Staying Safe Online

Cybercriminals can leverage spoofed websites to install spyware on unsuspecting victims, which can turn your latest web search into an opportunity for a bad actor to gain access to your personal information or devices.

• Use a trusted web browser. Modern browsers are regularly updated to align with the latest security standards and to defend against common tactics used by bad actors.

• Be wary of pop-ups. They are a common tool used by bad actors to get a user to visit a malicious website. Gain control over pop-ups by configuring your browser to either block or notify the user.

• Ensure your web browser is updated regularly. To make it easier to remember, enable automatic updates.

• Use bookmarks for the sites you visit often. This will lessen the chances of landing on a spoofed or malicious site.

• Beware of short URLs, which can be commonly used on social media posts and in emails. The shortened URL could mask a link that takes you to a malicious site. If you are suspicious about a shortened URL, it’s best to find the coordinate page on your own through a trusted search engine or use a reputable website that will unshorten a link so you can see the full URL before visiting the page.

The Internet of Things (IoT) is bringing every aspect of our lives online. Phones, watches, printers, thermostats, lightbulbs, cameras and refrigerators are only a handful of devices connecting to our home networks. These connected devices can make everyday tasks easier and our lives much simpler. However, IoT devices come with security issues that you should know about.

• Know all the devices that are connected to your home network and each other. Having an inventory of what’s connected can act as a checklist for ensuring updates are made periodically. If a device is no longer needed, you should disconnect it to reduce the number of devices to update.

• IoT devices may have weak security default settings, which makes them a target for ransomware. Make sure you’ve enabled higher level of security for all devices using complex passwords or system upgrades. You can also configure privacy options to limit the amount of information your devices share.

• Just like your PC and mobile devices, keep your IoT devices up to date. If your IoT device has the option to automatically update, enable it. At some point, you may want to replace an older IoT device when the existing one has too many known vulnerabilities that cannot be fixed or there are newer devices that have more security built into them.

• Many Wi-Fi routers can create additional networks, such as a guest network. Connect IoT devices to your guest Wi-Fi network instead of your primary Wi-Fi network. Another option is to purchase an additional Wi-Fi access point just for your IoT devices. This keeps your IoT devices on an isolated network, where they cannot be used to harm or attack any computer or mobile devices connected to your primary home network (which is still the main interest of cyber criminals).

• Choose your IoT devices wisely. Make sure you are buying from a trusted source and selecting a trusted brand. Some bad actors will create counterfeit IoT devices that users willingly install on their home network or can be used as rogue access points or opportunities to monitor an individual.

Kids of all ages are joining the digital world for various reasons, including schoolwork, playing games, engaging in the metaverse, watching videos and connecting with friends. It’s important that they learn safe cybersecurity behaviors at a young age.

• Many basic cybersecurity behaviors can be compared to other real-life safety measures, like being careful interacting with strangers. Tell your kids to be mindful about engaging with strangers online and to limit the personal information they share with others including not sharing their address.

• Restrict access to sites by setting up permissions to access certain websites or complete certain actions like downloading apps or plug-ins. Parental controls are never guaranteed, so start by limiting access to devices you don’t think your child has a need for. As they have needs for more connectivity, be prepared to educate them on how to ask for help, especially if they see chat or other features enabled.

• Encourage an open line of communication so that if they see something dangerous or are concerned they fell for a scam, they should notify a trusted adult right away. If they were on a device connected to your network, take steps right away to update your security protections on other devices and on your network router.

• Make sure kids properly close out of apps or shut down the device when it’s not in use. Some malicious sites can run in the background or access a device’s camera without permission.

• Limit the ability for children to make online purchases by not saving credit cards to devices they can access, and not giving them a credit card to purchase something if you haven’t validated whether the site is legitimate.

You may be aware of the dangers associated with digital files like downloading email attachments or visiting suspicious websites. However, even physical devices like USB drives, external hard drives and SD cards present a security risk for data corruption or infecting a system with malware.

• Do not connect any removeable device if you are not familiar with where it came from. If you received something in the mail, especially if it claims you won a prize or are eligible for a cash benefit if you connect the device, be wary of its authenticity.

• If transferring data on your own removable media, use complex passwords to protect the data if your device is lost or stolen.

• When you are done using a removeable device, make sure you’ve completely wiped the device before discarding it, even if it’s password protected. Redundant or expired personal data can still present a risk if it falls into the wrong hands.

• Disable any automatic run or play features on your devices so that if a suspicious removable media device is plugged in without your authorization, any programs will not install automatically.

• Install security software that will scan for any viruses or malware on your personal device, including when a removable media device is connected. Make sure to keep the security software updated.

Traveling is an opportunity to explore, relax or try something new. Staying secure while traveling allows you to focus on the trip and collecting memories – not cybersecurity threats.

• Don’t provide specific whereabouts or broadcast that you’re away from your home to minimize the chance you’re targeted for a home invasion.

• Minimize location sharing on your devices. Check the privacy and security settings on web services and apps. Set limits on what you share and the individuals or apps you share your location with.

