With the start of the school year comes the increased use of computers and the Internet at home, school and on the go. At Microsoft’s Safety and Security Center, you can find resources in their Family Safety Center on setting rules of online safety, online bullying, social media use, playing games online and using tech on the go. Each topic area provides tips, resources and tools you can use to help your kids stay safe online. This information is also available in eleven languages, including Chinese, Korean, Russian and Spanish.
Previous generations didn’t need to have “the digital talk” but in a world where what goes online stays online, it’s essential. Here are eight tips for the college-bound from our City of Seattle Office of Information Security:
1. The Internet is forever – Think about future employers, including those coveted summer internships. Don’t post anything online, including inappropriate photos, which would make a future employer think twice about hiring you. Good judgment is something employers look for, show that you have it.
2. Don’t add your address to your Facebook profile – Keep your address private. Anyone who needs your address can get it from you directly.
3. Don’t broadcast your location – Go ahead and check-in at your favorite coffee place and post photos of you and friends at a concert. Just do it sparingly. People don’t need to know where you are all the time or when your dorm room or apartment might be empty.
4. Don’t “friend” people you don’t know – Be choosy when it comes to friending people on social media. Just because someone sends you a friend request doesn’t mean you have to accept it—especially if you have no idea who they are.
5. Guard your social security number – Your social security number is a winning lottery ticket to a fraudster. It is the key to stealing your identity and taking over your accounts. Keep your social security card locked away in a safe place. Memorize the number so you can minimize using the card itself. Question anyone who asks for your social security card. Employers, banks, credit card companies and the department of motor vehicles are some of the few legitimate entities who may need your social security number. Never give it out online or in email.
6. Don’t use the same password everywhere – All your accounts need a password, but not the same one. Consider using an all-in-one password manager. If you choose this option make sure that you log out of the service when not in use. Get in the habit of locking your computer and shutting it off at night.
7. Beware of emails phishing for personal information – Be very wary of any email with a link that asks you to disclose your credit card details, username, password or social security number. These emails can look official but no bank, or other legitimate business, should email asking for this information.
8. Be Wi-Fi savvy and safe – Free Wi-Fi at coffee shops, libraries and restaurants make these great places to hang out and study. However, free comes at the cost of security. Unsecured networks create the risk of identity theft and other personal information being stolen. Make sure sites you visit use encryption software (website addresses start with https:// and usually display a lock in the browser address bar) to block identity thieves when using public Wi-Fi. Additionally, be careful to avoid using mobile apps that require credit card data or personal information on public Wi-Fi as there is no visible indicator of whether the app uses encryption. In general it’s best to conduct sensitive transactions on a secured private network or through your phone’s data network rather than public Wi-Fi.
Once upon a time, all software had to be directly installed onto computers—but more and more, vendors are hosting software that users access via the Cloud. Maybe you use Google Drive or Dropbox, Office 365, or a Cloud-based database. Maybe you’re interested in what such hosted services offer, but are worried about the security risks. Moving to the Cloud is not for everyone–how do you know if it’s right for your organization? The answer is simple: by evaluating it against your own particular needs.
Idealware.org, a nonprofit organization helping nonprofits make smart software decisions, has created a free new workbook, Should Your Organization Consider The Cloud, to help you to make decisions about using cloud software.
Read the full article here and receive your free copy of help to get you started.
Heading out of town? Make sure you come back with a nice post-vacation glow and not a case of identity theft. Here are some things you can do to lessen the chances you’ll be a victim.
Limit what you carry. Take only the ID, credit cards, and debit cards you need. Leave your Social Security card at home. If you’ve got a Medicare card, make a copy to carry and blot out all but the last four digits on it.
Know the deal with public Wi-Fi. Many cafés, hotels, airports, and other public places offer wireless networks — or Wi-Fi — you can use to get online. Two things to remember:
- Wi-Fi hotspots often aren’t secure. If you connect to a public Wi-Fi network and send information through websites or mobile apps, the info might be accessed by someone it’s not meant for. If you use a public Wi-Fi network, send information only to sites that are fully encrypted (here’s how to tell), and avoid using apps that require personal or financial information. Researchers have found many mobile apps don’t encrypt information properly.
- That Wi-Fi network might not belong to the hotel or airport. Scammers sometimes set up their own “free networks” with names similar to or the same as the real ones. Check to make sure you’re using the authorized network before you connect.
