Tip # 1 – Creating a strong, complex password is one key element to keeping your account secure. The length of a password is important. In general, the longer, the better. Goshen College requires a minimum of 15 character passwords. Think pass-phrase, not pass-word: If you think of a single “word,” it is difficult to come up with something long and memorable. But, if you think of a “phrase” made up of 4 or more smaller words, it is much easier to remember, yet still complex enough to not be easily guessed. It could be a line from a favorite poem, story, movie, song lyric, or quotation. Then, switch up the case of the letters, substitute numbers for some of the letters, and use some special characters. Avoid patterns: Do not use sequences of numbers, letters, or keyboard patterns. Don’t reuse a password or use similar passwords on multiple systems, accounts or websites. The reason is, if someone discovers one of your passwords, it can be easy for them to figure out the rest of your passwords. Use multifactor authentication. This method provides an extra layer of security measures so if a hacker gets ahold of your password, there is still an additional security measure in place to ensure that your account is not breached.
Tip # 2 – Be vigilant with suspicious text messages. Your banking institution or other accounts should not be asking you to access your account from a text message.
Tip # 3 – Keep work and personal data safe by putting your computer or device to sleep or activating a password protected screen saver when you walk away from your computer or device.
Tip # 4 – Don’t click on direct links in email or text messages that are asking you to enter in or update sensitive information. It’s best to go directly to the source. For example, you receive an email to click on a link to update your information for your bank account or social media account. Don’t do it! Instead, go to your bank’s website or your social media account’s site and review your account information to make sure everything is accurate.
Tip # 5 – Don’t respond to phone requests asking for personal or financial information. If you are concerned, find the correct phone number and call the company or organization yourself.
Tip # 6 – Don’t overshare information on social media. These details can provide hackers with your location or other personal identifiable information that can help them to craft a phishing attack. Think before you share.
Tip # 7 – Look out for emails that claim to have your password and say that they have seen you visiting questionable websites and have collected embarrassing information about you. Do not reply to those email messages or click on anything within them. They are a scam.
Tip # 8 – Be skeptical of any requests to change direct deposit, banking, or wiring instructions, even from a trusted person who you regularly conduct business with. Always verify before following through by calling the person using their known phone number.
Tip # 9 – Never reuse passwords on multiple systems, services, accounts, or websites. Or use similar passwords on multiple systems, services, accounts or websites. The reason is, if someone discovers one of your passwords, it can be easy for them to figure out the rest of your passwords. Don’t use your work or school account password for any other accounts or websites.
Tip # 10 – Never allow your web browser store or save your account passwords. Hackers have ways that they can access the stored passwords, even if they are ‘secured’ with a master password. You can disable the option to save this information from within the settings area of your web browser. Instead, use a secure password manager like LastPass or OnePassword.
Tip #11 – Never allow your web browser to save your credit card information. Hackers have ways that they can access that information. You can disable the option to save this information from within the settings area of your web browser.
Tip # 12 – Always be skeptical of any unexpected email containing an invoice or bill. When you receive an unexpected email, stop and consider the context. For example, if the email is about an order you didn’t place, it could be a scam.
Tip # 13 – If you receive a request to make changes to some payment information, first verify it by calling the person or organization directly using a trusted phone number.
Tip # 14 – Keep your computer operating system, web browser, web browser plug-ins, and the operating systems and applications of your phones and tablets up to date with the latest versions to keep current with the latest security patches. Only update phone and tablet applications by going to the official application stores for those devices. Such as the App Store on Apple devices, or the Google Play Store on Android devices.
Tip # 15 – Microsoft never proactively calls you to help you with a virus on your computer. Nor do they engage pop-up windows on your computer warning you that a virus has been detected and then ask you to call a phone number for assistance. These are scare tactics used by scammers that are performed with the purpose of stealing your money or your personal or financial information. They will try to persuade you into installing things onto your computer which will contain hidden malware. Or they will attempt to remote control to your computer, where they will then infect your computer with additional malware, as well as a keylogger that will record every keystroke that you make on your computer. With a keylogger they can steal personal or financial information such as passwords, credit card numbers, or banking details.
Tip # 16 – Avoid Smishing (SMS or text phishing) by being cautious about clicking on links in text messages. Think before you click.
Tip # 17 – Don’t post on social media that you will be out of town. That creates a prime opportunity for someone to break into your home and steal your things. Wait until you return home, and then post about your adventures or share your pictures.
Tip # 18 – Be skeptical if you receive an email message from your supervisor, coworker, or anyone else who is asking you to go out and purchase a bunch of gift cards for them. This is most likely a hoax. If in doubt, call the person and ask them if they really need you to make the purchase.
Tip # 19 – Email is not a secure method of transferring confidential information such as account numbers, social security numbers, or credit card numbers.
Tip # 20 – Have you changed the default password on your home wifi router? If you haven’t, your router is still using the default password that it came with. And possibly all of the other routers that were issued from that service provider or company to other customers have that same password too! Your computer can be vulnerable to an attack if you don’t change the password for both the admin user interface and the network itself. If you do not know how to change these passwords, contact your Internet service provider for help.
Tip # 21 – Watch out for urgent messages, such as an email alerting you about an expensive credit card charge. Phishing attacks rely on impulsive actions. Check your credit card balance first, and call your credit card company for assistance if the charge is unexpected.
Tip # 22 – Watch out for fake DOC attachments in email messages. Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals may send you an email with a DOC file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.