Protecting Yourself Online
Protecting Yourself Online
This guide will connect you with cybersecurity resources and tips for protecting yourself online. Remember: Think before you click!
Protecting Your Family
Cybersecurity doesn’t have to be a “control” issue. Instead, make cybersecurity about protection and education. Use software to enforce family rules and routinely talk with your children about internet dangers.
How can I protect my family on social media?
- Create an account that gives both you and your children access
- Monitor activity using tools, such as parental control software, and keep tabs on the messages coming in and going out
- Talk with your children about safe online behavior
- Teach your children about fake accounts and predators, online advertising, and Instant Messaging
- Beware of “surveys” and quizzes that ask about maiden names, or schools attended, etc.
- Disable GPS tags in photos
Are there other online safety issues for children?
- Parents can be liable for items purchased under their child’s name
- Credit monitoring services are available for minors
- Risky internet behavior can be a warning indicator for other problems
Want to know more about raising “digital citizens?” Visit the National Cyber Security Alliance .
Preventing Identity Theft
Identity theft is the act of using someone’s personal identifiable information (such as name, address, account number, driver’s license number, Social Security number, or health insurance number) without that person’s knowledge, and using the assumed identity to commit fraud or theft.
Identity thieves steal bank and tax information, as well as credit card applications and statements. Thieves may use illegal storage devices called “card skimmers” that obtain the name, account number, and expiration date of debit and credit cards when swiped at ATM machines, restaurants, retail stores, etc. Businesses have also fallen victim to identity thieves, and names and personal and financial information have been stolen from their employees and customers. Thieves can even steal personal identifiable information by digging through someone’s garbage.
How can I keep my personal information secure?
Share information carefully
- Look at the website address to ensure you are on a Hypertext Transfer Protocol Secure site (HTTPS) when shopping online
- Avoid spam and scams by always questioning the legitimacy of phone calls, emails, and social networking messages that ask for personal information
- Use privacy settings when using social networks to ensure personal information such as your birth date, hometown, and employment history do not become public knowledge
- Do not open attachments or links from an unknown source
Store and dispose of your personal information securely
- Shred or burn all sensitive personal information
- Remove (“wipe”) personal information that may be stored on computers and mobile devices before selling or disposing of them
Ask questions before deciding to share your personal information
- Legitimate businesses will not contact you to verify your account information, so ask for a call back number
- Ask why they need your personal information, how it will be used, how they will protect it, and what happens if you do not share it
- Contact your bank or credit card company to confirm the call
Maintain appropriate security on your computers and other electronic devices
- Install antivirus software on all your devices and keep the software updated
- Change your passwords at least every 90 days, use different passwords for different accounts and websites and do not share them with anyone
- Mobile devices and cell phones, and all applications installed on them should be password protected
- Encrypt your data using tools available in Microsoft Office or purchased commercially
- Be cautious with “free” online storage
- Multi-factor verification or two-factor authentication will add an additional layer of protection since it requires users to have an extra credential, beyond just a password
What can I do if I think my computer’s been hacked, or if credit card or personal information was stolen?
- Call the company or companies where you know the crime occurred. Ask for the account(s) to be locked or closed
- Place a fraud alert and get your free credit report. You can obtain your free credit report and place a fraud alert by visiting AnnualCreditReport.com or you can call 1.877.322.8228. You will be provided with a 90-day fraud alert
- File a report with the Federal Trade Commission. To file a report, visit FTCComplaintAssistant.gov or call 1.877.438.4338
- Contact your local police department to file a report
- Contact the PA Attorney General, Bureau of Consumer Protection, 1.800.441.2555
The Federal Trade Commission provides detailed advice to help with the theft of personal records and information. Visit IdentityTheft.gov .
Choosing Safe Passwords
Passwords are important because they allow you to protect your financial and personal information. In June 2017, the National Institute for Standards and Technology issued new guidance (PDF) for passwords that changed many old assumptions for choosing passwords.
What kind of passwords should I use?
