Online Computer Security TIPS
Total Page:16
File Type:pdf, Size:1020Kb
Personal Security
Courtesy FBI Police
TIP #1 – Safety in and around Banks, Parking Lots & Shopping Centers
- Be aware of your surroundings.
-`Lock vehicle doors and roll up windows. Store valuables out of sight (i.e. trunk) Report all thefts to the police as soon as possible. If someone tries to hijack your vehicle, do not resist if there is potential for injury to yourself or others.
- Always park your vehicle by backing into a parking spot, into a driveway or pull through a parking spot so you have a quick means of exiting a potentially dangerous situation. Additionally, having a car with remote door locks is invaluable. Always unlock your doors as you approach your vehicle so you can make a quick entry into your vehicle. Fumbling or rummaging around a purse or in your pockets looking for your keys heightens your risk and slows down a quick exit from a dangerous situation.
- Do not make yourself a target by wearing expensive- looking jewelry, counting money in public, or carrying too many packages.
- Before using an ATM machine, check your surroundings. Put money away before leaving, and, if possible, use ATMs inside buildings.
- Be aware of pickpockets. Women should carry a purse with a zipper or snaps close to the front of the body. Do not leave a purse unattended. Men should carry wallets in their front pants pockets, not the back pants or jacket pockets. Do not pat the location of the wallet because this will indicate where your money is. Separate money from the wallet (i.e. money clip)
- Shred all documents that contain your address, account numbers or personal information before disposing in the trash. Credit card applications received in the mail should be shredded before discarding. Scam artists have retrieved discarded applications thousands of times from the trash and filled them out for criminal purposes. This is a common form of mail fraud and identity theft.
- Shred old billing statements after 12 months. There is no legal reason to hold on to a billing statement for a period longer than 12 months. Shredding old billing statements before discarding protects your account information as well as personal information.
-
Online Computer Security TIPS
Courtesy of “Stay Safe Online”
TIP #1 - Protect your personal information. It's valuable.
Why? To an identity thief, it can provide instant access to your financial accounts, your credit record, and your other personal assets.
1 If you think no one would be interested in your personal information, think again. The reality is that anyone can be a victim of identity theft. In fact, according to a Federal Trade Commission survey, there are almost 10 million victims every year. It's often difficult to know how thieves obtained their victims' personal information, and while it definitely can happen offline, some cases start when online data is stolen. Visit www.consumer.gov/idtheft to learn what to do if your identity is stolen.
Unfortunately, when it comes to crimes like identity theft, you can't entirely control whether you will become a victim. But following these tips can help minimize your risk while you're online:
If you're asked for your personal information – your name, email or home address, phone number, account numbers, or Social Security number – learn how it's going to be used, and how it will be protected, before you share it.
Don't open unsolicited or unknown email messages. If you do get an email or pop-up message asking for personal information, don't reply or click on the link in the message. To avoid opening such messages, you can turn off the "Preview Pane" functionality in email programs, and you can set your default options to view opened emails as plain text to avoid active links or pop-ups in the messages. Most importantly, do not to respond to solicitations for your personal or financial information. If you believe there may be a need for such information by a company with whom you have an account or placed an order, contact that company directly in a way you know to be genuine. Never send your personal information via email because email is not a secure transmission method.
Most email programs have email filters built-in to the application. The links on the left hand side of this webpage contain video tutorials that'll show you how to set your email filters, so you can limit the amount of unsolicited email you receive. If you are shopping online, be careful about providing your personal or financial information through a company's website without taking measures to reduce the risk. There are some indicators that show vendors have taken measures to secure their sites such as a lit lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you, whether they provide and/or sell your information to third parties, and what security measures the company takes to protect your information. If you don't see a privacy policy – or if you can't understand it – consider doing business elsewhere. TIP #2 - Know who you're dealing with online.
And know what you're getting into. There are dishonest people in the bricks and mortar world and on the Internet. But online, you can't judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know whom you're dealing with. If you're shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.
Phishing — bait or prey?
"Phishers" send spam or pop-up messages claiming to be from a business or organization that you might deal with for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a website that looks just like a legitimate organization's, but isn't. What is the purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
Don't take the bait: don't open unsolicited or unknown email messages; don't open attachments from people you don't know or don't expect; and never reply to or click on links in email or pop-ups that ask for personal
2 information. Legitimate companies don't ask for this information via email. If you are directed to a website to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements. Or open a new browser window and type the URL into the address field, watching that the actual URL of the site you visit doesn't change and is still the one you intended to visit. Forward spam that is phishing for information to [email protected] and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
To ensure you're not being victimized and to detect unauthorized purchases, use the same practices as you do in the offline world. Check your credit card bill at least every month, and consider using services that inform you if someone has requested credit in your name.
