Communicate with Awareness
Surf the Web Securely
Protect your personal information. It's valuable. This is true whether you are a business entrusted with customer or employee personal information or you are an individual protecting your own. According to the Federal Trade Commission, millions of people become victims of identity theft every year. Ensure your personal information is protected by following these tips:
- Tips for Consumers:
- Encrypt your computer’s information to help lower the risk of cybercrime as a result of a lost or stolen computer. Experts recommend that you use encryption to protect any sensitive information you have stored. There are many types of encryption products available for your computer to protect your personal and confidential information should your computer fall into the wrong hands.
- Frequently back up your hard drive so that you do not lose any important files if your computer goes missing.
- Never share your account information with others. This includes passwords.
- Never use public or shared computers/kiosks to check your online account information or shop online.
- Encrypt personal information when it must be sent in email.
- Never send personally identifiable information (PII) via instant message or text.
- Because data is often stolen through the use of malware, be sure to review our tips for securing your device.
- Download the FTC’s Guide, Fight Back Against Identity Theft
- Assess your risk with McAfee’s Identity Theft Risk Assessment Tool and follow the recommendations in the downloadable report.
- Tips for Businesses:
- Review McAfee’s Tips for Securing Your Business
- Start with a good data governance program to ensure that you know what personal data you have, where it is housed, and that it is appropriately categorized for protection.
- Encrypt all personal information on all devices. Consider smartphones, tablets, and USB sticks in this policy.
- Ensure all employee training includes effective protective measures when handling customer, employee, and other personal information.
- Consider monitoring the movement of personal information over email, print, USB devices, and other communications to ensure adherence to company data handling policies that protect information.
- Consider background checks on those employees handling a large amount of personal information. At both small and large companies, employees have been charged with using personal information to open fraudulent accounts, file fraudulent tax claims, and other activities.
- Learn about recovery services to help you locate laptops that have been stolen — before you have an incident.
- Back up all sensitive data and implement effective protection.
Communicate with Awareness
- Do not open email attachments from an unknown, suspicious, or untrustworthy source. If it’s from a trusted source but you don’t know what the attachment is, or if the subject line is questionable, do not open the attachment.
- Vigilance is the best defense against phishing email scams. If you receive an email message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the email or click on any links. If you want to find out whether the email is legitimate, you can contact the company or individual directly by calling or writing to them.
- Do not open messages or click on links from unknown users in your instant messaging program. Instant messaging can be a vehicle for transmitting viruses and other malicious code, and it’s also a means of initiating phishing scams.
- Consider whether to accept unknown persons as “friends” or professional contacts within social media. Your next “friend” could be the one who sends you the link to malicious software that steals your information or uses you to target your company.
- Learn about the Top 10 ways to defend against phishing.
- Review the Anti-Phishing Working Group's consumer advice and resources.
- Learn more about how to protect against phishing.
Surf the Web Securely
- Exercise caution when downloading files from the Internet. Make sure that the website is legitimate and reputable. Verify that an anti-virus program has checked the files on the download site. If you have any doubts, don't download the file at all. If you download software from the Internet, be especially vigilant of free software, which often carries adware or other potentially unwanted content along with it. Always read the privacy policies and end-user license agreements (EULAs) for software you install, regardless of the source. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P) clients, and any downloads claiming to be “cracked” or free versions of expensive applications, such as Adobe Photoshop or Microsoft Office. If it sounds too good to be true, it probably is.
- Avoid downloads from non-web sources. According to the FTC, every day, millions of computer users share files online. File sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often, the software is free and easy to access. But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download malware or pornography labeled as something else. Or you may download material that is protected by copyright laws, which means that you could be breaking the law. According to McAfee, the chances of downloading infected software from Usenet groups, Internet relay chat (IRC channels), instant messaging clients, and peer-to-peer (P2P) is very high. Links to websites seen in IRC and instant messaging also frequently point to infected downloads. Avoid obtaining your software from these sources.
- Avoid unknown websites whether you are shopping, researching, or performing other activities. Use free website scanning protection such as McAfee SiteAdvisor that warns you about suspicious sites before you click. You can also look for security attestations on their website including McAfee’s “Secure” label.
- The FTC advises not to provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.
