Internet Safety & Awareness
This section equips you, as a parent, to have open and informative conversations with your child about internet safety.
Here, we'll provide guidance on:
- Starting the conversation: Learn how to approach the topic in a way that feels natural and age-appropriate.
- Building trust and open communication: Create a safe space for your child to share their online experiences, good or bad.
- Setting clear expectations: Work together to establish ground rules for internet use and responsible online behavior.
- Navigating social media and online challenges: Explore tools and resources to address cyberbullying, online predators, and other potential dangers.
Remember, by having regular conversations and working as a team, you can empower your child to become a responsible digital citizen and thrive in the online world.
Internet Safety Resources
Malware
Phishing
"Phishing" refers to a fraudulent practice where attackers impersonate a trusted entity, like a bank or company, through email, text messages, or other communication methods to trick users into revealing sensitive information like passwords, credit card details, or personal data, often by directing them to malicious links or attachments.
Website Resources:
Video Resources:
Strong Passwords
Strong passwords are important because they protect your personal information from unauthorized access and cyber threats.
Here are some tips for creating a strong password:
- Don't use personal information: Avoid using your name, birthdate, pet names, or home address.
- Change your password regularly: Change your password every three to six months, or immediately if you suspect it's been compromised.
- Make it long: A strong password is at least 16 characters long, but longer is better.
- Make it random: Use a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using sequential numbers or letters.
- Make it unique: Use a different strong password for each account.
- Don't reuse passwords: Reusing passwords can lead to credential stuffing, a password attack where cybercriminals can access multiple accounts at once.
Website Resources:
Video Resources:
Online Safety
Cybersecurity Awareness - Tech Tips
- Cybersecurity 101: The Basics
- Protecting Your Digital Home
- Be Cyber Secure at Home
- Basics for Passwords & Password Management
- Social Media
- Multi-Factor Authentication
- Phishing Attacks
- Cybersecurity When Traveling
- Identity Theft & Internet Scams
- Holiday Internet Safety Tips
Cybersecurity 101: The Basics
Cybersecurity is the art of protecting networks, devices, and data from unlawful access or criminal use, and providing confidentiality, integrity, and availability of information. Much of your personal information is stored either on your computer, smartphone, or tablet. Knowing how to protect your information is important, not just for individuals but for organizations, as well. Every time you use the internet, you face choices related to your security. Your security and the security of the nation depends on making responsible online decisions. Making the internet safe and secure requires all of us to take responsibility for our own cybersecurity behavior.
KNOW YOUR CYBER BASICS
• Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
• Update Your Software: Don’t delay – if you see a software update notification, act promptly. Better yet, turn on automatic updates.
• Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords securing them for you!
• Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
POTENTIAL THREATS
• Malware. A computer can be damaged or the information it contains harmed by malicious code (also known as malware). A malicious program can be a virus, a worm, or a Trojan horse. Hackers, intruders, and attackers are in it to make money off these software flaws.
• Identity Theft and Scams. Identity theft and scams are crimes of opportunity, and even those who never use computers can be victims. There are several ways criminals can access your information, including stealing your wallet, overhearing a phone call, looking through your trash, or picking up a receipt that contains your account number.
• Phishing. Phishing attacks use emails, texts, and malicious websites that appear to be trusted organizations, such as charity organizations or online stores, to obtain user personal information.
Protecting Your Digital Home
PROTECTING YOUR DIGITAL HOME
Every year, more of our home devices, including thermostats, outdoor lighting, door locks, coffee makers, and smoke alarms, are connected to the internet to create a“smart home.” These advances in technology, commonly referred to as the internet of things (loT), are convenient and may improve efficiency and safety, however, they also pose a new set of security risks.
- Start with your wireless network. Secure your Wi-Fi network. Your home’s wireless router is the primary entrance for cybercriminals to access all your connected devices. Secure Wi-Fi and digital devices by changing the default password and username. Check your internet provider’s or router manufacturer’s wireless security options. Your internet service provider and router manufacturer may provide information or resources to assist in securing your wireless network.
