Top 10 Tips for Strong Internet Security

Tip #1: Only sites with HTTPS are secure!

URLs beginning with ‘http://’ are NOT secure. Sites with ‘https://’ are using a combination of Hypertext Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol, meaning that the session between your browser and the web server is encrypted. Without HTTPS, bad guys can intercept your session using tools like Firesheep.



Tip #2: Use security questions whose answers are impossible for others to guess

Security questions are useful when we forget our passwords and need to reset them. In fact, when signing up for email accounts, most of us unthinkingly put in truthful answers to easy questions, like, “What is your mother’s maiden name?” or “What’s the name of the town in which you were born?”

But have we ever stopped to think how easy it is for bad guys to find the answers to those questions? We share so much of our personal lives on the internet; it’s actually very easy for bad guys to find our security answers on the internet, and to reset our passwords without permission. In fact, a reporter from the Washington Post was able to hack her brother’s iCloud account in three minutes using information that was guessable or findable on the Internet.

Instead of answering security questions with obvious answers that people can find using search engines or from reading your online profiles, try answering with irrelevant answers mixed with numbers. Of course, make sure you remember the answers in the event that you ever get locked out of an account and need to use your security question!

Tip #3: Don’t use the same password for all your accounts

Obviously, it’s easy to remember one complex password and use it across all of your accounts. However, this leads to the possibility of one service being hacked and the hacker using this password to attack your accounts with other services.

Try using suggest using a password manager like 1Password, KeePass and LastPass to generate and keep passwords (we also have a random password generator). These password apps can create random, indecipherable strings of alphanumeric characters as passwords and help store them for you on your different devices.

If your online service (i.e. email, online storage, bank) offers 2-step verification, you should definitely use it.



Tip #4: Keep your operating system and all your software up to date

Operating systems such as Windows and Mac regularly send updates for users with software patches and so on. While it may be tempting to close popups reminding you of a new update, you should be updating as soon as you’re able to protect against the latest security vulnerabilities.

You should also keep your other software up to date. The best tactic is to turn on automated software updates on all your apps—this applies to your antivirus software, email apps, browsers, and so on.



Tip #5: Be careful when accessing public WiFi

Unfortunately, a lot of people don’t know that when you are sitting in your favorite coffee shop, accessing your favorite sites with free Wi-Fi, you’re at risk of having someone intercept your data.

Unprotected free Wi-Fi is a breeding ground for hackers to intercept and access your personal data. Before you connect to public Wi-Fi, turn off file sharing on your computer. If you’re on public Wi-Fi, don’t sign into anything requiring a password UNLESS you’re connected to a VPN.



Tip #6: Be careful what you write on social media

While social media is getting more and more popular, sites like Instagram, Twitter, Pinterest and Facebook are great for keeping up to date and letting your friends know what you’re doing and where you’re going. However, this information is gold for criminals. Accepting friends you don’t know personally could mean giving a hacker unfettered access to information about your family, your friends, where you live, and what you buy/read/do. Yikes.



Tip #7: Delete suspicious email attachments

Have you ever received an unsolicited email? Chances are, you have. The majority of people know that if you receive suspicious links or attachments from random strangers, you shouldn’t open them and should delete them straight away. However, if you receive a strange attachment or link from a friend, you should still do the same.Hackers often send dangerous malware by hacking someone’s email account and sending emails to the victim’s contact list. If you ever receive a suspicious email from a friend, you should email them and tell them that they are likely a hacker’s

Hackers often send dangerous malware by hacking someone’s email account and sending emails to the victim’s contact list. If you ever receive a suspicious email from a friend, you should email them and tell them that they have likely been hacked. In addition, tell them they should change their password and turn on 2-step authentication ASAP.



Tip #8: Don’t plug strange things into your computer

Not only can malware spread through virtual means—but it can also be spread through hardware! Users of USB sticks, external hard drives, and even smartphones are not immune from malware. The nefarious BadUSB malware is a case in point. Before you plug anything into your computer, make sure that you know exactly where it came from and what else has been on it. Only plug in things from trusted sources.



Tip #9: Never lose your device

So you’ve loaded your computer and smartphone with all the latest security software, changed all your passwords, and turned on 2-step verification. But what happens if you lose your computer or your smartphone? If you lose your device, all your emails, photos, and personal data could end up in the hands of someone who’s up to no good.

Don’t let this happen to you! Password protect your lock screen, use a brightly colored case so that you can’t lose it, and back up your data regularly. Turn on device location or use a third-party anti-theft app in case the unimaginable happens. The best, of course, is to always be vigilant about your hardware and never lose it, period.



