At Home
When possible, use separate devices for work and personal use.
Separate devices reduce the risk of work-related data loss or compromise.
Firewalls and Anti-Virus - use the Microsoft firewall & anti-virus (or purchase a 3rd party anti-virus)
Firewalls prevent internet-based attacks from hacking into your computer
Anti-Virus prevents malware infections of your computer (Note: Ransomware can evade AV detection)
Wireless router - at a minimum, use WPA2 (Wi-Fi Protected Access 2) to keep wireless traffic secure
Secure wireless connections prevent others from unauthorized use of your wireless network.
Keep wireless router and modem firmware up-to-date
Out of date wireless routers or modems expose them to online takeovers or compromise
Secure IoT devices (smart speakers, doorbell camera, etc) - use strong, unique passwords
IoT devices ship with weak passwords (admin/password, etc) that are widely known by hackers.
Traveling
Caution with free Wi-Fi when accessing email/bank accounts in public spaces (airports, coffee shops)
Fake public Wi-Fi access points will intercept wireless traffic and collect email/bank IDs/passwords.
In public spaces, use a VPN (Virtual Private Network) to access email/bank accounts.
VPN encrypts wireless network traffic and prevents interception of network traffic.
Keep devices secure and accounted for at all times.
Small devices (cell phones/tablets) are targets for thieves for reselling or extracting data.
Don’t use borrowed chargers or public charging stations. Use your own charger.
Unknown chargers may contain malware installed to collect email/bank IDs and passwords.
Online
Practice good password hygiene
Do not share your password or write it down.
Where possible, use 8-16 characters; mix of upper-lower case letters, numbers, and symbols.
Do not save passwords in your browser.
Browsers will autofill a password, which is a financial risk for online bank accounts.
Ransomware (Think before you click!)
Email is the major source of ransomware infection and compromise (90% of infections)
Tricks user to click on a malicious link or attachment (known as social engineering)
Ransomware is embedded in a link or attachment and infects your computer.
Encrypt/exfiltrate data, cripple computer, ransom demand (Bitcoin) displayed on monitor screen
Hackers: lucrative income, Bitcoin is untraceable, low entry cost, prosecution rate low, black market
Scams
Emails/phone calls are sources of scams (Fake virus infections, blackmail, unpaid bills, repairs)
Scare tactics used to cause a user to comply with payment demand (social engineering)
Causes a user to click on a link or call a number to make payment (typically credit/debit card)
Impacted users must contact their financial institutions to protect their bank/credit/debit accounts.
ID Theft
Unauthorized access to personal financial information (ransomware, scams, hacking, dumpster diving)
Use of financial information: bank account withdrawals, loans, purchases, mortgages, illegal activity
Financial institutions & credit reporting agencies contacted right away to prevent further damage
Change logins, passwords, and PINs for financial accounts immediately.