- Keep tabs on your apps. Most connected appliances, toys, and devices are supported by a mobile application. Apps have the ability to gather your personal information while also putting your identity and privacy at risk. Be aware of downloading new, unfamiliar apps or giving default permissions. Check your app permissions and use the “rule of least privilege” to delete apps you no longer need or use.
- Never click and tell. Disable location services that allow anyone to see where you are, and where you are not, at any given time. Limit what information you share on social media from home—from personal addresses to where you like to grab coffee. Keep Social Security numbers, account numbers, usernames and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and vacation plans.
KNOW YOUR CYBER BASICS
- Enable multi-factor authentication (MFA) to ensure that you are the only person who has access to your account. Use MFA for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device such as your smartphone, an authenticator app, or a secure token—a small physical device that can onto hook your key ring.
- If you connect it, you must protect it. Whether it is your computer, smartphone, gaming device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on. And, if you are connecting something to your device, such as a universal serial bus (USB) for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software, and be sure to periodically back up any data that cannot be recreated, such as photos or personal documents.
Be Cyber Secure at Home
BE CYBER SECURE AT HOME
In 2022, CISA reported that, “Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety.” Businesses face significant financial loss when a cyberattack occurs. Cybercriminals often rely on human error—employees failing to install software patches or clicking on malicious links—to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.
- Use only approved tools. Only use organization-approved software and tools for business, including company-provided or approved video conferencing and collaboration tools to initiate and schedule meetings. Unapproved free tools may make your system vulnerable, so check in with your Information Technology (IT) team before using them on your work computer.
- Secure your meetings. Take precautions to ensure your virtual meetings are only attended by intended individuals. Plan for what to do if a public meeting is disrupted.
- Secure your information. Tailor your security precautions appropriately to the sensitivity of your data. Only share data necessary to accomplish the goals of your meeting.
- Secure yourself. Take precautions to avoid unintentionally revealing business and personal information. Ensure home networks are secured.
KNOW YOUR CYBER BASICS
- Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
- Don’t make passwords easy to guess. As “smart” or data-driven technology evolves, it is important to remember that security measures only work if employees use them correctly. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.
- Stay up to date. Keep your software updated to the latest version available as per your organization’s guidelines. Talk to your organization’s IT team about turning on automatic updates, so you don’t have to think about it, and set your security software to run regular scans.
- Follow your company’s social media policies. Employees should avoid oversharing on social media and should not conduct official business, exchange payments, or share PII on social media platforms.
- Don’t trust the sender immediately. Data breaches can occur even without a cybercriminal hacking into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting or forwarding to a supervisor, so that any necessary organizational updates, alerts, or changes can be put into place.
Basics for Passwords & Password Management
CYBERSECURITY BASICS FOR PASSWORDS AND PASSWORD MANAGEMENT
Creating long, random and unique password is a critical step to protecting yourself online. Using long passwords is one of the easiest ways to defend yourself from cybercrime. The most secure way to store all your unique passwords is by using a password manager. With just one password, a computer can create and save passwords for every account that you have— protecting your online information, including credit card numbers and their three-digit codes, answers to security questions, and more.
STRONGER PASSWORDS INCREASE SECURITY
- Use a long passphrase with 12 or more characters. Use the longest password or passphrase permissible. For example, you can use a password manager or passphrase such as a news headline or even the title of the last book you read.
- Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
- Keep your passwords on the down low. Do not tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or by phone. Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.
- Use unique passwords. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protects you in the event of a breach.
KNOW YOUR CYBER BASICS
- Strengthen your login protection. Use multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other password-required service. Enable MFA by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics (biological measurements—or physical characteristics—that can be used to identify individuals, such as fingerprint mapping, facial recognition, and retinal scans), and/or security keys. Your usernames and passwords are not enough to protect key accounts like email, banking, and social media.