Tip #10: Know where you’re downloading apps from

For maximum safety, only download apps from 100% trusted sources—for example, the Apple app store, or the creator of the software itself. When installing apps, make sure you know the permissions you’re giving them. For example, does that time management app really need access to your camera and contacts?

One more easy win – make sure your computer or device is configured so that downloaded apps need to be opened manually. You don’t want to download an executable file and have it automatically open on your machine without your consent!

At the end of the day, knowledge is a powerful tool. Maintaining good internet security requires a combination of taking care of your software and hardware, and using some good old fashioned common sense.

All credit for this article goes to http://bit.ly/2Tsc7HA

Stay Protected: 5 of the Most Important Cybersecurity Training Tips For Your Employees

We highlight the most critical cybersecurity training tips for employees because every business, whether big or small, experiences cyber threats.

It is believed that the most sophisticated cyber attacks are the biggest threats to any organization. However, the biggest cybersecurity threat to a business is the people that work there. In fact, eight out of ten top data theft are as a result of human error. This means you could probably stand to receive a few cybersecurity training tips.

Every business, whether big or small, experiences cyber threats. That is why it is absolutely important to have the right cyber prevention setup for your business to grow.

With the ever changing digital landscape, cyber attacks are becoming more sophisticated. All businesses therefore need to ensure the safety of their sensitive information and the security of their networks.

Being up to date with the methods used by criminals and ensuring employees are also aware of obvious dangers are necessary.

This post highlights five critical cybersecurity training tips to get your employees up to date and in turn ensure the protection of your business data.

1. Social engineering:

This is a term used to manipulate others so they give up their important information. It is commonly referred to as phishing. Based on an investigation report by Verizon, 93 percent of data breaches are as a result of pretexting and phishing.

Educate people working for you to be cautious while opening an email or communicating with clients on social media.

They should be weary of pretext such as:

• A request for sudden help: Your friend has traveled to a different country and is stranded. He needs some money immediately so he can return home.
• Give to a charity: The reason for the fundraiser might be honest, the payment link might not be.
• A request that you verify some information: Requests like this seem official and come from an email disguised as from your bank.
• An unusual request from your co-worker: If a co-worker asks for information regarding a project the organization is carrying out.
• You’ve won a prize: These messages appear to be from your lawyer, a lottery, or the IRS for a deal that is nonexistent.

Cyber criminals usually succeed with most of these phishing messages employees act without giving much thought. Train your workers to pause and analyze situations before responding to such emails.

2. Password management:

According to a research conducted in 2017 by OneLogin, less than 31 percent of IT services require their employees to change passwords monthly. Password management is a major challenge for business owners as it regards cyber security.

With IT decision makers failing to remind employees, there needs to be a major change in attitude if you want to improve your cyber security.

Additionally, teach your workers to make use of strong passwords. Trace Security conducted a research and discovered that 81 percent data theft are connected to weak passwords.

When selecting strong passwords, keep the following in mind:

• Use a combination of numbers, letters and special characters
• Get creative
• Choose something you can remember and that is impossible to be guessed
• Avoid using personal information like your name, pet names, birth dates, and family names
• Don’t share your passwords with anybody
• Use a password that is unique for every device
• Regularly change your passwords

3. Email usage:

Most businesses depend on emails daily for both external and internal communications. Since emails are primary delivery methods for computer malware, employees need to know how to responsibly use them.

They should exhibit caution when clicking on emails and opening attachments under these conditions:

• Received from a strange email
• An unusual tone
• Having strange characters and wrong spellings
• You antivirus doesn’t clear the file
• The attachment seems unusual

4. Unauthorized software:

A quick way for viruses to infect your computers is by downloading software from sources that are unknown. Even software that appears innocent such as a game could have ransomware, spyware or other malicious codes.

Have a policy in place regarding software employees can and cannot install on company computers.

5. Using the internet:

Carry out training for your employees to avoid opening unfamiliar links on the internet or from sources that seem suspicious. Such links might download malicious software that could potentially infect your computers and put them at risk.

Establish safe browsing guidelines for using the internet in the office, and let your IT support workers to educate other employees on these rules.

