Protecting your files and devices

• Update your software: This includes your apps, web browsers, and operating systems. Set updates to happen automatically.
• Secure your files: Back up important files offline, on an external hard drive, or in the cloud. Make sure you store your paper files securely, too.
• Require passwords: Use passwords for all laptops, tablets, and smartphones. Don’t leave these devices unattended in public places.
• Encrypt devices: Encrypt devices and other media that contain sensitive personal information. This includes laptops, tablets, smartphones, removable drives, backup tapes, and cloud storage solutions.
• Use multi-factor authentication: Require multi-factor authentication to access areas of your network with sensitive information. This requires additional steps beyond logging in with a password — like a temporary code on a smartphone or a key that’s inserted into a computer.

Protecting your wireless network

• Secure your router: Change the default name and password, turn off remote management, and log out as the administrator once the router is set up.
• Use at least WPA2 encryption: Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on. Encryption protects information sent over your network so it can’t be read by outsiders.

Read more about it

Knowledge Check

Which of the following techniques can be used to protect against phishing attacks?

How Phishing Works

• You get an email or text: It seems to be from someone you know, and it asks you to click a link, or give your password, business bank account, or other sensitive information.
• It looks real: It’s easy to spoof logos and make up fake email addresses. Scammers use familiar company names or pretend to be someone you know.
• It’s urgent: The message pressures you to act now — or something bad will happen.
• What happens next: If you click on a link, scammers can install ransomware or other programs that can lock you out of your data and spread to the entire company network. If you share passwords, scammers now have access to all those accounts.

What You Can Do

Before you click on a link or share any of your sensitive business information:

• Check it out: Look up the website or phone number for the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.
• Talk to someone: Talking to a colleague might help you figure out if the request is real or a phishing attempt.
• Make a call if you’re not sure: Pick up the phone and call that vendor, colleague, or client who sent the email. Confirm that they really need information from you. Use a number you know to be correct, not the number in the email or text.

Read more about it

Which of the following strategies are effective ways to protect your business?

Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash, and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. Criminals use malware to steal personal information, send spam, and commit fraud.

Avoid Malware

Scam artists try to trick people into clicking on links that will download viruses, spyware, and other unwanted software — often by bundling it with popular free downloads. To reduce your risk of downloading malware:

• Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically.
• Don’t change your browser’s security settings. You can minimize “drive-by” or bundled downloads if you keep your browser’s default security settings.
• Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.
• Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Criminals send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site.
• Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.
• Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware.
• Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.
• Don’t click on popups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.
• Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like photo printing stations or public computers.
• Talk about safe computing. Tell your friends and family that some online actions can put the computer at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails, or posting personal information.
• Back up your data regularly. Whether it’s your taxes, photos, or other documents that are important to you, back up any data that you’d want to keep in case your computer crashes.

Detect Malware

Monitor your computer for unusual behavior. Your computer may be infected with malware if it:

• slows down, crashes, or displays repeated error messages
• won’t shut down or restart
• serves a barrage of pop-ups
• serves inappropriate ads or ads that interfere with page content
• won’t let you remove unwanted software
• injects ads in places you typically wouldn’t see them, such as government websites
• displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

• new and unexpected toolbars or icons in your browser or on your desktop
• unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open
• a sudden or repeated change in your computer’s internet home page
• a laptop battery that drains more quickly than it should

Get Rid of Malware

If you suspect there is malware on your computer, take these steps:

• Stop shopping, banking, and doing other online activities that involve user names, passwords, or other sensitive information.
• Update your security software, and then scan your computer for viruses and spyware. Delete anything it identifies as a problem. You may have to restart your computer for the changes to take effect.
• Check your browser to see if it has tools to delete malware or reset the browser to its original settings.
• If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you’ve installed, and a short description of the problem.
• Many companies — including some affiliated with retail stores — offer tech support. Telephone and online help usually are less expensive, but online search results might not be the best way to find help. Tech support scammers pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.

Report Malware

If you think your computer or server has malware, your security department wants to know. File a complaint!

Considering all the different ways your computer may become infected with malware, which if the following bad computing habits or activities will put you and your company at risk?

How It Happens

• Scam emails: with links and attachments that put your data and network at risk. These phishing emails make up most ransomware attacks.
• Server vulnerabilities: which can be exploited by hackers.
• Infected websites: that automatically download malicious software onto your computer.
• Online ads: that contain malicious code — even on websites you know and trust.

Read more about it

From the list below, which methods are effective to protect your business and yourself?

HOW TO PROTECT EQUIPMENT & PAPER FILES

Here are some tips for protecting information in paper files and on hard drives,
flash drives, laptops, point-of-sale devices, and other equipment.

• Store securely: When paper files or electronic devices contain sensitive information, store them in a locked cabinet or room.
• Limit physical: access When records or devices contain sensitive data, allow access only to those who need it.
• Send reminders: Remind employees to put paper files in locked file cabinets, log out of your network and applications, and never leave files or devices with sensitive data unattended.
• Keep stock: Keep track of and secure any devices that collect sensitive customer information. Only keep files and data you need and know who has access to them.

Learn more about it

When protecting data on your devices, which of the following methods are effective?

HOW TO MONITOR YOUR VENDORS

• Put it in writing: Include provisions for security in your vendor contracts, like a plan to evaluate and update security controls, since threats change. Make the security provisions that are critical to your company non-negotiable.
• Verify compliance: Establish processes so you can confirm that vendors follow your rules. Don’t just take their word for it. Leveraging vendor risk automation is an effective way to help monitor vendors.
• Make changes as needed: Cybersecurity threats change rapidly. Make sure your vendors keep their security up to date.

Learn more about it

What are the best steps below to follow if you suspect a data breach?