Stay Safe Online - Cyber Security Prevention
Keeping your personal information private is becoming increasingly important as our digital world expands. There are steps you can take to secure the things you want to keep private, and some of them only take a few clicks.
Check out some cybersecurity hygiene measures to help you stay safe online.
Social media tips
Memes and viral trends can mean making new friends, but posting on social media also puts you at risk. Connect to your network, but be careful. Social media is a tool widely used by attackers to collect information about you and then steal your identity or create fake accounts and extort information or infect your family and friends.
Protect your social media accounts with a long and strong password. If the social media platform offers multi-factor authentication (MFA), this may be an additional security measure beyond the standard password you should use.
Be vigilant and think before you post. Do not post your direct contact information or personal details on a public profile. Here are some examples of how you may inadvertently reveal more personal information than intended:
Erase your house number if you post a photo of moving into a new house.
If you need help or guidance, ask your network to send you a DM instead of providing your email address or phone number.
Want to join the latest pop culture game What's Your Name where you collect your first pet's name, street name and maiden name to come up with a unique character name? Please think carefully before sharing this information as it may be included in your passwords or secret question for other accounts.
Communicate on social networks only with people you know and trust.
Phishing and scams also go through DM. Consider all messages from known and unknown people as a potential scam.
Logging out of social networking accounts after using a shared computer.
Phishing Awareness
Phishing goes something like this: someone is trying to take you by surprise. Attackers send malicious links via email to steal personal information. This happens often, but you can be the first line of defense. Don't fall for the bait!
Hover over links before clicking to view the URL.
Analyze the content. Look for typos, misspelled words, or bad grammar. Is the context of the email normal, or are they trying to scare or create a sense of urgency that seems fishy?
Don't finish what you didn't start. If you didn't enter the contest and still won something, please be careful before clicking on a link or providing information.
Instead of clicking a link in an email, check the information by going to the company's website to make sure the URL or contact information matches.
Find out if there is currently a similar scam in the news or on social media sites by doing a quick online search.
Online Shopping Tips
Autofill is great when you really want to buy something quickly. But before you do, make sure you know where you are shopping! Consumers should be mindful of their online shopping habits to ensure the safety of their purchases and the safety of their information. Here are a few ways you can protect your information—even if you're in retail therapy.
Make purchases only on familiar and trusted sites. Explore unfamiliar sites before buying by doing a quick online search to see if the retailer has been listed as a scam or to make sure the brand, products and prices match what you find.
Beware of suspiciously low prices. Does the deal sound too good to be true? Try searching for an item (non-retailer) to see how the price compares to some of the competition.
Beware of fake shopping apps. Only download apps that are available in your app store.
When using online marketplaces between individuals, never use bank transfers with unreliable parties. Many scams start with these bank transfers.
Make sure your device's security software is up to date.
Protecting your network
Keeping your network secure is essential. If someone gains access to your router, they can see everything connected to your network, including your phone and any Internet-enabled gadgets like your garage door or your security system. 22% of consumers have detected malware on a computer, Wi-Fi network, smartphone, tablet, smart home, or other connected device.
Invest in a router with a firewall or use a personal firewall software.
Change the default username and password on your router.
Change the router name (aka Default Service Set Identifier (SSID)) on your router. Refer to your router's instruction manual to see the specific steps for your type of router.
Update your router firmware by following your ISP's recommendations and the router's user manual.
Disable remote management for your router. To find out how to do this, please refer to the user manual for your specific router model.
Personal device security
The more connected our mobile device is to our online accounts and network, the more important it is to make sure you take the necessary steps to stay safe.
Enabling passwords and biometrics (if applicable) for your phone and certain apps that contain more sensitive information, such as mobile banking and shopping apps. Update your passwords frequently and never share them with anyone.
Be careful with SMShing, which is similar to phishing but in the form of a text message. Attackers can use short URLs in an SMS message to redirect you to a malicious site or download malware to your device. Do a quick web search to make sure the message or short URL is valid before clicking or replying.