• If someone says they lost their phone and asks to use yours, be careful. It is best to never hand over your device to a stranger. It would not take long for a bad actor to install malware or run off with it. Instead, make the call for them.

• If you are in a public place, always keep your eyes on your devices and do not leave them unattended. Even if it’s to turn around for just a moment or run to the bathroom quickly. It is important to keep your work devices concealed as much as possible.

• Bring as few devices as you can for a trip. This reduces the chance that all your connected devices are either lost or stolen. If available on your device, set up the feature that allows you to find your device or remotely disable your device. Make sure to follow our tips on mobile device security.

Who doesn’t love a freshly baked cookie? Unfortunately, in our digital world, you need to use caution when accepting cookies during your browsing sessions. Computer cookies are text files stored on your web browser that can be used to communicate to the site when you are a repeat visitor, so the website ’remembers’ you and your preferences or browsing history. However, bad actors can use cookies to monitor your other browsing activity including keystrokes.

• A common access point for cookie-based attacks is through an unsecured connection. To better protect yourself, require a secure connection by configuring your browser to send cookies through a secured connection only.

• Regularly clear cookies from your browser. Depending on your browser, the steps can vary, but it typically takes fewer than five simple steps. You can use a trusted search engine to research the steps for your preferred browser.

• First-party cookies from legitimate sites are harder to infect by bad actors, so they are typically safer. However, third-party cookies have more risk. You can block all third-party cookies through your browser in a few simple steps. You can use a trusted search engine to research the steps for your preferred browser.

• Many sites now are required to give you cookie acknowledgment options. Take the time to read them before accepting, especially for free sites.

Social engineering is the use of deception where a bad actor uses human interaction to manipulate an individual into divulging personal or confidential information that can give them access to data, accounts, systems or physical locations. There are several types of social engineering: phishing, vishing, baiting, pretexting and scareware. We covered specific tips for phishing and vishing on this page. Below are other tips that help with a variety of social engineering tactics.

• Be suspicious of unsolicited phone calls, messages and in-person interactions. What can seem like a friendly conversation with a stranger could be used to pull together pieces of information about you and used for malicious purposes, like creating a fake account or posing as an acquaintance to those close to you.

• If you’re concerned that you have divulged sensitive information like the answers to security questions on accounts, immediately reset passwords and security questions on a trusted network and browser.

• Research before providing information. If someone contacts you requesting information, take a moment to research the company and reported problem through a quick search on a trusted search engine. Oftentimes, scams are widespread and reported to news outlets or the company they are claiming to be associated with.

• Pretexting is when a bad actor uses a false identity in an in-person interaction to trick someone into revealing information. Typically, they will pose as an employee or someone in distress to gain access to restricted information, physical locations or systems.

• If you haven’t entered to win a prize, be suspicious when contacted to say you won and need to provide some information before the prize can be awarded.

Storing information on the cloud may sound like something only companies or tech-savvy individuals do, but it’s more common than you may realize.

• Use cloud-based services that encrypt your data in transit and at rest. You can research this information on the cloud service website and using a trusted search engine for reviews. You can also encrypt your data before uploading it to the cloud provider by using a trusted service.

• As with most cybersecurity tips, it’s important to use a complex password. You can find specific tips for creating passwords earlier on this page. Make sure to utilize a unique and complex password to access your data on the cloud and any of the files you encrypted.

• Disable automatic uploads to the cloud to reduce the risk that a malicious file is uploaded and then corrupts your other data or gives access to your files.

• Regularly check to see what applications or devices are connected to your personal cloud account. If you haven’t used one of the connected accounts in the last three to six months, it’s recommended to disable the connection. This reduces the risk of unauthorized access through an app or device you no longer maintain or own.

• A convenient feature of a cloud-based service is the ability to grant access to others like family members. Make sure you only grant access to confirmed and trusted email addresses or accounts. Also, regularly review who has access to what folders, files or systems and remove access rights to those you no longer wish to share your data with.

The convenience of using public WiFi is offered as a benefit at our favorite restaurants, coffee shops, stores and even public libraries. Avoid quickly turning a convenient service into a headache by following some best practices.

• Avoid accessing sensitive information while using public WiFi. This could include accessing your bank accounts or entering credit card information.

• Turn off or limit access to airdrop or file sharing features on your personal devices to avoid someone sharing a file with you through a shared public network.

• Log out of your accounts when not using them so that programs or data cannot run in the background on the public WiFi.

• Consider turning off “ask to join” features if your phone plan supports your data use. With many carriers offering unlimited data, the need to use untrusted networks continues to lower each day.

• Don’t connect to public WiFi networks with suspicious names such as “Free WiFi.” If you are unsure which public WiFi is associated with the location, ask one of the employees to verify the WiFi name.

With the increase in use of data and technology, trust becomes critically important. Our Global Information Security team is responsible for securing our digital ecosystem, minimizing risk across the enterprise and defending against cyberthreats to protect customers, members, associates, data and systems.