ALL CREDIT FOR THIS ARTICLE GOES TO http://bit.ly/2Tc1Hvn

Grammar and Spell Checker

Check your texts for spelling and grammar problems everywhere on the web
★ Finds many errors that a simple spell checker cannot detect
★ No registration needed
★ Supports more than 25 languages (see below)
★ Works on almost any website including Gmail, Facebook, twitter

Google Docs user? Please use this add-on instead: https://chrome.google.com/webstore/detail/languagetool/kjcoklfhicmkbfifghaecedbohbmofkm

With this extension you can check text with the free style and grammar checker LanguageTool. LanguageTool finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word, and it can detect some grammar problems. It supports more than 25 languages, including English, Spanish, French, German, Polish, and Russian.

LanguageTool is designed with simplicity in mind. It instantly checks the spelling and grammar of any text in the current text field. LanguageTool is compatible with almost all text, regardless of source, including social networks such as Twitter or LinkedIn and online e-mail services, such as Gmail. Very few sites like docs.google.com and chrome.google.com currently aren't supported - please use https://chrome.google.com/webstore/detail/languagetool/kjcoklfhicmkbfifghaecedbohbmofkm for Google Docs instead.

With LanguageTool our aim is to give users a fully-featured grammar checker and proofreader that will enable them to have control and confidence over their content. While LanguageTool is a vital extension for non-native speakers, it’s also smart enough to recognize many mistakes that native speakers commonly make. This grammar and spelling correction works across all variations of common language; distinguishing between U.S. and British English, for instance. LanguageTool also features a personal dictionary for exceptions or words that you might commonly use but that are not found in a conventional dictionary. LanguageTool will recognize these words in future grammar checking and proofreading.

Unlike Grammarly (a.k.a. Grammerly :-) and Ginger, LanguageTool works for many languages.

Your privacy is important to us: By default, this extension will check your text by sending it to https://languagetool.org over a securely encrypted connection. No account is needed to use this extension. We don't store your IP address. See https://languagetool.org/privacy/ for our privacy policy.

Please send bug reports or questions to https://forum.languagetool.org

List of supported languages: English (Australian, Canadian, GB, New Zealand, South African, US), French, German (Austria, Germany, Swiss), Asturian, Belarusian, Breton, Catalan (also Valencian), Chinese, Danish, Dutch, Esperanto, Galician, Greek, Italian, Japanese, Khmer, Persian, Polish, Portuguese (Brazil, Portugal, Angola, Mozambique), Romanian, Russian, Slovak, Slovenian, Spanish, Swedish, Tagalog, Tamil, Ukrainian

Top 10 Secure Computing Tips

Tip #1 - You are a target to hackers

Don't ever say "It won't happen to me".  We are all at risk and the stakes are high - to your personal and financial well-being, and to the University's standing and reputation. 

• Keeping campus computing resources secure is everyone's responsibility.
• By following the tips below and remaining vigilant, you are doing your part to protect yourself and others.

Tip #2 - Keep software up to date

Installing software updates for your operating system and programs is critical. Always install the latest security updates for your devices:

• Turn on Automatic Updates for your operating system.
• Use web browsers such as Chrome or Firefox that receive frequent, automatic security updates.
• Make sure to keep browser plug-ins (Flash, Java, etc.) up to date.
• Utilize Secunia PSI (free) to find other software on your computer that needs to be updated.

Tip #3 - Avoid Phishing scams - beware of suspicious emails and phone calls

Phishing scams are a constant threat - using various social engineering (link is external) ploys, cyber-criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.

• Phishing scams can be carried out by phone, text, or through social networking sites - but most commonly by email.
• Be suspicious of any official-looking email message or phone call that asks for personal or financial information.

Tip #4 - Practice good password management

We all have too many passwords to manage - and it's easy to take short-cuts, like reusing the same password.  A password management program (link is external) can help you to maintain strong unique passwords for all of your accounts.  These programs can generate strong passwords for you, enter credentials automatically, and remind you to update your passwords periodically. 

There are several online password management services that offer free versions, and KeePass (link is external) is a free application for Mac and Windows.

Here are some general password tips to keep in mind:

• Use long passwords - 20 characters or more is recommended.
• Use a strong mix of characters, and never use the same password for multiple sites.
• Don't share your passwords and don't write them down (especially not on a post-it note attached to your monitor).
• Update your passwords periodically, at least once every 6 months (90 days is better).

Tip #5 -  Be careful what you click

Avoid visiting unknown websites or downloading software from untrusted sources.  These sites often host malware that will automatically, and often silently, compromise your computer.

If attachments or links in the email are unexpected or suspicious for any reason, don't click on it.

ISO recommends using Click-to-Play or NoScript (link is external), browser add-on features that prevent the automatic download of plug-in content (e.g., Java, Flash) and scripts that can harbor malicious code.