Social Media
CYBERSECURITY BASICS FOR SOCIAL MEDIA
Now more than ever, consumers spend an increasing amount of time on the Internet. For every social media account with which you interact, every picture you post, and status you update, you are sharing information about yourself with the world. This information is permanent in cyberspace. It is imperative to be proactive and secure your online safety. Take these steps to connect with confidence and safely navigate the social media world.
CYBER CRIMINALS AND SOCIAL MEDIA
Cybercriminals use social media to spread malware, malicious links, and malicious advertising. They can also leverage hacked credentials to refine their malware and scamming targets. In addition, they will use the “oversharing” of personal information to target online accounts. It is critical that you practice good cyber hygiene by understanding their tactics and knowing the cyber basics.
- Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people do not realize is that these seemingly random details are all a criminal needs to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans.
- Connect only with people you trust. While some social networks might seem safer for connecting because of the limited personal information shared within them, keep your connections to people you know and trust. If communication from a post seems strange or odd, delete it.
- Speak up if you’re being cyberbullied online. Report any and all instances of cyberbullying you see or experience to the appropriate social platform.
- Report suspicious or harassing activity. Work with your social media platform to report and possibly block harassing users. Report an incident if you have been a victim of cybercrime. Local and national authorities are ready to help you.
KNOW YOUR CYBER BASICS
- Remember, there is no ‘delete’ button on the internet. Share with care, because even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it, and information is permanent in cyberspace.
- Update your privacy settings. Set the privacy and security settings to your comfort level for information sharing. Disable geo-tagging, which allows anyone to see where you are—and where you are not—at any given time.
- If You Connect IT, Protect IT. Whether it is your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
Multi-Factor Authentication
Cybersecurity Tip #6 - Basics for Multi-Factor Authentication
CYBERSECURITY BASICS FOR MULTI-FACTOR AUTHENTICATION
Have you noticed how security breaches, stolen data, and identity theft are consistently front-page news these days? Perhaps you, or someone you know, are a victim of cybercriminals who stole personal information, banking credentials, or more. As these incidents become more prevalent, you should consider using multi-factor authentication (MFA), also called strong authentication, or two-factor authentication.
This technology may already be familiar to you, as many banking and financial institutions require both a password and one of the following to log in: a call, email, or text containing a code. By applying these principles of verification to more of your personal accounts, such as email, social media, and more, you can better secure your information and identity online.
MFA is defined as a security process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person.
HOW AND WHEN MFA SHOULD BE USED
There are three categories of credentials: something you either know, have, or are. Here are some examples in each category:
- Something You Know: Password/passphrase, pin number.
- Something You Have: Security token or software application, verification text, call, email, or smart card.
- Something You Are: Fingerprint, facial recognition, voice recognition.
Your credentials must come from at least two different categories for you to gain access. One of the most common methods is to login using your username and password. Then a unique one-time code will be generated and sent to your phone or email, which you would then enter within the allotted amount of time. This unique code is the second factor.
MFA should be used to add an additional layer of security around sites containing sensitive information, or whenever enhanced security is desirable. MFA makes it more difficult for unauthorized people to log in as the account holder. According to the National Institute of Standards and Technology (NIST), MFA should be used whenever possible, especially when it comes to your most sensitive data—like your primary email, financial accounts, and health records. Some organizations will require you to use MFA; with others, it is optional. If you have the option to enable it, you should take the initiative to do so to protect your data and your identity.
KNOW YOUR CYBER BASICS
To learn how to activate MFA on your accounts, visit the Lock Down Your Login Multi-Factor Authentication | CISA page, which gives instructions on how to apply this stronger form of security to many common websites and software products. If any of your accounts are not listed on that resource site, look at your account settings or user profile and check whether MFA is an available option. If you see it there, consider implementing it right away! Usernames and passwords are no longer sufficient to protect accounts with sensitive information. By using multi-factor authentication, you can protect these accounts and reduce the risk of online fraud and identity theft. Consider also activating this feature on your social media accounts!
