- Avoid questionable websites.
- Type in a trusted URL for a company's site into the address bar of your browser instead of clicking on links in an email or instant message.
- Avoid clicking on pop-ups, even to close them. Instead, close pop-ups from the system tray area with a right mouse click.
- Never click on unknown email links. Even when an email appears to be legitimate, mouse over the link to verify that the URL address is one you recognize and trust.
- Pay attention to the 'Reply To' address, even in emails that seem to be from someone you know.
- Never click on links to website logins, as they may redirect to fake login pages. If you need to, manually type the company's address into your browser so you know you're logging in to a page you trust.
- Never give out personally identifiable information like user IDs, passwords, birthdates, SSNs, addresses or password recovery information.
- Be wary of untrusted email attachments, and scan all attachments before opening them.
- Never respond to offensive messages or spam.
- Beware of scare tactics informing you of account validation processes or quota limits. Most online services will never ask for your username and password.
- Don't fall for enticing 'Prize Winnings,' 'Purchase Order' or 'Work Opportunity' scams. You are not the 999,999th visitor.
- Use a 12 character password rather than the minimum.
- Change passwords occasionally, or whenever there is a security concern.
- Never share your password with others.
- Never write down your password.
- Don't reuse passwords for multiple sites (bank, school, email, social media).
- Use DHS SecurePass for managing your passwords.
- Never enter passwords on entrusted web pages (look for a green padlock, or other indication of encryption security, in the address field).
- Use two-factor options when available.
Wireless Network Security
- First and foremost, reduce your computer's vulnerability by ensuring that your operating system and firewall software are up-to-date before connecting to any wireless network.
- Be aware that data sent through a insecure WiFi network is sent in the clear and can be intercepted.
- Wireless data is not limited to just the range of your computer. Hackers can increase their range by using amplified antennas to intercept the signal from greater distances.
- Be cautious about the wireless network you join. Wireless networks that require a network security key or password protect the information sent over the secured networks as the information is encrypted.
- Be careful about what information you are sending. Never send personal information such as a user ID, password, banking information or credit card numbers.
- Disable shared folders while you're using public WiFi; file and printer sharing enables computers on the same network to access resources on your laptop, leaving you vulnerable to hackers.
Mobile Device Security
- Set a device password. This is your first line of defense if your device falls into the wrong hands. This password should be at least 8 characters long, complex and unique. Change your password every 30 days, or whenever anyone else learns what it is.
- Enable inactivity time out. Set your device to turn itself off after no more than five minutes of inactivity.
- Enable Erase Data to automatically erase the device after ten failed pass-code attempts.
- Don't leave your device unattended. Be extra careful when travelling. One in twenty mobile devices is lost or stolen.
- Do not jailbreak. Only download apps from reputable developers in your device's app store.
- Keep your OS and all apps up-to-date. When your device is no longer supported with new updates, consider upgrading. And when your device has reached the end of its life with you, make sure it is erased or wiped before reassigning, replacing or returning it.
- Ask to join WiFi networks. Make sure your device isn't automatically connecting to open networks without your knowledge.
- Be smart about WiFi connections. Do not use untrustworthy hotspots. When using open WiFi hotspots, make sure that the data you are transferring is encrypted. Check site certificates on any web authentication page before entering your credentials.
- Turn off unused connection services. If you're not using Bluetooth, WiFi, VPN or Location Services, turn them off to prevent unauthorized connections.
This page has no comments.