Tip #6 - Never leave devices unattended

The physical security of your devices is just as important as their technical security. 

If you need to leave your laptop, phone, or tablet for any length of time - lock it up so no one else can use it. 

If you keep sensitive information on a flash drive or external hard drive, make sure to keep these locked as well. 

For desktop computers, shut-down the system when not in use - or lock your screen.

Tip #7 - Protect sensitive data

Be aware of sensitive data that you come into contact with, and associated restrictions - review the UCB Data Classification Standard to understand data protection level requirements.  In general:

• Keep sensitive data (e.g., SSN's, credit card information, student records, health information, etc.) off of your workstation, laptop, or mobile devices.
• Securely remove sensitive data files from your system when they are no longer needed.
• Always use encryption when storing or transmitting sensitive data.
• Unsure of how to store or handle sensitive data?  Contact us and ask!

Tip #8 - Use mobile devices safely

Considering how much we rely on our mobile devices, and how susceptible they are to attack, you'll want to make sure you are protected:

• Lock your device with a PIN or password - and never leave it unprotected in public.
• Only install apps from trusted sources.
• Keep your device's operating system updated.
• Don't click on links or attachments from unsolicited emails or texts.
• Avoid transmitting or storing personal information on the device.
• Most handheld devices are capable of employing data encryption - consult your device's documentation for available options.
• Use Apple's Find my iPhone (link is external) or the Android Device Manager (link is external) tools to help prevent loss or theft.
• Backup your data.

Tip #9 - Install anti-virus protection

Only install an anti-virus program from a known and trusted source.  Keep virus definitions, engines and software up to date to ensure your anti-virus program remains effective.

For personally-owned systems and unmanaged UCB owned computers, the campus offers free anti-virus software, available for Windows and Mac, to current faculty, staff, and students.

Tip #10 - Back up your data

Back up regularly - if you are a victim of a security incident, the only guaranteed way to repair your computer is to erase and re-install the system.

All credit for this article goes to: http://bit.ly/2jPqYyi

10 Tips To Stay Safe Online

With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to all these threats.

Here are some tips to help you get started:

1. Create Complex Passwords. We know you’ve heard it before, but creating strong, unique passwords for all your critical accounts really is the best way to keep your personal and financial information safe. This is especially true in the era of widespread corporate hacks, where one database breach can reveal tens of thousands of user passwords. If you reuse your passwords, a hacker can take the leaked data from one attack and use it to login to your other accounts. Our best advice: use a password manager to help you store and create strong passwords for all of your accounts.

Then, check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your phone, as well as your password and passphrase.

2. Boost Your Network Security. Now that your logins are safer, make sure that your connections are secure. When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi.The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a Virtual Private Network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

3. Use a Firewall. Even if your network is secure, you should still use a firewall. This an electronic barrier that blocks unauthorized access to your computers and devices, and is often included with comprehensive security software. Using a firewall ensures that all of the devices connected to your network are secured, including Internet of Things (IoT) devices like smart thermostats and webcams. This is important since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

4. Click Smart. Now that you’ve put smart tech measures into place, make sure that you don’t invite danger with careless clicking. Many of today’s online threats are based on phishing or social engineering. This is when you are tricked into revealing personal or sensitive information for fraudulent purposes. Spam emails, phony “free” offers, click bait, online quizzes and more all use these tactics to entice you to click on dangerous links or give up your personal information. Always be wary of offers that sound too good to be true, or ask for too much information.

5. Be a Selective Sharer. These days, there are a lot of opportunities to share our personal information online. Just be cautious about what you share, particularly when it comes to your identity information. This can potentially be used to impersonate you, or guess your passwords and logins.

6. Protect Your Mobile Life. Our mobile devices can be just as vulnerable to online threats as our laptops. In fact, mobile devices face new risks, such as risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices.

7. Practice Safe Surfing & Shopping. When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This indicates that the website is secure and uses encryption to scramble your data so it can’t be intercepted by others. Also, be on the lookout for websites that have misspellings or bad grammar in their addresses. They could be copycats of legitimate websites. Use a safe search tool such as McAfee SiteAdvisor to steer clear of risky sites.

8. Keep up to date. Keep all your software updated so you have the latest security patches. Turn on automatic updates so you don’t have to think about it, and make sure that your security software is set to run regular scans.

9. Lookout for the latest scams. Online threats are evolving all the time, so make sure you know what to look out for. Currently, “ransomware” is on the rise. This is when a hacker threatens to lock you out of all of your files unless you agree to pay a ransom. Stay on top of this and other threats by staying informed.