Free Software and File-Sharing — worth the hidden costs?
Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often the software is free and easily accessible.
But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents.
In addition, you may unwittingly download pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.
Therefore, downloading file-sharing software is not advisable and could place your personal information and computer at risk. If you do decide to use file-sharing software, set it up very carefully. Take the time to read the End User License Agreement to be sure that you're sharing files legally and that you understand the potentially high risk of any free downloads. For example, some license agreements include an agreement to allow spyware to be installed on your machine.
Spyware
Many free downloads whether from peers or businesses come with potentially undesirable side effects. Spyware is software installed without your knowledge or consent that adversely affects your ability to use your computer, sometimes by monitoring or controlling how you use it. Not only can spyware programs affect your computer use and access your personal information, but in some cases they can also use your computer to access or launch attacks against others. To avoid spyware, resist the urge to install any software unless you know exactly what it is. Your anti-virus software may include anti-spyware capability that you can activate, but if it doesn't, you can install separate anti-spyware software, and then use it regularly to scan for and delete any spyware programs that may sneak onto your computer.
Email Attachments and Links — legitimate or virus-laden?
Many viruses sent over email or Instant Messenger won't damage your computer without your participation. For example, you would have to open an email or attachment that includes a virus or follow a link to a site that is programmed to infect your computer. So, don't open an email attachment even if it appears to be from a friend or coworker unless you are expecting it or know what it contains. You can help others trust your attachments by including a message in your text explaining what you're attaching.
Hackers often lie to get you to open the email attachment or click on a link. Some virus-laden emails appear to come from a friend or colleague; some have an appealing file name, like "Fwd: FUNNY" or "Per your request!"; others promise to clean a virus off your computer if you open it or follow the link.
3 TIP #3 - Use anti-virus software, a firewall, and anti-spyware software to help keep your computer safe and secure.
Dealing with anti-virus and firewall protection may sound about as exciting as flossing your teeth, but it's just as important as a preventive measure. Having intense dental treatment is never fun; neither is dealing with the effects of a preventable computer virus.
Anti-virus Software
Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
To be effective, your anti-virus software should update routinely with antidotes to the latest "bugs" circulating through the Internet. Most commercial anti-virus software includes a feature to download updates automatically when you are on the Internet.
Anti-Virus Software- What to Look For and Where to Get It
You can download anti-virus software from the websites of software companies or buy it in retail stores. Look for anti-virus software that:
- recognizes current viruses, as well as older ones - effectively reverses the damage - updates automatically.
Go to this website for a sample list of anti-virus software that you can purchase online. http://security.getnetwise.org/tools/results/any2.php
This list was gathered and provided by the GetNetWise website. We cannot guarantee the effectiveness of any of the products listed on the GetNetWise website, nor do we endorse any products. The National Cyber Security Alliance is also unable to provide any technical assistance with any of these tools.
Firewalls
Don't be put off by the word "firewall." It's not necessary to fully understand how it works; it's enough to know what it does and why you need it. Firewalls help keep hackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications from and to sources you don't permit.
Some operating systems and hardware devices come with a built-in firewall that may be shipped in the "off" mode. Make sure you turn it on. For your firewall to be effective, it needs to be set up properly and updated regularly. Check your online "Help" feature for specific instructions.
Information on how to turn on your operating system's firewall.
Windows XP and Macintosh OS X operating systems have a built in firewall. Here's a video that teaches you how to turn on the firewall for each of these operating systems. This option is available only if you have these operating system versions.
Window's XP http://security.getnetwise.org/tools/firewallxp-instruct This video tutorial shows you how to enable the firewall option built into the Microsoft XP operating system.
4 Macintosh OS X http://security.getnetwise.org/tools/firewall-osx-instruct This video tutorial shows you how to start the built-in firewall of the Macintosh OS X operating system. This option is available only to users of the Macintosh OS X operating system version 10.2 or later.
If your operating system doesn't include a firewall, get a separate software firewall that runs in the background while you work, or install a hardware firewall — an external device that includes firewall software. Several free firewall software programs are available on the Internet. You can find one by typing "free firewall" into your favorite search engine.