Phishing Attacks
PHISHING
Phishing attacks collect your personal and financial information using email, text, or malicious websites to infect your digital devices with malware. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers or mobile phone and makes the user vulnerable to an attack. Think twice because cybersecurity is the collective responsibility of everyone. Phishing emails or texts may appear to come from a trusted financial institution, e-commerce site, a government agency, or any other service, business, or individual. The email or text may ask for account numbers, passwords, or Social Security Numbers. When users respond or click on a link, attackers take the data to access users’ accounts.
HOW CYBERCRIMINALS LURE YOU IN
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity."
"During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information."
"Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund."
- Play hard to get with strangers. Links in emails, texts and online posts are often the way cybercriminals compromise your devices. If you are unsure who the message is from—even if the details appear accurate—do not respond, and do not click on any links or attachments—just delete it. Be cautious of generic greetings, as these are often phishing attempts. If you question the message, call the company directly.
- Think before you act. Be wary of messages that implore you to act immediately, causing you to fear your account is in jeopardy. If you receive a suspicious message that appears to be from someone you know, reach out to that person directly on a secure platform. If a message is from an organization, but still looks “phishy,” reach out to the organization to verify the message.
- Check hyperlinks. Avoid clicking on hyperlinks in messages, and hover over links to verify authenticity. Ensure that webpage URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
- Once you post on the internet it is there forever. Keep personal information to yourself. If people have key details from your life like your job title, full name, birthdate and more, they can attempt a direct “spear-phishing” attack on you. Criminals can also use social engineering with these details to try to manipulate you into skipping setting up normal security protocols. In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.
- Be alert for suspicious emails. If you receive an e-mail from a known vendor that seems suspicious, encouraging you to click on a link to your account, do not click on the link or call the number in the email. Instead, login directly to your account to verify if there are any issues with your account or call the company using the number listed on their website.
KNOW YOUR CYBER BASICS
- Enable multi-factor authentication (MFA). Enable multi-factor authentication (MFA), meaning use two or more user verification methods to log in to your accounts or devices, to ensure that the only person who can access your account is you. Use it for email, banking, social media, and any other password-protected service. If MFA is an option, enable it on trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Shake up your password protocol. Use the longest password or passphrase permissible. Use long, random and unique passwords, which can prevent criminals from gaining access to accounts and protect you in the event of a breach. Use password managers to generate and remember different passwords for each account.
- Use password managers. There are password apps to generate and remember different passwords for each account.
- Install and update antivirus software. Make sure all your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, email filters, and anti-spyware.
HOW TO REPORT
The Cybersecurity and Infrastructure Security Agency (CISA) Incident Reporting System provides a secure web-enabled means of reporting computer security incidents to CISA.
Cybersecurity When Traveling
TAKE CYBERSECURITY WITH YOU WHEN TRAVELING
In a world where we are constantly connected, cybersecurity cannot be limited to the home or office. When you are traveling, whether domestically or abroad, it is always important to practice safe online behavior and take proactive steps to secure internet-enabled devices. The more we travel, the more we are at risk for cyberattacks. Whether traveling with personal or business devices, you should always comply with user rules for international travel. Use these tips to connect with confidence while on the go.
KNOW YOUR CYBER BASICS
- “If You Connect IT, Protect IT.” Whether it is your computer, smartphone, game device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
- Back up your information. Back up your contacts, financial data, photos, videos, and other mobile device data to another device or cloud service in case your device is compromised.
- Enable multi-factor authentication (MFA). Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
- Know who to call for support. If you experience any system issues, you should know whom to call for IT support. If your device is compromised, you should have a plan on the actions you will take.
- Never click and tell. Do not tell the social media world that you are going to be away from your home. Disable geo-tagging and do not post your travel pictures on social media until you return from vacation. Limit what information you post on social media—from personal addresses to where you like to grab a coffee. What many people do not realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are—and where you are not— at any given time.