Protect your smartphone. Use a password or pin, and report a stolen smartphone — first to local law enforcement authorities, and then to your wireless provider. In coordination with the Federal Communications Commission (FCC), the major wireless service providers have a stolen phone database that lets them know a phone was stolen and allows remote “bricking” so the phone can’t be activated on a wireless network without your permission. Find tips specific to your operating system with the FCC Smartphone Security Checker at fcc.gov.
ATMs and gas stations — especially in tourist areas — may have skimming devices. Scammers use cameras, keypad overlays, and skimming devices — like a realistic-looking card reader placed over the factory-installed card reader on an ATM or gas pump — to capture the information from your card’s magnetic strip without your knowledge and get your PIN. The FBI offers tips to avoid being scammed by a skimmer.
Watch that laptop. If you travel with a laptop, keep a close eye on it — especially through the shuffle of airport security — and consider carrying it in something less obvious than a laptop case. A minor distraction in an airport or hotel is all it takes for a laptop to vanish. At the hotel, store your laptop in the safe in your room. If that’s not an option, keep your laptop attached to a security cable in your room and consider hanging the “do not disturb” sign on your door.
Still, despite your best efforts to protect it, your identity may be stolen while you’re traveling. Here’s what you can do.
All eBay users should change their passwords immediately. Due to a security breach, customer account information for eBay’s millions of users has been compromised. To reset your password, here is the eBay password-reset page link .
In a post yesterday on the company’s official blog, eBay said the “database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. ” You can read the rest of the blog here.
According to reports and the company, the breach did not affect PayPal systems. However, eBay and PayPal are affiliated entities and you might also consider changing your PayPal password. It is always best to use a unique password for every online account.
Users should be especially wary of “phishing” attacks. Just like during other major events, criminals will use keywords such as “eBay” and “password change” to lure victims into clicking malicious links in emails. Don’t get tricked – never click links in emails. Instead, type the website name into your browser for safety.
Read more City of Seattle Department of Information Security tips at TechTalk.seattle.gov
Maybe you opened an e-mail attachment you shouldn’t have and now your computer has slowed to a crawl and other strange things are happening. Or perhaps you’re running an out-of-date, or unpatched, operating system software (such as Windows XP) and have started to see “antivirus warnings.” Perhaps your bank called, informing you that there has been some unusual activity on your account. Your friends and family may start complaining about spam messages they are purportedly receiving from you. These are all signs that your computer may have been hacked.
If your computer system has indeed been compromised and infected with a virus or other malware, you need to take action to protect your data and prevent your computer from being used to attack others.
Secure Your Computer
Ensure your computer is current with all available patches, fixes, and upgrades. If you do not have your operating system set to automatically update, do so now by visiting your operating system’s website and following the instructions. Links are provided here for Windows users and Mac users. (In addition, note that support for Windows XP ends effective April 8, 2014. The end of support for Windows XP means that Microsoft will no longer provide new security updates and will therefore become a significant security risk. It is recommended that anyone using Windows XP migrates to products that are supported, such as Windows Vista, Windows 7 or 8.)
Your computer’s security software should also be up-to-date. To check status, click on the icon for the security program on your system. If an update is needed, it will be indicated here. If you don’t have security software installed, you need to get it. Make sure you have anti-virus and anti-spyware software installed and a firewall enabled.
Confirm that your browsers are up-to-date. Tools such as Qualys BrowserCheck or WhatBrowser can help assess status.
Secure Your Accounts
You probably access numerous online accounts, including social media, banking, news sites, shopping, and others. If you’ve been hacked, there is a chance that important passwords have been stolen. Reset your passwords for your critical accounts first, starting with your email account, followed by financial and other critical accounts. It is important to start with email accounts, since password resets for all of your other accounts are typically sent to your email.
Use separate and unique ID/password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis. If you are unable to log into one of your accounts, contact the service provider or website immediately. Most online providers include an online form, an email address to contact, or a phone number to call.
Secure Your Mobile Device
Our increased reliance on smart devices–including mobile phones and tablets–for everyday activities has resulted in an increased number of hacking attempts against these devices. As we do with our personal computers, we have to ensure that the proper steps are taken to protect our information and devices. This includes installing security software, where available, and keeping all installed software up-to-date.
For More Information
You’ve been hacked, now what? http://www.net-security.org/article.php?id=1827
Your Email’s Been Hacked! Now What? http://identitysafe.norton.com/blog/blog/2013/06/03/your-emails-been-hacked-now-what/
You Got Hacked! What Now? http://www.pcmag.com/article2/0,2817,2403134,00.asp
I’ve Been Hacked! Now What? http://netsecurity.about.com/od/disasterrecovery/a/I-Ve-Been-Hacked-Now-What.htm
You’ve been hacked! Now What? http://www.doit.wisc.edu/youve-been-hacked-now-what/
Sign up for Microsoft’s free, monthly email security newsletter that’s packed with valuable information to help you protect your home computer. This newsletter provides practical security tips for you and your family, useful resources and links, and a forum for you to provide feedback and ask security-related questions.