Dispose of your old devices safely. Factory reset your device and then take it to a trusted mobile device recycling center or your mobile operator. Don't just throw away your old device.
Turn on automatic updates for all devices to get the latest security patches and bug fixes.
Double check your privacy settings for apps, including location and data sharing.
Password Recommendations
Strong passwords for accounts and devices are an important tool for keeping your online privacy secure. Accounts now have different requirements for what they define as a strong password, including the use of capital letters, symbols, numbers, and the total number of characters in the password.
Increase the security of your password even further by following these simple steps:
Use a reliable password manager.
Do not share your passwords with anyone else.
Use a passphrase that is similar to a multi-word sentence and longer than a traditional password, but may be easier for the user to remember. Change your passwords - even the strongest, complex, and long ones - if you suspect they have been compromised.
Do not reuse usernames and passwords for multiple accounts. If the credentials are compromised on one site, attackers can try this well-known username and password on other sites. Use trusted websites such as www.haveibeenpwned.com and browser tools to check if your credentials have been published.
Prevention Vishing
Vishing occurs over the phone when attackers call posing as a trusted person to obtain information by forcing you to click a link, enter a website, download a file, provide credentials, or obtain other information.
Never provide personal or financial information in response to an unsolicited request, whether by phone, online, email, or text message. If the caller is impersonating a company or someone you know, hang up and then call the company or individual back with a trusted number, not the number they used or provided.
Don't trust the caller ID. Attackers can manipulate the caller ID to display the appropriate area code for your area to make it look like a local caller.
If you did not initiate the call, do not provide information that the caller should already have. For example, if a company with which you have an account called, they should not ask you for your account number.
If they create a strong sense of urgency, they may be trying to rush you into making a mistake. You can say “no” at any time, or say that you will need to call back later. Remember, if you decide to call back, use a trusted number, NOT the number they provided.
Don't give the caller temporary control of your device or download software if they contact without you reporting a problem.
Web browsing recommendations
Cybercriminals can use fake websites to install spyware on unsuspecting victims, which can turn your last Internet search into an opportunity for an attacker to gain access to your personal information or devices.
Use a reliable web browser. Modern browsers are regularly updated to meet the latest security standards and protect against common tactics used by attackers.
Be careful with pop-ups. This is a common tool used by attackers to trick a user into visiting a malicious website. Get control over pop-ups by setting your browser to block or notify the user.
Make sure your web browser is updated regularly. To make it easier to remember, turn on automatic updates.
Use bookmarks for sites you visit frequently. This will reduce the chance of being taken to a fake or malicious site.
Beware of short URLs commonly used in social media posts and emails. A shortened URL can mask a link leading to a malicious site. If you're suspicious of a shortened URL, your best bet is to find the page with the coordinates yourself through a trusted search engine, or use a reputable website that will shorten the link so you can see the full URL before visiting the page.
Smart home devices
The Internet of Things (IoT) brings all aspects of our lives online. Phones, watches, printers, thermostats, light bulbs, cameras, and refrigerators are just a few of the devices connected to our home networks. These connected devices can make everyday tasks and our lives easier. However, IoT devices have security issues that you should be aware of.
Know all the devices that are connected to your home network and to each other. An inventory of what's connected can serve as a checklist to ensure periodic updates. If a device is no longer needed, it should be disabled to reduce the number of devices that need to be updated.
IoT devices can have weak default security settings, making them a target for ransomware. Make sure you enable higher security for all devices that use complex passwords or system updates. You can also adjust your privacy settings to limit the amount of information your devices share.
Just like your PC and mobile devices, update your IoT devices. If your IoT device supports automatic updates, enable it. At some point, you may want to replace an old IoT device if the existing one has too many known vulnerabilities that cannot be fixed, or there are newer devices that have more security built into it.