10. Keep your guard up. Always be cautious about what you do online, which sites you visit, and what you share. Use comprehensive security software, and make sure to backup your data on a regular basis in case something goes wrong. By taking preventative measures, you can save yourself from headaches later on.


All credit for this article goes to : http://bit.ly/2XBKd0R

Google translate

View translations easily as you browse the web. By the Google Translate team.
Highlight or right-click on a section of text and click on Translate icon next to it to translate it to your language. Or, to translate the entire page you're visiting, click the translate icon on the browser toolbar.

Learn more about Google Translate at https://support.google.com/translate.

By installing this extension, you agree to the Google Terms of Service and Privacy Policy at https://www.google.com/intl/en/policies.

UPDATE (v.2.0): Now you can highlight or right-click a text and translate it vs. translate the entire page. You can also change extension options to automatically show translation every time you highlight text.

How to browse the Internet safely at work

This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visit Detectify’s blog to read their guide to HTTP security headers for web developers.

More and more businesses are becoming security- and privacy-conscious—as they should be. When in years past, IT departments’ pleas for a bigger cybersecurity budget fell on deaf ears, this year, things have started looking up. Indeed, there is nothing quite like a lengthening string of security breaches to grab people’s—and executives’—attention.

Purely reacting to events is a bad terrible approach, and organizations who handle and store sensitive client information have learned this the hard way. It not only puts businesses in constant firefighting mode, but is also a sign that their current cybersecurity posture may be inadequate and in need of proper assessment and improvement.

Part of improving an organization’s cybersecurity posture has to do with increasing its employees’ awareness. Being their first line of defense, it’s only logical to educate users about cybersecurity best practices, as well as the latest threats and trends. In addition, by providing users with a set of standards to adhere to, and maintaining those standards, organizations can create an intentional culture of security.

Developing these training regimens requires a lot of time, effort, and perhaps a metaphorical arm and a leg. Do not be discouraged. Companies can start improving their security posture now by sharing with employees a helpful and handy guide on how to safely browse the Internet at work, whether on a desktop, laptop, or mobile phone.

Safe Internet browsing at work: a guideline

Take note that some of what’s listed below may already be in your company’s Employee Internet Security Policy, but in case you don’t have such a policy in place (yet), the list below is a good starting point.

Make sure that your browser(s) installed on your work machine are up-to-date.

The IT department may be responsible for updating employee operating systems (OSes) on remote and in-house devices, as well as other business-critical software. It may not be their job, however, to update software you’ve installed yourself, such as your preferred browser. The number one rule when browsing the Internet is to make sure that your browser is up-to-date. Threats such as malicious websites, malvertising, and exploit kits can find their way through vulnerabilities that out-of-date browsers leave behind.

While you’re at it, updating other software on your work devices keeps browser-based threats from finding other ways onto your system. If IT doesn’t already cover this, update your file-compressor, anti-malware program, productivity apps, and even media players. It’s a tedious and often time-consuming task, but—shall we say—updating is part of owning software. You can use a software updater program to make the ordeal more manageable. Just don’t forget to update your updater, too.

If you have software programs you no longer use or need, uninstall them.

Let’s be practical: There’s really no reason to keep software if you’ve stopped using it or if it’s just part of bloatware that came with your computer. It’s also likely that, since you’re not using that software, it’s incredibly outdated, making it an easy avenue for the bad guys to exploit. So do yourself a favor and get rid. That’s one less program to update.

Know thy browser and make the most of its features.

Modern-day browsers like Brave, Vivaldi, and Microsoft Edge have launched quite a bit differently than their predecessors. Other than their appealing customization schemes, they also boast of being secure (or private) by default. By contrast, browsers that have been around for a long time continue to improve on these aspects, as well as their versatility and performance.

Regardless of which browser you use, make it a point to review its settings (if you haven’t already) and configure them with security and privacy in mind. The US-CERT has more detailed information on how to secure browsers, which you can read through here.

Use a password manager. 

It may sound like this advice is out of place, but we include it for a reason. Password managers don’t just store a multitude of passwords and keep them safe. They can also stop your browser from pre-filling fields on seemingly legitimate, but ultimately malicious sites, making it an unlikely protector against phishing attempts. So the next time you receive an email from your “bank” telling you there’s a breach and you have to update your password, and your password manager refuses to pre-fill that information, scrutinize the URL in the address bar carefully. You might be on a site you don’t want to be on.



All credit for this article goes to:https://blog.malwarebytes.com/101/2019/02/how-to-browse-the-internet-safely-at-work/