Available in text and HTML formats, the newsletter is a convenient way for you to stay up to date on the latest issues, insights, and events with:
- How-to articles and security tips
- Security bulletins and critical updates
- Answers to frequently asked questions on security topics
- Information about security trials and downloads
- Articles on helping to keep kids safe online
- Tips from our Security Community for Home Users
The City of Seattle’s Office of Information Security is recommending Apple users immediately update their iPhones and iPads to versions 7.0.6 or 6.1.6, preferably using a non-public network, after Apple announced a major vulnerability allowing hackers to intercept and alter communications.
Apple has not released any patches yet for OS X, so Mac users should avoid using public networks, a step that can thwart many criminal eavesdroppers.
To patch your iOS device(s):
- Run “Software Update“ from your device’s “settings” menu – OR -
- Connect your device to your personal computer, open iTunes, select the device you just connected, and click the “Check for update” button.
Read more on our TechTalk blog: here.
Keeping kids safe while online is everyone’s job. Through Get Net Wise, you will find an Online Safety Guide, safety tips for kids, teens and families, and gain a better understand of the risks that youth face when online. There are tools that break down safety concerns and consideration by age and kid-friendly sites as well. Get Net Wise is endorsed by the United States Computer Emergency Readiness Team, otherwise known as US-CERT, a trusted global leader in cybersecurity.
Mashable brings together changes you can make that will help keep your information secure in 2014.
- Update Security Often: We all emit that groan of despair when our computers need to update their software, but in reality, it’s necessary to keep them running.If you don’t update your security software frequently, it’s easier to get malware or trojan horses that could steal your information and harm your computer. Most programs will schedule updates, but making it a part of your routine is helpful. Set aside ten minutes on a less busy day to update the definitions while you wait for that pizza you ordered or before you brush your teeth.
- Schedule Back-Ups to an External Hard Drive: Let’s be honest, backing up your hard drive is the last thing on your to-do list. The only thing that seems to jog your memory is when your computer refuses to turn on, and you realize you haven’t backed anything up for six months. Too little, too late.Like the security software update, make it a part of your routine. Set aside some time while watching Netflix or reading news online. If you use services such as Time Machine, you can schedule updates, but otherwise you’ll have to do manually.
- Stop Reusing Passwords: It’s easy to fall into the habit of using the same generic password for all of your online profiles and pages, especially since writing them down is ill-advised. But having the same password for every account can put your entire online presence at risk, since a person only needs to guess correctly once to access them all.Create passwords with numbers, letters and symbols to add diversity, and use a random password generator for a unique combination. If remembering them all is too much work, use one of these password tools.
- Use Secure WiFi Networks: The WiFi from the local coffee shop, public park or bookstore seems safe enough, but if you see a network with a dubious name (like “Free Public WiFi”) that doesn’t require a password, you’re better safe than sorry. Even if you’re using a network you can trust, there are some best practices you should adopt: Use the secure browsing extension, turn off sharing and change your settings so you don’t automatically log into WiFi hotspots.
- Stay Up-to-Date on Your Privacy Settings: Technology is all about change, so whenever a social network undergoes a major update, the privacy settings may have also changed. This means that your once-hidden and private profile could be out in the open for others to see.Check your own settings regularly, keep an eye out for major site changes or news of a settings update, and learn how to hide your profile again.
- Stop Throwing Out Busted Tech: Not only is trashing your tech terrible for the environment, it’s potentially dangerous for you. Old tech can still retain important information, so whoever picks up your old computer off the curb might able to grab sensitive information you thought you erased ages ago.A much better alternative is to recycle your products. It’s less convenient, but there are plenty of resources to help you.
- Keep the Clutter Off Your Computer: It’s common to let emails accumulate in your inbox or leave files on your desktop. But there will come a point in time when you’ll have to find key content hidden among the mess, and it will be significantly harder to find.With some good, old-fashioned organization skills, it’s possible to maintain a clutter-free digital life. For emails, answer or delete messages as soon as you can, sort them so you can find important ones faster and download productivity plugins. Save files to appropriate folders when you first create them, and delete duplicates or old files whenever you see them.