Security & Safety Resource Center

An email can live forever if the recipient doesn’t delete it. Even then, it might still be recovered on one of its mail servers. Review each email to see if it contains any information that might cause you trouble down the road, such as some inadvertently copy/pasted text or a Social Security number.

One of the great things about Gmail is its tabbed interface that sorts messages into multiple inboxes (e.g., Primary, Promotions, Social, etc.). You can drag messages between these inboxes to control which ones generate new mail notifications and which ones simply accumulate in another tab. This can be useful for avoiding feeling overwhelmed by your email, and for safely tuning out unfamiliar senders.

There are many variants of Linux (called “distributions”) that can serve as full desktop operating systems that replace or complement more popular options like Microsoft Windows and Apple macOS. To ensure that the Linux distribution you’re using is secure, use a long-term support release. Long-term support means that it’s guaranteed to receive regular security updates and patches for a specified period.

Thinking of upgrading to a new mobile device? Make sure you completely wipe all of the information on the old phone or tablet before giving it away or trading it in. This is usually pretty easy to do, as there’s a button within the settings menu of the device that allows for a factory reset.

Your phone likely contains a lot of sensitive data that only you really need to see. For that reason, it’s advisable to avoid lending it to anyone you don’t know”?, particularly if it’s already unlocked. There are a lot of creative stories that people come up with to justify “borrowing” your device in a pinch, so proceed with caution.

If you believe that certain sites are designed with security in mind, and you feel that content from the site can be trusted not to contain malicious materials, you can add them to your trusted sites and apply settings accordingly. You may also require that only sites that implement Secure Sockets Layer (SSL) can be active in this zone. This permits you to verify that the site you are visiting is the site that it claims to be.

Hard disk drives eventually fail, especially if they’re heavily used. If you have been using the same drive for 4 or more years on a PC, consider replacing or moving on to another device to avoid any unexpected failure. Also be sure to backup everything before switching, either to an external drive or a cloud-based service (or both).

Like on an airplane or in an airport, hotel, train/bus station or café — be sure to confirm the name of the network and exact login processes with appropriate staff to ensure that the network is legitimate. Cybercriminals can easily create a similarly named network hoping that users will overlook which network is the valid one. Additionally, most hotspots are not secure and do not encrypt the information you send over the Internet, leaving it vulnerable to cybercriminals.

SMS texts (e.g., the green messages on iPhones, and most messages sent from the stock Chat app on Android devices) are not encrypted, which sets them apart from most internet-based messaging services like iMessage or WhatsApp. Accordingly, it’s best not to include sensitive data like a bank account number within them.

Some websites monetize themselves by using cryptocurrency miners that hijack a device’s CPU to mine for digital currencies like Bitcoin. These miners can put a lot of strain on your processor and battery. Some browsers now block this tactic by default, while others have compatible extensions that will block such scripts for you.

Creating a strong password is an essential step to protecting yourself online. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.

Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.

When a PC runs hot, it’s usually an indication that its processors are struggling with a workload. Sometimes, though, it can be sign that a malware infection is hijacking your CPU/GPU. If you notice a PC running hot for no apparent reason, run a virus/malware scan.

Antivirus has been a cybersecurity fixture for decades and it remains essential even as threats like social engineering and ransomware take center stage. Make sure you’ve got AV software on all PCs, Macs, and Android devices you use.

Impersonating U.S. soldiers is a common scam tactic on Facebook. Someone will pretend to be a service member and then ask for escalating payments to help tend to an injury or other invented pretext. As a rule of thumb, don’t pay anyone on Facebook unless you know them.

Online dating apps are increasingly popular, which makes them havens for scams that can be costly or even life-threatening. Fake photos are often essential to these scams. Luckily, you can reverse image search photos to see where else, if anywhere, they appear online.

Cashier’s checks are supposed to be reliable. However, some scammers use fake cashier’s checks in e-commerce schemes. Watch out if someone offers to send a cashier’s check for more than the amount you asked for an item, and then directs you to pay the excess amount to a third party.

With every social media account you sign up for, every picture you post, and status you update, you are sharing information about yourself with the world. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it.

Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. According to NIST guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then you can add in some punctuation and capitalization.

Your home’s wireless router is the primary entrance for cybercriminals to access all of your connected devices. More and more of our home devices— including thermostats, door locks, coffee machines, and smoke alarms—are now connected to the Internet. Secure your Wi-Fi network and your digital devices by changing the factory-set default password and username.

Phishing emails often purport to be from a familiar institution like your bank or Amazon. The sender’s name might be something meant to indicate this (e.g., “Amazon Orders”), but often it won’t match the actual return address, which might be something very long and garbled. That mismatch is a sign to stay away.

Phishing is a rudimentary but highly effective cyberattack. Unlike more sophisticated attacks, it is difficult to stop with modern cybersecurity solutions because it exploits human weakness, namely the inclination to trust communications that seem legitimate. Over 90 percent of cyberattacks may begin with phishing.

Not every link leads to where it says it does. Before clicking it, look to see if it seems weird. For example, if it contains a domain associated with another country or is unusually long and complex. You might also want to run it through an online link expander if it’s been shortened to something like bit.ly/*.

Web browsers are your principal connection to the rest of the Internet, and multiple applications rely on your browser to work. Numerous web applications try to enhance your browsing experience by enabling different types of functionality, but this could be unnecessary and may leave you vulnerable attack. A good approach is to set the highest level of security and only enable features when you require their functionality. If you determine that a site is trustworthy, you can choose to enable the functionality briefly and then disable it once you are finished visiting the site.

When Bluetooth is enabled, make sure it is “hidden,” not “discoverable.” The hidden mode blocks other Bluetooth devices from recognizing your device. This does not prevent you from using your Bluetooth devices together. You can “pair” devices so that they can find each other even if they are in hidden mode. Though the devices will need to be in discoverable mode to originally locate each other, once they are “paired” they will always acknowledge each other without needing to rediscover the connection.

Since pop-up windows are often a result of spyware, clicking on the window may install spyware software on your computer. Close the pop-up window, select on the “X” icon in the titlebar instead of a “close” link within the window.

Say someone emails you out of the blue. The best course of action is usually to do nothing. Don’t respond or click a link or attachment in their message, as doing so might be risky and make you vulnerable to phishing scams.

It’s prudent to review your social media accounts every now and then to see if you’ve left any photos, videos, or textual updates on them that might reveal sensitive details about your identity or location. Delete such posts or at least hide them from public viewing to minimize exposure.

From iPhones to office paper shredders, any device that can accept a security PIN should have one set up. These passcodes protect your data against theft and interception, such as in a situation in which a device were lost or stolen.

Virtual private networks (VPNs) can be confusing to configure. But Firefox makes it easy, at least for US desktop users. It has a VPN built right into the browser, which can be toggled to secure connection and keep your internet service provider from monitoring your activity.

Most websites collect a lot of information on a visitor, which is then used to track them across the web and target ads. If you’re uncomfortable with that, consider setting up an ad blocker or installing specialized extensions that limit what any site can see about your device and activity.