Here's a sample list of firewall software that you can purchase online. http://security.getnetwise.org/tools/results/any1.php
This list was gathered and provided by the GetNetWise website. We cannot guarantee the effectiveness of any of the products listed on the GetNetWise website, nor do we endorse any products. The National Cyber Security Alliance is also unable to provide any technical assistance with any of these tools.
Anti-Spyware Software
Anti-spyware software helps protect your computer from malicious spyware that monitors your online activities and collects personal information while you surf the web. It works by periodically scanning your computer for spyware programs, and then giving you the opportunity to remove any harmful surveillance software found on your computer. Some anti-virus software contains anti-spyware capability. Given the increasing sophistication of spyware programs, consider using two different anti-spyware program search one looks for slightly different sets of threats, and together they may offer increased protection.
Zombie Drones
Some spammers search the Internet for unprotected computers they can control and use anonymously to send unwanted spam emails. If you don't have up-to-date anti-virus protection and a firewall, spammers may try to install software that lets them route email through your computer, often to thousands of recipients, so that it appears to have come from your account. If this happens, you may receive an overwhelming number of complaints from recipients, and your email account could be shut down by your Internet Service Provider (ISP).
TIP #4 - Be sure to set up your operating system and Web browser software properly, and update them regularly.
Hackers also take advantage of unsecured Web browsers (like Internet Explorer or Netscape) and operating system software (like Windows or Linux). Lessen your risk by changing the settings in your browser or operating system and increasing your online security. Check the "Tools" or "Options" menus for built-in security features. If you need help understanding your choices, use your "Help" function.
Your operating system also may offer free software patches that close holes in the system that hackers could exploit. In fact, some common operating systems can be set to automatically retrieve and install patches for you. If your system does not do this, bookmark the website for your system's manufacturer so you can regularly visit and update your system with defenses against the latest attacks. Updating can be as simple as one click. Your email software may help you avoid viruses by giving you the ability to filter certain types of spam. It's up to you to activate the filter. In addition, consider using operating systems that allow automatic updates.
TIP #5 - Use strong passwords or strong authentication technology to help protect your personal information.
5 Keep your passwords in a secure place, and out of plain view. Don't share your passwords on the Internet, over email, or on the phone. Your Internet Service Provider (ISP) should never ask for your password.
In addition, without your knowledge, hackers may try to figure out your passwords to gain access to your computer. You can make it tougher for them by:
- Using passwords that have at least eight characters and include numerals and symbols. - Avoiding common words: some hackers use programs that can try every word in the dictionary. - Not using your personal information, your login name, or adjacent keys on the keyboard as passwords. - Changing your passwords regularly (at minimum, every 90 days). - Using a different password for each online account you access (or at least a variety of passwords with difficulty based on the value of the information contained in each.
One way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, converting some letters into numbers that resemble letters. For example, "How much wood could a woodchuck chuck" would become HmWc@wC.
To further increase the security of your online identity and to help protect you from account hi-jacking, utilize two-factor authentication tools. Two-factor authentication is the combination of a password or PIN number (something you know) with a token, smart card, or even biometric devices (something you have). Ask your bank, your regular online retailers, and your Internet Service Provider (ISP) if they offer devices for secure transactions.
TIP #6 - Back up important files.
No system is completely secure. If you have important files stored on your computer, copy them onto a removable disc, and store them in a secure place in a different building than your computer. If a different location isn't practical, consider encryption software. Encryption software scrambles a message or a file in a way that can be reversed only with a specific password. Also, make sure you keep your original software start-up disks handy and accessible for use in the event of a system crash.
TIP #7 - Learn what to do if something goes wrong.
Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors.
Hacking or Computer Virus
If your computer gets hacked or infected by a virus:
1) Immediately unplug the phone or cable line from your machine. Then scan your entire computer with fully updated anti-virus software, and update your firewall. 2) Take steps to minimize the chances of another incident 3) Alert the appropriate authorities by contacting:
4) Write down your ISP and the hacker's ISP (if you can tell what it is). Often the ISP's email address is [email protected] or [email protected]. You can probably confirm it by looking at the ISP's website. Include information on the incident from your firewall's log file. By alerting the ISP to the problem on its system, you can help it prevent similar problems in the future.
5) Contact the FBI at www.ifccfbi.gov. To fight computer criminals, they need to hear from you.