- If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
- Type the site's name into a search engine. If you find unfavorable reviews posted, you may be better off doing business with a different seller.
- Consider using free McAfee SiteAdvisor software, which rates websites using a red, yellow, and green warning system to indicate whether a site is trustworthy based on its latest scan.
Back to top
- Use strong authentication. Regardless of whether you are a small business or a consumer, this is important. Consumers most frequently rely on usernames and passwords. Be certain that your password is not easily guessed or associated with you in any way (your mother’s name, dog’s name, etc...), and combine letters, numbers, and special characters. Try to use different passwords across your accounts since the theft of a password for one account can expose your other accounts. Businesses should consider the level of protection needed and look at stronger options such as hardware or software tokens in addition to the password.
- Update your anti-virus software often. Thousands of new pieces of malware are discovered each month. To make sure that you are protected against the newest breed of threats, update your anti-virus software frequently. That means downloading the latest virus signature files and the most current version of the scanning engine. The FTC advises that at a minimum, your computer should have anti-virus software, anti-spyware software, and a firewall. Once you confirm that your security software is up to date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware.
- Back up your files frequently. If a virus infects your files, at least you can replace them with your backup copy. It's a good idea to store your backup files (on CDs or flash drives) in another secure physical location away from your computer.
- Update your operating system, web browser, and email program on a regular basis. For example, you can get security updates for Microsoft Windows and Microsoft Internet Explorer at the Microsoft Safety and Security Center. According to the FTC, it's important to set your operating system and web browser software to download and install security patches automatically. In addition, you can increase your online security by changing the built-in security and privacy settings in your operating system or browser. Check the "Tools" or "Options" menus to learn how to upgrade from the default settings. Use your "Help" function for more information about your choices.
- Use public Wi-Fi networks and hotspots with caution, avoiding financial transactions at these locations—use a virtual private network (VPN) if possible, and clear the cache when using a public computer. For more important tips on protecting your devices and data on Wi-Fi networks, read the Wi-Fi Alliance’s tips to secure your Wi-Fi.
- Use a personal firewall. A hardware firewall that sits between your DSL router or cable modem will protect you from inbound attacks. It’s a must for broadband connections. A software firewall runs on your PC and can protect you from both inbound and outbound attacks.
- Check your accounts and credit reports regularly. Identity thieves can begin using your personal information to open accounts, purchase goods, and make your life miserable within minutes of obtaining that data. Check your bank account and credit card statements frequently. That way, if you discover that your personal information has been compromised, you can alert credit companies and banks immediately, so they can close your accounts.
- Create strong passwords, change them often, and keep them secured. Here are some pointers from the FTC:
- Use passwords that have at least eight characters and include numbers or symbols. The longer the password, the tougher it is to crack. A 12-character password is stronger than one with eight characters.
- Avoid common words that hackers can easily guess.
- Don't use your personal information, your login name, or adjacent keys on the keyboard as passwords.
- Change your passwords regularly (at a minimum, every 90 days).
- Don't use the same password for each online account you access.
- Transact securely at all times on social networking sites, with online retailers, and with payment processors. Review the McAfee tips for conducting secure online transactions.
- Secure your home wireless networks using firewalls for your router and anti-malware protection for all devices connecting to the network, where appropriate.
- Beware of hidden file extensions. By default, Windows hides the last extension of a file, so "susie.jpg" might actually be "susie.jpg.exe" — a piece of malware. To reduce your chances of being tricked, “unhide” those pesky extensions.
- Stay on top of the latest threats by signing up for McAfee Consumer Threat Alerts.
- Visit the McAfee Threat Center and sign up for threat advisories, listen to podcasts on the latest threats, review McAfee’s latest research, read blogs published by McAfee threat experts from around the world, and get other information to help your business
- Learn more using scenarios in McAfee's Most Unwanted List
- Visit Stop.Think.Connect.
- Get online safety tips from the FTC’s OnGuardOnline
- Read our tips to Secure Your Devices
- Read the FTC Resources for businesses
- Visit the Department of Justice Computer Crimes Division Resources
- Small Business advice from the National Cyber Security Alliance
- Anti-Phishing advice from the Anti-Phishing Working Group
- Watch the FTC’s OnGuardOnline “The Case of the Cybercriminal”
Back to top