Top Cybersecurity Tips

Top Cybersecurity Tips

Follow these tips to help you protect your online information and avoid fraud.

Protect your passwords.

  • Never share your passwords.
  • Use two-step verification when possible, which makes use of something you know (your password) and something you have (for example, a code that is sent to your phone). The account can't be accessed without both.
  • Use symbols as well as upper- and lowercase letters and numbers. The more types of characters you include, the more difficult your password will be to crack.
  • Don't use as passwords your birth date, the name of a relative, or a dictionary word. Some password-cracking programs simply run through all of the words in a particular dictionary.
  • Use longer rather than shorter passwords. Eight characters should be the minimum, but 12 characters are even better. Some "brute force" password-cracking programs on heavy-duty hardware can run through every possible eight-character combination in a matter of hours.
  • Use a "passphrase" instead of a password. A short sentence, such as "Go forth 4 ever&more," can be easy to remember, not too difficult to type, and very difficult to crack.
  • Don't use the same password or passphrase with multiple sites. Periodically, high-profile sites are hacked in which thousands of users' passwords are breached. If a hacker discovers a password of yours this way or by using a password-cracking program and you use the same password for other sites, this makes it easy to break into your other sites.
  • Use a password management service or otherwise hide your passwords. Some people write their passwords on a piece of paper, even taping the paper to their computer or desk. The obvious downside to this is the risk of someone, from a nosy babysitter to an office adversary, coming across it. A password management service lets you use one password for it and fills in your passwords, automatically and behind the scenes, for sites you visit. Two recommended password managers are Lastpass and KeePass.

Secure your home network.

  • Configure your home Wi-Fi router to use a strong password, and ensure it's configured to use the latest encryption.
  • Securing your home Wi-Fi simply requires using the software that comes with your router to type in the passkey whenever you add a new device to the network for the first time.
  • Choose an intimidating sounding network name (SSID) such as c:\virus.exe to scare off nosy neighbors or passers-by. Alternately, you can disable SSID broadcasting, which hides your network's name.

Take precautions when using Wi-Fi in public.

  • Use a virtual private network (VPN) service such as Hotspot Shield ( www.anchorfree.com), Private Wi-Fi ( www.privateWi-Fi.com), and WiTopia ( www.witopia.net) when connecting to public Wi-Fi. Such services, which often come in free ad-supported versions and ad-free and faster-pay versions, encrypt all data that flows between your device and anything you connect to over the Internet.
  • Make sure any sites you connect to in which you have to sign in using a password use TSL (Transport Layer Security) or SSL (Secure Sockets Layer) security. With such sites, the web address begins with "https." Most do, but it doesn't hurt to check, particularly when buying, banking, or doing similar activities.
  • Keep current with operating system and program updates on your devices. But whenever possible, it's best to do updates over connections you're sure are secure rather than using public Wi-Fi.
  • Use firewall and antivirus software, and keep it current, whether a pay service such a Norton Security ( www.norton.com), which does it all, or a free service such as AVG Free ( free.avg.com), which you can use in combination with your operating system's own firewall.
  • Set your browser to block pop-up windows. Be especially wary of updating software through a pop-up window when you connect to a website.

Stay safe on social media.

  • Adjust privacy settings to ensure your posts and profile information can be seen only by approved audiences.
  • Limit the personal information you share online. Avoid posting work or personal schedules and travel itineraries, especially deployment information and return dates for yourself, a loved one, or a unit.
  • Be cautious when accepting friend requests and interacting with people online. Never accept a friend request from someone you do not know, even if they know a friend of yours.
  • Disable location-based social networking, or geotagging, on all social media platforms. (Geotagging is the process of adding geographical identification to photographs, video, websites, and text messages.)
  • Don't share information you don't want to become public. Once you put it out there, you can't control where it goes.

Avoid becoming an online fraud victim.

  • Be very suspicious of any unsolicited email requesting personal information.
  • Don't open email messages unless you know the source. Phishing emails are designed to trick you into opening an email with a malicious link or an attachment infected with a virus.
  • Never purchase anything advertised through unsolicited email. Search for a company's official website instead of clicking a link.
  • When purchasing merchandise online, make sure you are dealing with a reputable source. Do a little research to ensure the legitimacy of the individual or company.
  • Be wary of businesses that operate solely out of post office boxes or mail drops and do not have a street address listed online or in printed materials.
  • Consider upfront fees to be a bright red flag. Scammers often say they can help you access your benefits or get you a good interest rate on a loan - if you provide them an upfront fee.
  • Also be wary of anything that promises large sums of money, such as sweepstakes or lottery winnings, in exchange for an advance payment, a donation, or an investment. Bottom line: Never send money to someone you don't know and haven't checked out thoroughly.
  • Take precautions when making charitable donations. Bogus charities often use official-sounding names and words like “veterans” or “foundation” to try to convince potential donors of their status. Consult Charity Navigator or the Wise Giving Alliance register to be sure your money will reach those in need.

Finally, regularly monitor online accounts for suspicious activity. One easy way to do this is to sign up for real-time alerts from banks and other institutions you regularly use. If you detect suspicious activity, change your password immediately and report the activity to the vendor. Find more cybersecurity tips and information at www.dhs.gov/stopthinkconnect-toolkit.