Security & Safety Resource Center

Extensions can augment web browsers but they can also create security risks. For instance, Google Chrome is probably just another trusted application to your operating system and antivirus software, meaning it – and its extensions – can run code without a problem. Some extensions are malicious, though. Keep your eye out for unusual names, odd publishers and bad user reviews before downloading anything.

The “S” in HTTPS in a URL is an indication that you can trust that website with your personal information. To avoid using sites without the “S,” you can install a plugin on Google Chrome, which automatically switches sites from HTTP to HTTPS. To add the plugin:

• Go to Home in the Chrome web store.
• Go to Extensions.
• Go to HTTPS Everywhere.
• Click “Add to Chrome.”

If you do not regularly use an account, it shouldn’t exist. If an account that you don’t check regularly gets hacked, you may not even notice until the hacker causes significant damage. You may think that your old social media accounts don’t contain much sensitive information, but you’d be surprised. They might contain your email, phone number, information about your location and more.

You should never leave your device unlocked when you walk away from it. However, we all make mistakes. You can alter the amount of time it takes for your device to lock on its own to add an extra layer of protection. Shorten the timer to as short as you are comfortable — less than one minute is ideal. To do this on your iOS device:

• Go to Settings.
• Go to Display and Brightness.
• Go to Auto-lock.
• Select how long you want your device’s screen to stay on.

It’s good practice to change your passwords frequently enough so that a hacker is less likely to figure out what your password is. An easy way to remember to do this is to set expiration dates for your passwords on your private accounts. This will require you to change your passwords every so often, and you typically cannot repeat old passwords, making it essential that you come up with strong passwords with combinations of letters, numbers and symbols.

If you choose to use your own device at work, your employer does not have the ability to wipe your device clean remotely unless they use mobile device management (MDM). If your device gets lost or stolen, a hacker may be able to access your device and whatever sensitive information it contains about your company. However, with MDM, your employer can simply erase all sensitive information from your device when necessary.

Be a responsible and considerate email user. Many people consider email forwards a type of spam, so be selective with the messages you redistribute. Don’t forward every message to everyone in your address book, and if recipients ask that you not forward messages to them, respect their requests.

People use the notes app on their smartphones for their grocery lists and other reminders, which is perfectly fine. However, do not use your notes app for personal information like your passwords, social security numbers or credit card information. Notes applications are not automatically encrypted, which means that hackers could easily decipher your private information. Instead, use an application like Standard Notes, which encrypts your information.

Modern automatic filters are pretty good at keeping spam out of your inbox. Nevertheless, they don’t snag everything, meaning the occasional oddball message will still slide through. You can get extra protection on your account with advanced filters configured for specific addresses and domains. Gmail, Yahoo and other major mail providers all incorporate these features.

Hackers can use public charging stations to install malware on your device, so we recommend never using a public phone charger. However, if you are out and your phone is about to die, you may feel as though you don’t have any other choice. If you invest in a portable phone charger and keep it in your purse, briefcase or backpack fully charged at all times, you will have a back-up battery in case of an emergency, and you will never need to use unsecure charging stations.

The Internet is a public resource – post only information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can’t retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people’s machines. So please review it before posting. 

Signal can be used for one-to-one messaging or group messages, but it can also be used for more secure voice calls. Like messages, voice calls are end-to-end encrypted to protect your privacy. To use Signal for a voice call:

• Tap “Compose” and select a contact or enter a number.
• Open the conversation.
• Tap the phone icon to begin the call.

Mattermost is a more secure alternative to Slack, so it can be appropriate for a workplace setting. It contains most of the same features as Slack, like multiple chat rooms and the ability to send GIFs and emojis, but it also contains multiple layers of security with its high-trust SaaS approach and lack of third-party monitoring.

We suggest keeping your webcam covered whenever you aren’t using it. You can do this with a sticky note or a bandage. However, these products are not very durable and could fall off after time, especially if you frequently remove them and put them back on. A webcam cover sticks securely over your webcam, and you never need to remove it because it has a small sliding door that you can use to hide and reveal the camera. With a more durable solution, you will not face the risk of your webcam cover falling off without you noticing.

With rising privacy concerns regarding popular videoconferencing applications, you should seek platforms with privacy policies that are clear and concise, like Jami. Jami is an end-to-end encrypted videoconferencing alternative, and its privacy policy states that the company only collects data that is imperative to compiling website visit statistics.

The Internet makes it easy for people to distort their identities and intentions. Consider restricting the people who are allowed to contact you on these social sites. If you interact with people you do not know, be careful about the amount of information you reveal or especially agreeing to meet them in person.

