fbc-2f2c-9ff0-bdc76f46b026
   • Safari: https://support.apple.com/102343

Summary

1. Be skeptical of any communication that you did not initiate
2. Do not give out sensitive information to anyone without confirming who they are
3. Practice good password hygiene
4. Keep your devices secured

Good password hygiene

1. Do not use the same password for multiple things
2. Do not use common password (abc123, Admin, password, etc)
3. Longer is better than more complex; consider using a sentence or phrase.
4. Consider using a password manager
5. Use Single Sign-On when possible
6. Avoid recovery question that can be easily guessed or discovered
7. Check your password at https://haveibeenpwned.com/Passwords to make sure it has not been compromised.

Additional Resources

CISA Cybersecurity Awareness Program