Many Wi-Fi routers can create additional networks, such as a guest network. Connect IoT devices to a guest Wi-Fi network instead of your main Wi-Fi network. Another option is to purchase an additional Wi-Fi hotspot just for your IoT devices. This keeps your IoT devices on an isolated network, where they cannot be used to harm or attack any computer or mobile device connected to your main home network (which is still a primary interest of cybercriminals).
Choose your IoT devices wisely. Make sure you are buying from a trusted source and choose a trusted brand. Some attackers will create fake IoT devices that users voluntarily install on their home network or can use as rogue hotspots or human surveillance capabilities.
Child protection
Children of all ages are joining the digital world for a variety of reasons, including schoolwork, playing games, participating in the meta universe, watching videos, and chatting with friends. It is important that they learn safe cybersecurity behaviors at an early age.
Many basic cybersecurity rules can be compared to other real-life security measures, such as being careful when talking to strangers. Tell your children to be considerate when interacting with strangers online and to limit the personal information they share with others, including not giving out their address.
Restrict access to sites by setting permissions to access certain sites or perform certain actions, such as downloading applications or plug-ins. Parental controls are never guaranteed, so start by restricting access to devices you don't think your child needs. Because they have a need for more connections, be prepared to teach them how to ask for help, especially if they see chat or other features turned on.
Encourage an open line of communication so that if they see something dangerous or are concerned they have fallen for the bait, they should immediately notify a trusted person. If they were on a device connected to your network, immediately take steps to update the protections on other devices and on the network router.
Make sure children close apps properly or turn off the device when not in use. Some malicious sites may run in the background or access your device's camera without permission.
Restrict children's ability to shop online by not storing credit cards on devices they can access and by not giving them a credit card to buy anything unless you've verified the site's legitimacy.
USB drives and other removable media
You may be aware of the dangers associated with digital files, such as downloading email attachments or visiting suspicious websites. However, even physical devices such as USB drives, external hard drives, and SD cards pose a security risk due to data corruption or malware infecting the system.
Do not plug in any removable devices unless you know where they came from. If you receive something in the mail, especially if it says you have won a prize or are eligible for a monetary benefit if you plug in the device, be careful about its authenticity.
When transferring data to your own removable media, use strong passwords to protect your data in case your device is lost or stolen.
When you're done using a removable device, make sure you completely clean the device before throwing it away, even if it's password protected. Excessive or expired personal data can still be dangerous if it falls into the wrong hands.
Disable any auto-launch or playback features on your devices so that if a suspicious removable media is connected without your permission, no programs will be installed automatically.
Install security software that will scan your personal device for any viruses or malware, including when you connect removable media. Be sure to update your security software.
Travel
Travel is an opportunity to explore, relax or try something new. By staying safe while traveling, you can focus on the trip and collect memories, not cybersecurity threats.
Do not give a specific location or say you are away from home to minimize the chance of you being the target of a home invasion.
Minimize the transmission of location data on your devices. Check privacy and security settings in web services and apps. Set limits on what you share and the people or apps you share your location with.
If someone says they lost their phone and asks to use yours, be careful. It is best to never give your device to a stranger. It won't take long for an attacker to install or escape with malware. Call them instead.
If you are in a public place, always keep an eye on your devices and do not leave them unattended. Even if you need to turn around briefly or quickly run to the bathroom. It is important that your work devices are hidden as much as possible.
Take as few devices as possible with you on your trip. This reduces the chance that all of your connected devices will be lost or stolen. If available on your device, set up a feature that allows you to find your device or disable it remotely. Be sure to follow our mobile security tips.
Cookie
Who doesn't love freshly baked cookies? Unfortunately, in our digital world, you need to be careful about accepting cookies during your browsing sessions. Computer cookies are text files stored in your web browser that can be used to communicate with the site when you are a regular visitor, so the website "remembers" you and your preferences or browsing history. However, attackers can use cookies to track your other online activities, including keystrokes.
A common access point for cookie-based attacks is an insecure connection. To better protect yourself, set up a secure connection by setting your browser to only send cookies over a secure connection.
