Cybersecurity Basics

Tips and Tricks to Stay Safe Online

We know how important it is to protect yourself and your family while online.  

The topics below cover some basic concepts and advice you should be aware of any time you’re browsing, sharing, or shopping.  

In addition to the tips below, consider visiting the FTC’s online privacy and security page for additional advice.

Passwords provide the first line of defense against unauthorized access to your devices and accounts. The stronger your password is, the more protected you will be. Avoid using passwords based on common words (i.e., “password” or “login”), basic number strings (i.e., 12345 or 123321), or identifying information like birthdays, addresses, etc. 

Make sure to change your passwords regularly, use different passwords for different accounts, and create strong passwords for all accounts.

A strong password: 

  • Uses at least 8 characters  
  • Doesn’t contain your username, real name, or company name 
  • Doesn’t contain a complete word 
  • Includes an uppercase letter, lowercase letter, number, and symbol 

  • Be sure your home network uses an encryption key (password) to prevent unauthorized access. 
  • Only sign into known networks when using public Wi-Fi, like those operated by the establishment. 
  • Avoid banking, shopping, or doing anything confidential when using public Wi-Fi, as those networks are often less secure than private ones. 

  • Purchase entertainment, software, and other files only from known, reputable sources. 
  • Beware of suspiciously “free” downloads, as those often disguise harmful viruses and other malware. 
  • Keep your antivirus, anti-spyware, and other security software up to date. 
  • Require credentials for downloads, so children and employees can’t inadvertently install harmful files. 

Phishing is when scammers send email or text messages that appear reputable in order to trick you into giving them sensitive personal or financial information.

To guard against phishing: 

  • Treat all email requests for personal or company information with suspicion. 
  • Look for errors in the message, as poor phrasing, typos, and grammatical errors are common in phishing emails. 
  • Be wary of threatening language and urgent calls for action. 
  • Hover over any suspect-looking links to see the actual URL then double-check its legitimacy. 
  • Type the URL into your browser to check for verification rather than clicking the link. 
  • Look closely at the sender’s email address, as it might resemble a legitimate address but contain slightly different characters. 
  • Don’t open an email, or the links within it, if you don’t know the sender or didn’t expect the message. 

Ransomware is a type of malware thieves use to digitally extort money from businesses and individuals, typically by holding files and systems “hostage” until payment is received.  

To defend against ransomware: 

  • Update operating systems, applications, antivirus software, and firmware to their latest versions. 
  • Keep web browsers updated and disable browser plugins (such as Java, Flash, and Silverlight) to prevent them from running automatically. 
  • Update network and security policies to prevent unauthorized users from accessing critical infrastructure and systems.

A trojan horse is a malicious program that appears useful or routine. Most trojans act as a backdoor, giving attackers the ability to run your computer, open your files, see browsing history, view your passwords, and more. 

Many of the same rules that apply to guarding against phishing and ransomware will also help you defend against a trojan horse: Keep software up to date, be cautious when downloading files, check if links appear authentic, etc. Be especially suspicious of files that end with the extensions “.exe,” “.vbs,” and “.bat,” as they can all execute a trojan.

A secure website is one that is free of malware and viruses and encrypts all data going through it to protect your sensitive information.  

There are several ways to ensure a website is safe: 

  • HTTPS: Confirm the site is using a secure communication protocol by checking for an “https:” at the beginning of the web address. Don’t enter any personal information on a page that isn’t secured by https. 
  • The lock icon: Click the lock icon on the left side of your browser’s address bar to see the site’s permissions, certificate information, and other security-related details. 
  • Badge verification: Look for a badge that says “Secure and Verified,” or something similar, at the bottom of a website to see its certificate and verification information. If the information doesn’t match the website you’re visiting, it’s not legitimate and likely not secure.
  • Privacy policy: View a site’s privacy policy to see how your data is collected, how it’s used, and the security measures that help to keep it safe.