Internet Fraud
6 If a scammer takes advantage of you through an Internet auction, when you're shopping online, or in any other way, report it to the Federal Trade Commission, at ftc.gov. The FTC enters Internet, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.
Deceptive Spam
If you get deceptive spam, including email phishing for your information, forward it to [email protected]. Be sure to include the full Internet header of the email. In many email programs, the full "Internet header" is not automatically included in forwarded email messages, so you may need to take additional measures to include the full information needed to detect deceptive spam. For further information, go to http://getnetwise.org/action/header.
Divulged Personal Information
If you believe you have mistakenly given your information to a fraudster, file a complaint at ftc.gov, and then visit the Federal Trade Commission's Identity Theft website at www.consumer.gov/idtheft to learn how to minimize your risk of damage from a potential theft of your identity.
TIP #8 - Protect your children online.
Children present unique security risks when they use a computer — not only do you have to keep them safe, but you have to protect their data on your computer. By taking some simple steps, you can dramatically reduce the threats.
- Keep your computer in a central and open location in your home and be aware of other computers your child may be using. - Discuss and set guidelines/rules for computer use with your children. Post these rules by the computer as a reminder. - Use the Internet with your children. Familiarize yourself with your children's online activities and maintain a dialogue with your child about what applications they are using. - Implement parental control tools that are provided by some ISPs and available for purchase as separate software packages. Remember - No program is a substitute for parental supervision. Also, you may be able to set some parental controls within your browser. Internet Explorer allows you to restrict or allow certain web sites to be viewed on your computer, and you can protect these settings with a password. To find those options, click Tools on your menu bar, select Internet Options, choose the Content tab, and click the Enable button under Content Advisor. - Consider software that allows you to monitor your children's email and web traffic. - Consider partitioning your computer into separate accounts - Most operating systems (including Windows XP, Mac OS X, and Linux) give you the option of creating a different user account for each user. If you're worried that your child may accidentally access, modify, and/or delete your files, you can give him/her a separate account and decrease the amount of access and number of privileges he/she has. - Know who your children's online friends are and supervise their chat areas. - Teach your children never to give out personal information to people they meet online such as in chat rooms or bulletin boards. - Know who to contact if you believe your child is in danger. Visit www.getnetwise.org for detailed information.
If you know of a child in immediate risk or danger, call law enforcement immediately. Please report instances of online child exploitation to the National Center For Missing and Exploited Children's Cyber Tipline.
Even though children may have better technical skills, don't be intimidated by their knowledge. Children still need advice, guidance, and protection. Keep the lines of communication open and let your child know that you can be approached with any questions they may have about behaviors or problems encountered on the computer.
7 This web site is provided as a public service by the National Cyber Security Alliance ("Alliance"); the information presented here is subject to the following legal notice and disclaimer.
STAY SAFE ONLINE INFORMATION:
Privacy:
We do not collect personally identifiable information (e.g., name, address, phone number, email address) unless you provide it to us. No other attempts are made to identify individual users or their personal usage habits. We collect only aggregate information about the numbers of individuals who visit our web site and what those individuals look at. This web site uses industry-standard software to create summary statistics, which are used for such things as assessing what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
Security:
For site security purposes and to ensure that this service remains available to all users, this web site employs industry-standard methods to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload information or change information on this web site are strictly prohibited and may be punishable by law, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.
Disclaimer:
This web site includes information, documents and materials (collectively, the "Contents") that are subject to change without notice. The Alliance expressly disclaims any obligation to keep Contents up to date or free of errors or viruses, or to maintain uninterrupted access to this web site. This web site (including all Contents) is provided "AS IS." The Alliance disclaims any express or implied warranties related to the use of this web site (including all Contents and third party web sites), including, without limitation, merchantability, suitability, non-infringement, accuracy, or fitness for any particular purpose. The information provided on this web site should be used as advice; such information does not provide the user with any form of guaranteed protection and the user should not rely on the information to provide any form of guaranteed protection. The Alliance shall not be liable for any errors contained herein or for any damages whatsoever arising out of or related to the use of this web site (including all Contents), including, without limitation, direct, indirect, incidental, special, consequential or punitive damages, whether under a contract, tort or any other theory of liability, even if the Alliance is aware of the possibility of such errors or damages. This web site contains hypertext links or pointers to information created and maintained by other public and private organizations. These links and pointers are provided for visitors' convenience. The Alliance neither controls nor guarantees the accuracy, timeliness, or completeness of any linked information. The Alliance is not responsible for any of the practices of these other sites and specifically disclaims any liability for their content. The inclusion of links or pointers to web sites is not intended to assign importance to those sites or the information contained therein, nor is it intended to endorse or recommend any views expressed, or products or services offered on these sites. The Alliance assumes no responsibility for errors or omissions in any Contents, including Contents that are referenced by or linked (by hypertext links) to third party web sites. The Alliance makes no representations or warranties of any kind whatsoever for the Contents or third party web sites or for any products or services mentioned or offered in the Contents or in third party web sites.