Delete cookies from your browser regularly. Depending on your browser, the steps may vary, but it usually takes less than five simple steps. You can use a trusted search engine to learn the steps for your preferred browser.
It's harder for attackers to infect their own cookies from legitimate sites, so they're generally more secure. However, third-party cookies carry a greater risk. You can block all third party cookies in your browser by following a few simple steps. You can use a trusted search engine to learn the steps for your preferred browser.
Many sites are now required to provide you with options to confirm the use of cookies. Take the time to read them before accepting, especially for free sites.
social engineering
Social engineering is the use of deception where an attacker uses human interaction to manipulate a person into revealing personal or sensitive information that can give them access to data, accounts, systems, or physical location. There are several types of social engineering: phishing, vishing, bullying, pretense, and intimidation. On this page, we have covered specific tips for phishing and vishing. Below are other tips to help with various social engineering tactics.
Be suspicious of unwanted phone calls, texts, and personal interactions. What may seem like a friendly conversation with a stranger can be used to collect pieces of information about you and use it for malicious purposes, such as creating a fake account or impersonating an acquaintance to people close to you.
If you are concerned that you have disclosed sensitive information, such as the answers to security questions on your accounts, reset your passwords and security questions on your trusted network and browser immediately.
Research before providing information. If someone contacts you to request information, take the time to research the company and report the issue with a quick search on a trusted search engine. Often the scam is widespread and reported to the news outlets or the company they claim to be affiliated with.
A pretext is when an attacker uses a false identity in a face-to-face communication to trick someone into revealing information. Typically, they pose as an employee or person in trouble to gain access to limited information, physical locations, or systems.
If you did not enter a prize, be suspicious when you are contacted to say that you have won and must provide some information before the prize can be awarded.
Cloud security
Storing information in the cloud may seem like something only companies or tech-savvy people do, but it's more common than you might think.
Use cloud services that encrypt your data during transmission and storage. You can review this information on the cloud service website and use a trusted search engine for reviews. You can also encrypt your data before uploading it to your cloud provider with a trusted service.
As with most cybersecurity tips, it's important to use a strong password. You can find specific tips for creating passwords earlier on this page. Be sure to use a unique and complex password to access your data in the cloud and any encrypted files.
Disable automatic cloud uploads to reduce the risk of a malicious file being downloaded and then corrupting your other data or exposing your files.
Regularly check which apps or devices are connected to your personal cloud account. If you haven't used any of the connected accounts in the last three to six months, it's recommended that you disconnect the connection. This reduces the risk of unauthorized access through an app or device that you no longer use or own.
A handy feature of the cloud service is the ability to share access with others, such as family members. Make sure you only grant access to verified and trusted email addresses or accounts. Also, regularly check who has access to which folders, files, or systems, and remove permissions for those with whom you no longer want to share your data.
Public Wi-Fi
The convenience of using public Wi-Fi is offered as a bonus at our favorite restaurants, cafes, shops, and even public libraries. In order not to turn a convenient service into a headache, follow some recommendations.
Avoid accessing sensitive information when using public Wi-Fi. This may include accessing your bank accounts or entering credit card information.
Disable or restrict access to sharing or sharing features on your personal devices to prevent anyone from sharing a file with you over the public network.
Log out of your accounts when not in use so programs or data can run in the background on public Wi-Fi.
Consider turning off the "ask to join" feature if your data plan supports data transfer. With many carriers offering unlimited data, the need for unreliable networks is decreasing day by day.
Do not connect to public Wi-Fi networks with suspicious names such as "Free WiFi". If you're not sure which public WiFi is associated with your location, ask a member of staff to confirm the WiFi name.
Trust is essential at UC.Technology
With the increasing use of data and technology, trust is becoming critical. Our Global Information Security team is responsible for securing our digital ecosystem, minimizing enterprise risk, and protecting against cyber threats to protect customers, members, employees, data, and systems.