Protecting Yourself Online
Protecting Yourself Online
This guide will connect you with cybersecurity resources and tips for protecting yourself online. Remember: Think before you click!
If somebody has taken drugs and becomes unresponsive, call 911 immediately. These resources are intended for preventive measures only.
Staying Safe Online
Take Action Now
If you believe your computer has been hacked or that your credit card or personal information was stolen, you need to take immediate steps to protect yourself and prevent the thief from exploiting you.
Get it on Record
- Contact your local police department to file a report. It’s unlikely they will be able to address the issues directly, but it’s important to get it on record to help with any future claims
- Federal Trade Commission , 1.877.438.4338
- PA Attorney General, Bureau of Consumer Protection, 1.800.441.2555
- Internal Revenue Service (IRS) Identity Protection Unit 1.800.908.4490
- Pennsylvania Department of Revenue, Fraud Investigation Unit at 717-.772-.9297 or RA-RVPITFRAUD@pa.gov
- U.S. Postal Service – Postal Inspector Resources
Monitor Your Credit
Identity theft can have a significant impact on your credit score and, subsequently, your ability to apply for certain jobs, get a credit card, car loan, a mortgage or a rental property, or buy insurance. In addition to regularly monitoring your bank, credit card and insurance statements for fraudulent charges, you should also monitor your credit file, which will give a detailed report of your credit history. Credit reports can be obtained at the three major credit reporting bureaus are Equifax , Experian , and TransUnion .
Get a free copy of your credit report every 12 months from each of the three credit reporting companies by visiting AnnualCreditReport.com or calling 1.877.322.8228. Look for unfamiliar account information in the credit report. If you see incorrect or unfamiliar information, contact the credit bureau that you used to obtain the credit report and contact the creditor involved.
You can restrict or “freeze” your credit file, making it more difficult for identity thieves to open new accounts in your name. Previously, consumers would have paid a fee to freeze their credit but thanks to a new federal law, consumers may freeze their credit file at all three credit reporting bureaus for free, and then temporarily “thaw” the credit files as needed. Parents may request a credit file be created and subsequently frozen for minors under 16.
Freezing and thawing your credit account does not impact your credit score or your ability to get a free credit report.
- Request a freeze at each of the three major credit bureaus:
- Another option is placing a fraud alert on your credit file. If you have a fraud alert a business must verify your identity before it issues credit. Previously, fraud alerts were limited to 90 days but now under federal law, an alert can last up to a year. Identity theft victims can get an extended seven-year alert. Request a fraud alert at each of the three major credit bureaus
Prevent Identity Theft
Identity theft is the act of using someone’s personal identifiable information (such as name, address, account number, driver’s license number, Social Security number, or health insurance number) without that person’s knowledge, and using the assumed identity to commit fraud or theft.
Identity thieves steal bank and tax information, as well as credit card applications and statements. Thieves may use illegal storage devices called “card skimmers” that obtain the name, account number, and expiration date of debit and credit cards when swiped at ATM machines, restaurants, retail stores, etc. Businesses have also fallen victim to identity thieves, and names and personal and financial information have been stolen from their employees and customers. Thieves can even steal personal identifiable information by digging through someone’s garbage.
How can I keep my personal information secure?
Share information carefully
- Look at the website address to ensure you are on a Hypertext Transfer Protocol Secure site (HTTPS) when shopping online
- Avoid spam and scams by always questioning the legitimacy of phone calls, emails, and social networking messages that ask for personal information
- Use privacy settings when using social networks to ensure personal information such as your birth date, hometown, and employment history do not become public knowledge
- Do not open attachments or links from an unknown source
Store and dispose of your personal information securely
- Shred or burn all sensitive personal information
- Remove (wipe) personal information that may be stored on computers and mobile devices before selling or disposing of them
Ask questions before deciding to share your personal information
- Legitimate businesses will not contact you to verify your account information, so ask for a call back number, ask why your personal information is needed, how it will be used, how it will be protected, and what happens if you do not share itContact your bank or credit card company to confirm the call
Maintain appropriate security on your computers and other electronic devices
- Install antivirus software on all your devices and keep the software updated
- Change your passwords at least every 90 days, use different passwords for different accounts and websites and do not share them with anyone
- Mobile devices and all applications installed on them should be password protected
- Encrypt your data using tools available in Microsoft Office or purchased commercially
- Be cautious with “free” online storage
- Multi-factor verification or two-factor authentication will add an additional layer of protection since it requires users to have an extra credential, beyond just a password
Choose Safe Passwords
Passwords are important because they allow you to protect your financial and personal information. In June 2017, the National Institute for Standards and Technology issued new guidance (PDF) for passwords that changed many old assumptions for choosing passwords.