- Stay protected while connected. Before you connect to any public wireless hotspot—such as at an airport, hotel, or café—turn on your browser’s advance security settings and be sure to confirm the name of the network and exact login procedures with the appropriate staff to ensure that the network is legitimate. If you do use an unsecured public access point, practice good internet hygiene.
Identity Theft & Internet Scams
CYBERSECURITY BASICS: IDENTITY THEFT AND INTERNET SCAMS
Today’s technology allows us to connect around the world, to bank and shop online, and to control our devices from our smartphones. This added convenience brings with it an increased risk of identity theft and internet scams. We can greatly increase our cybersecurity online, at work, and at home by taking a few simple steps.
IDENTITY THEFT
Identity theft happens when someone steals your personal information to commit fraud. The identity thief may use your information to apply for credit, file taxes, or get medical services. These acts can damage your credit status and cost you time and money to restore your good name.
- Don’t reveal personally identifiable information such as your bank account number, Social Security Number (SSN), or date of birth to unknown sources.
- Practice safe web surfing wherever you are by checking for the green lock or padlock icon in your browser bar—this signifies a secure connection.
- Type website URLs directly into the address bar instead of clicking on links or copying and pasting from the email.
- Check with the known sender before clicking on any links. All emails and messages should be considered suspicious, when in doubt.
For additional resources to report and recover from identity theft contact the Federal Trade Commission’s Identity Theft website: www.identitytheft.gov/#/
COMMON INTERNET SCAMS
- Imposter scams, such as phishing and spoofing, occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information. For example, an imposter may contact you from the Social Security Administration informing you that your SSN has been suspended, in hopes you will reveal your SSN or pay to have it reactivated.
- Donation scams take the form of emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email involving recent world events, such as COVID-19, or geo-political events. Be wary of social media pleas, texts, or calls.
KNOW YOUR CYBER BASICS
-
Enable multi-factor authentication (MFA). Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other password-protected service. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
-
Shake up your password protocol. You should consider using the longest password or passphrase permissible. Use long, random and unique passwords for different sites to prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different passwords for each of your accounts.
- Stay up to date. Keep your software updated with the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you do not have to think about it, and set your security software to run regular scans.
REPORTING A CYBERCRIME
If you discover that you have become a victim of cybercrime, immediately notify authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. Crime reports will aid investigations and acting immediately can help you recover lost funds or data.
Holiday Internet Safety Tips
The holiday shopping season is a prime opportunity for bad actors to take advantage of unsuspecting shoppers through fake websites, malicious links, and even fake charities. Their goal is simple: get your personal and financial information to compromise your data, deploy malicious software, steal your identity, and take your money. But with some simple actions, you can stay safe while you shop and plan for the holidays online.
We are sharing the following information from the Cybersecurity and Infrastructure Security Agency (CISA) to help you stay safe online this holiday season.
Check your devices: Before making any online purchases, make sure the device you’re using to shop online is up-to-date. Next, take a look at your accounts and ask, do they each have strong passwords? And even better, if multi-factor authentication is available, are you using it? Multi-factor authentication (or two-factor authentication), uses multiple pieces of information to verify your identity. Even if an attacker obtains your password, they may not be able to access your account if it’s protected by this multiple step verification process.
Shop through trusted sources: Think about how you’re searching online. How are you finding the deals? Are you clicking on links in emails or ensuring you’re on the correct vendor’s website? Are you clicking on ads on webpages? You wouldn’t go into a store with boarded up windows and without signage – the same rules apply online. If it looks suspicious, something’s probably not right.
Use safe methods for purchasing: If you’re going to make that purchase, what information are you handing over? Make sure you understand how your information will be stored and used.
Visit CISA.gov/shop-safely for more tips on how to have a safe and successful online shopping experience this holiday season.
Always report any suspicious activity on your work device to the Technology Department. We have a protocol in place to secure and investigate any threat that is reported.