Cybersecurity Tips for Consumers
- Do not give your personal information (Social Security number, physical address, birth date, PINS, passwords, bank account numbers or credit card numbers) to any strangers, over the phone, in a letter, email, fax, or text message.
- Do not trust a caller that claims to be from an established organization including a hospital, the IRS, a local utility company, or law enforcement especially if they ask you to wire funds or send them a re-loadable prepaid card.
- Say “NO” and check out any offer that seems too good to be true!
- Say “NO” to those who show up at your home, or call, and tell you they’ve “noticed” a problem and happen to have the materials to fix it.
Protect Your Identity
- Review your credit report at least once a year. Look for any discrepancies or accounts that may not be yours.
- Be wary of "shoulder surfers." These are individuals who try to get close enough to you to obtain your PIN numbers. Monitor your bank and other statements carefully. Make note of the times that you receive your bills, so you'll know if a bill is missing or unauthorized purchases have been made.
- Limit the number of credit cards that you carry with you.
- Buy a shredder ... and use it! Shred anything with personal information on it such as old receipts, old bank statements, everyday bills, pre-approved credit card offers, medical statements and documents with personal information on it.
- Keep track of your credit card receipts and store them in a safe place until your credit card statement arrives for you to reconcile.
- Be careful with what you do with your credit card statements, especially since many still have full account numbers and expiration dates listed on them.
- When completing credit applications be sure to fill all applications out completely and consistently. Every bill that you receive should be addressed exactly the same.
- Do not have your Social Security number printed on your checks.
- Do not carry your Social Security card with you in your purse or wallet.
- Never leave paid bills in your mailbox for the carrier to pick up. Drop them off at a post office box.
- Make sure any site you do business with has a secure site. You'll know this if the Web page you're on begins with "https" instead of "http".
- If you're shopping online look for the Verisign Certificate, the Trust-e symbol, the Better Business Bureau symbol or a certificate of similar type indicating that the business has been audited and deemed trustworthy.
- If you are moving, contact your creditors immediately to get your information updated.
- Never give your credit card or social security number to anyone by telephone even if you made the call, unless you can positively verify that the individual or caller is legitimate.
I am a Victim - What Do I Do?
- Contact the fraud departments of all the major credit bureaus and ask that a "fraud alert" be placed on your file and that no credit be granted without your permission. Request a copy of your credit report from each of the bureaus; they must give you a free copy of your report if it is inaccurate because of fraud. You should request this in writing also.
- You will automatically receive a free credit report from each of the three agencies and you will be opted out of pre-approved credit card and insurance offers once the credit-reporting agencies have been notified.
- After you receive your report be sure to make note of the number assigned to your account. This will be helpful in communications with the credit-reporting agencies.
- Write a victim statement explaining what happened to you and ask for it to be added to your file at each credit-reporting agency.
- Contact creditors where any of your accounts have been tampered with or an account opened without your knowledge. Put your complaint in writing.
- Complete the Identity Theft Affidavit and make copies to send to your creditors.
- File a police report. Be sure to get a copy of the report in case creditors need proof of the crime later.
- Change all of your account passwords.
- You may need to change your driver's license number if someone is using yours as an ID.
- If your SSN has been used fraudulently, notify the Office of the Inspector General. Be sure to ask for a copy of your "Personal Earnings and Benefits Statements," and check for accuracy.
10 Best Practices for Mobile Device Security
Some of the most common mobile security best practices include:
- User Authentication
Restricting access to the device by requiring user authentication. Most mobile devices can be locked with a screen lock, password or personal identification number (PIN), but these measures are typically turned off by default.
By requiring authentication before a mobile device can be accessed, the data on the device is protected in case of accidental loss or theft of the mobile device. Ensure the use of a powerful password to make it more difficult for a potential thief to access the device.
- Update Your Mobile OS with Security Patches
Keep the mobile operating system and its apps up to date. Mobile operating systems like Apple’s iOS and Google’s Android platform provide regular updates to users that resolve security vulnerabilities and other mobile security threats, as well as provide additional security and performance options and features to users. These upgrades are not always updated automatically, so mobile devices users may need to turn on automatic updates or update their phones and apps manually on a regular basis.
- Regularly Back Up Your Mobile Device
Ensure the mobile device’s data is regularly backed up. By backing up a device to another hard drive or to the cloud, the data can be restored in the event the device gets damaged or is lost or stolen. A backup utility or app that runs automatically on a specified schedule is recommended for keeping the backed-up data as current as possible.
- Utilize Encryption
Utilize encryption for data stored on the phone as well as for data in transit with secure technologies such as VPN. It is also a mobile security best practice to never transmit sensitive or personal information over a public Wi-Fi spot, especially one that is unsecured, without using a secure transmission option like VPN.
- Enable Remote Data Wipe as an Option
Ensure a remote data wipe option is available on the device and that users know how to utilize it in case the device is stolen or lost. Apple’s Find My iPhone app, for example, offers a remote data wiping option in addition to the ability to find the iPhone if it is lost.
- Disable Wi-Fi and Bluetooth When Not Needed
Limit the potential for access by hackers through Wi-Fi or Bluetooth by disabling these connectivity options when not needed.
- Don’t Fall for Phishing Schemes
Avoid potential phishing schemes and malware threats by avoiding clicking on links or opening e-mail attachments from untrusted sources, as they may be from a fraudulent source masquerading as a friend or legitimate company.
- Avoid All Jailbreaks
Ensure that the phone remains locked down as opposed to being jailbroken. While jailbreaking a smartphone can enable the user to run unverified or unsupported apps, many of these apps carry security vulnerabilities. In fact, most security exploits for Apple’s iOS only affect jailbroken iPhones.
- Add a Mobile Security App
Research and select a reputable mobile security app that extends the built-in security features of the device’s mobile operating system. Well-known third-party security vendors offer mobile security apps for iOS and Android.
- Communicate Your Mobile Security Best Practices
In enterprise and small business environments, it is vital for IT staff to ensure the company’s policies and mobile security best practices are clearly communicated to employees so that they are aware of what to do and what not to do in terms of protecting the security of their mobile devices and their data. In addition to explaining best practices, this communication should also include which apps, BYOD and BYOC solutions are permitted in the work environment, and which are not allowed for use.