Reservation of Rights:
All Contents (including, without limitation, the graphics, icons, and overall appearance of the web site and the Contents) are the property of the Alliance or its affiliates. Neither the Alliance nor its affiliates waive any of its proprietary rights therein including, but not limited to, copyrights, trademarks and other intellectual property rights. This web site and the Contents are intended only for the individual, non-commercial use of web site users. No user of this web site may resell, republish, print, download, copy, retransmit or display (by use of an html "frame" or otherwise) any portion of this web site or the Contents without the prior written consent of the Alliance, except that reasonable copying or printing of the Contents for individual, non-
8 commercial use is permissible where permitted by law. The availability of any Contents through this web site shall under no circumstance constitute a transfer of any copyrights, trademarks or other intellectual property rights of the Alliance or its affiliates to any web site user or any third party. This web site and the Contents are protected by U.S. and international copyright laws, both as individual works and as a compilation.
Basic Computer Cleanup
INTRODUCTION
Periodically you should clean up your computer to rid it of unused files and programs that will bog down your computer and make it run slower or at worst, can do very harmful damage requiring you to take your computer to a technician for repairs that can cost a lot of money.
Of course, there are many software programs out there that do a much better job at cleaning your hard drive as compared to the basic cleaning steps that will be outlined below, especially when you want to check for harmful viruses, worms or other malicious computer codes that can do more harm than most pop up adds, Spyware and other files and programs that are loaded on your hard drive every time you log on the Internet or use your computer for non-Internet purposes.
Below you will find a “basic” step-by-step process that will help you in performing the most basic cleaning of your computers hard-drive.
STEP 1
First, close all programs that you have open. Next, using your cursor proceed as follows:
1 Start > 2 All Programs > 3 Accessories > 4 Systems Tools > 5 Disk Cleanup >
9
5 3
4
2
1 After you have selected “DISK CLEANUP”, the dialog box seen below will appear.
Next, highlight “Temporary Internet Files” (red arrow). Next, click on view files (blue arrow)
10 After you clicked on “View Files”, the following dialog box will appear with numerous folders (red arrow). Each of those folders contain the various files downloaded from the internet showing the websites you visited on the internet, to include, websites that required you to enter a password that others can now access, unless you delete those files.
11 If you select one of the folders (blue arrow) and double click it and open it you will find a variety of files that show a history of websites and files that have been opened online as can be seen on the next page.
Below are some typical files found in one of the “temporary internet folders”. If you were to double click on one of the icons (red arrow) you will see a screen shot of one of the websites you may have visited.
12 Below is the image found after double clicking on the icon above. It is an example of an image that was on a website that was visited on the above date and time as seen in image above as seen by the information provided to the right of the red arrow.
STEP 2
In order to clean up your hard drive is as follows (once again, make sure all programs are closed):
13 1. Highlight one of the folders as seen below.
2. Next, press Ctrl and A simultaneously so as to highlight and select all folders for deletion. After all folders are highlighted, place your cursor over the “Index” icon and press CTRL so as to deselect just that icon. The “Index” cannot be deleted so there is no reason to try and delete this icon.
3. Next, place your cursor over one of the folders and right click on your mouse. Next, select “Delete”.
14 4. A new dialog box will appear asking you to confirm you want to delete those highlighted folders. Select “Yes”.
5. After selecting “OK”, you will see the folders being deleted as can be seen in the example below. Depending on when it was the last time you cleaned out your “Temporary Internet Files” folder the deletion of the folders could take from several seconds to several minutes.
15 6. Close the dialog box that contained all of the now deleted folders once they are fully deleted. You will, once again, find the original “Disk Cleanup” dialog box on your desktop. Select “OK” as indicated next to the red arrow.
7. After clicking on “OK” a dialog box will appear asking you to confirm your desire to complete this action. Click on “YES”.
16 The following dialog box will appear as the action is being completed. This dialog box will disappear when finished.
Now, empty your recycle bin and you are done.
17