If you have an Android phone, consider using Frost for your internet browsing, especially when conducting research on private topics. Frost automatically blocks pop-ups and most ads, and it wipes your browser history as soon as you close the application. Additionally, you will need to enter a password in order to access any bookmarks or saved images.

If you want to be especially discreet about your location, you might not want to upload high-resolution photos to your social media accounts. Photos with high resolution can include information like street signs, addresses or names of businesses. Using these pieces of information, a person could quite easily decipher your exact location.

The Windows 10 device hardware address can be used for tracking you as you move between Wi-Fi networks. To prevent this surveillance, toggle on the hardware randomization option in Windows 10’s Wi-Fi settings.

If you take a picture with your smartphone and post it to the internet, it is likely that it contains a geotag, which is location-disclosing metadata. Keep your exact whereabouts private by disabling automatic geotagging on your device. To do this on an iOS device:

• Go to Settings.
• Go to Privacy.
• Tap Location Services.
• Tap Camera.
• Select “Never.”

Similar to automatic Wi-Fi connectivity, your iPhone searches for nearby available Bluetooth connections. Assailants can use a Bluetooth connection as a potential entry point to hack into your device and steal your personal information. To turn off automatic Bluetooth activity on iOS:

• Go to “Settings.”
• Go to “Bluetooth.”
• Turn Bluetooth off.

A safer way to use Bluetooth devices is to only turn this setting on when you want to use the device you are connecting to. Remember to turn this setting back off when you are done using it.

Back up your most important stuff—contacts, photos, videos and other device data—with another device or online backup service before setting off on a trip. Our internet suite products offer online backup in addition to internet security.

Spyware, also known as “adware,” is defined as a dangerous type of malware that quietly gathers a user’s sensitive information, including their browsing and computing habits, and reports it to unauthorized third parties. Your compromised information can then become a target for financial crimes, identity theft and more. To prevent and protect against spyware, security software is crucial.

As technology advances, privacy and cybersecurity are harder than ever to achieve and maintain, but you can trust Total Defense’s Anti-Spyware Protection software to protect all your devices against potential spyware attacks.

If you have an Echo, or another Alexa device, it could be listening to your conversations if your wake word is something you use often. Amazon claims that only relevant conversations are stored, but if you want to limit the amount of conversations that fall in this category, you may need to be more cautious. Change your wake word to something that you rarely use so that your private conversations are not recorded. Remember, even words that sound close enough to your wake word can sometimes turn on the device. See our how to protect your smart home article for additional info.

If you notice fraudulent activity on your bank account, notify the Federal Trade Commission immediately, then use the report to notify the police. A more comprehensive report will better equip the police to find the person responsible. To begin this process:

• Navigate to the Federal Trade Commission website.
• Click on “Get Started” on the home page.

You will be asked a series of questions about your situation. Then, you will receive a recovery plan, which you can then put to action with a step-by-step plan provided by the FTC.

One possible way to decrease the potential damage of an attacker gaining access to your credit card information, is to consider opening a credit card account for online use only. Maintain a minimum credit line on the account to limit the amount of charges a potential attacker can accumulate.

When an application is no longer supported by its maker through updates for security and functionality, it’s risky to use since you might not even know what unpatched exploits it contains. Old versions of QuickTime, Windows (especially XP) and many other everyday programs are perfect examples and should be avoided in favor of newer ones. Programs such as our Ultimate internet security can update vulnerable applications automatically.

2SV adds an extra layer of security to your accounts, which is imperative for accounts that contain your credit card information, like Amazon. If you set your Amazon account up with 2SV (two-step verification) a hacker will need more than just your username and password to use your account. A code will be sent to your trusted device, making it impossible to login without that device. To set up 2SV:

• Navigate to Account
• Click on “Login and Security”
• Click on “2SV Settings”

Apple Pay is a third-party digital wallet. Your credit card number is stored in this application, and you can use it to pay for your purchases with tokenization instead of giving your credit card number to an online store. This will ensure that no one has your credit card information but you.

Admin accounts are powerful and extend certain permissions not available to other accounts on a device. The bad news is that if your device is lost, stolen or hacked, these administrator capabilities could be implemented to cause a lot of harm. Think about setting up a second account for daily use, one without admin privileges.

If you get an email with a link to a store, don’t click on the link to do your shopping. Open up a new tab and find the online store through your browser. This could protect you against phishing scams, which are attempts to gain personal information like your credit card number through reputable-sounding email addresses.