The Do’s and Don’ts of Passwords
- Choose a password of at least 8 characters that combines letters, words, phrases, or numbers that have a unique connection to you
- Choose a password that is easy to remember, so you will not have to write it down
- Change passwords on a regular basis, but new passwords should not be related to old passwords
- Use names, birthdates, common words, phrases, or other information that might be easily guessed
- Share passwords on the phone, via text, or in emails. Legitimate companies will not send you messages asking for your password
- Use the same password for multiple accounts. If the password is stolen from you, or one of the companies with whom you do business, it can be used to take over all your accounts that use the same password
Don’t rely on your web browser to protect you from malicious websites. Even if you have high security settings and antivirus software, visiting a risky website can result in viruses, spyware or worse.
What steps can I take to help ensure my web browsing is safe and secure?
- Use and regularly update software that protects against viruses, spyware, and malware
- When providing sensitive personal information such as credit card, banking information, or SSNs online, make sure the website is encrypted; Look for the “https” and a padlock icon in the browser status bar of the website.
What activities should I avoid when browsing the web?
- Beware of free content or downloading files or programs from unfamiliar websites: if it seems too good to be true, it probably is —don’t risk it!
- Beware of websites that prompt you to click a link to run software
- Beware of providing personal information to get something free online
How do I keep my computer secure?
If your computer isn’t secure, what you use it for will be insecure. Here is a quick list of items for you to consider to better your overall computer security.
- Install, use, and regularly update software programs to protect you from viruses, malware, and spyware
- Keep your computer’s operating system updated
- Use care when reading email with attachments
- Back up important files and folders
- Use strong passwords
- Only download and install programs from sources you know and trust
- Secure your wireless network with an encrypted password
More details on these topics can be found at CERT (a higher education sponsored group that studies and solves cybersecurity problems).
Secure Your Mobile Device
Criminal attacks on mobile phones and tablets typically take advantage of device features that are similar to computers. However, the convenience of mobile devices also makes them vulnerable to a range of other attacks.
For example, mobile devices are easy to steal and that includes data stored on the device, from personal identifiers to financial and corporate data. Additionally, anyone — including criminals — can develop apps for some of the most popular mobile operating systems. Even legitimate smartphone software can be exploited.
How can I protect my mobile phone or tablet?
- Lock your device with a Personal Identification Number (PIN), password or fingerprint sensor
- Configure your device to automatically lock after a certain period
- Never leave your device unattended in public
- Download software updates for your mobile device’s operating system when prompted
- Avoid texting or emailing personal information such as Social Security or account numbers
- Limit the amount of important personal information stored on your device
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots
- Beware of posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks
- Investigate and research before selecting and installing apps
- Delete all information stored in a device prior to selling or discarding it
What should I do if my mobile phone or tablet is lost or stolen?
- If it’s your work device, report the loss/theft to your employer immediately
- If it’s your personal device, report the loss/theft to your service provider as soon as possible to deter malicious use of your device and minimize fraudulent charges
- Report the loss or theft to local law enforcement
- Change your credentials for accounts and social networks accessed by the device
- If necessary, direct your service provider to wipe your device — remotely deleting all data on the phone
Protect Your Family
Cybersecurity doesn’t have to be a “control” issue. Instead, make cybersecurity about protection and education. Use software to enforce family rules and routinely talk with your children about internet dangers.
How can I protect my family on social media?
- Create an account that gives both you and your children access
- Monitor activity using tools, such as parental control software, and keep tabs on the messages coming in and going out
- Talk with your children about safe online behavior
- Teach your children about fake accounts and predators, online advertising, and Instant Messaging
- Beware of surveys and quizzes that ask about maiden names, or schools attended, etc.
- Disable GPS tags in photos
Are there other online safety issues for children?
- Parents can be liable for items purchased under their child’s name
- Credit monitoring services are available for minors
- Risky internet behavior can be a warning indicator for other problems
Cybersecurity and the Wolf Administration
The Wolf Administration put together a team of professionals from all areas of state government to develop online resources to help protect you and your family as you navigate the internet in your daily lives.
Cybercriminals continue to target consumers and businesses, and we must remain ever vigilant in our efforts to protect ourselves from attack. Pennsylvania’s state government continues to work collaboratively with federal authorities and other state agencies to address cybersecurity challenges. We will continue to assist Pennsylvanians by highlighting and providing resources relating to cybersecurity threats and best practices.