- Use a password with at least 8 characters – the longer the better
- Choose a password that combines letters, words, phrases, or numbers that have a unique connection to you
- Choose a password that is easy to remember, so you will not have to write it down
- Do not use names, birthdates, common words, phrases, or other information that might be easily guessed
- Change passwords on a regular basis, but new passwords should not be related to old passwords. Example:
- Old password: GandalfisGreen
- Bad new password: GandalfisGreen1
- Better new password: MordorParadise42
- Do not share passwords on the phone, via text, or in e-mails. Legitimate companies will not send you messages asking for your password.
- Do not use the same password for multiple accounts. If the password is stolen from you, or one of the companies with whom you do business, it can be used to take over all your accounts that use the same password.
What are some popular passwords?
This is a trick question! Simple passwords are frequently used and can be cracked within 5 minutes, if not seconds. Examples of most-used, easily cracked passwords:
Don’t rely on your web browser to protect you from malicious websites. Even if you have high security settings and antivirus software, visiting a risky website can result in viruses, spyware or worse.
What steps can I take to help ensure my web browsing is safe and secure?
- Choose “Yes” when your web browser program prompts you to update; browsers are frequently updated to protect you against security vulnerabilities in older versions
- Use and regularly update software that protects against viruses, spyware, and malware
- Look for signs of an encrypted website when providing sensitive personal information such as credit card, banking information, or SSNs online; key identifiers include a website address for the website’s login page that begins with “https” and a padlock icon in your browser status bar
What activities should I avoid when browsing the web?
- Beware of downloading files or programs from unfamiliar websites: if a download seems too good to be true, it probably is—don’t risk it!
- Beware of websites that prompt you to click a link to run software
- Beware of providing personal information to get something free online
- Beware of free content from unfamiliar websites that could contain viruses or malware
How do I keep my computer secure?
If your computer isn’t secure, what you use it for will be insecure. Here is a quick list of items for you to consider to better your overall computer security.
- Install, use, and regularly update software programs to protect you from viruses, malware, and spyware
- Keep your computer’s operating system updated
- Use care when reading email with attachments
- Back up important files and folders
- Use strong passwords
- Only download and install programs from sources you know and trust
- Secure your wireless network with an encrypted password
Securing Your Mobile Phone
Criminal attacks on mobile phones typically take advantage of device features that are similar to computers. However, the convenience of mobile phones also makes them vulnerable to a range of other attacks.
For example, mobile phones are easy to steal – and that includes data stored on the phone, from personal identifiers to financial and corporate data. Additionally, anyone – including criminals – can develop apps for some of the most popular mobile operating systems. Even legitimate smartphone software can be exploited.
How can I protect my mobile phone (or tablet)?
- Lock your device with a Personal Identification Number (PIN) or password
- Configure your device to automatically lock after a certain period
- Never leave your device unattended in public
- Download software updates for your mobile device’s operating system when prompted
- Avoid texting or emailing personal information such as Social Security or account numbers
- Limit the amount of important personal information stored on your phone
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots
- Beware of posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks
- Investigate and research before selecting and installing apps
- Delete all information stored in a device prior to selling or discarding it
What should I do if my mobile phone or tablet is lost or stolen?
- If it’s your work mobile phone, report the loss/theft to your employer immediately
- If it’s your personal mobile phone, report the loss/theft to your service provider as soon as possible to deter malicious use of your device and minimize fraudulent charges
- Report the loss or theft to local law enforcement
- Change your credentials for accounts and social networks accessed by the device
- If necessary, direct your service provider to wipe the mobile phone — remotely deleting all data on the phone
Cybersecurity and the Wolf Administration
The Wolf Administration put together a team of professionals from all areas of state government to develop online resources to help protect you and your family as you navigate the internet in your daily lives.
Cybercriminals continue to target consumers and businesses, and we must remain ever vigilant in our efforts to protect ourselves from attack. Pennsylvania’s state government continues to work collaboratively with federal authorities and other state agencies to address cybersecurity challenges. We will continue to assist Pennsylvanians by highlighting and providing resources relating to cybersecurity threats and best practices.