Pledge Starter Kit

[tsujeeth]

3 Topics. 5 Security tips per topic.

[tsujeeth]

References:

US-CERT: https://www.us-cert.gov/ncas/tips

Spam: http://www.usa.gov/topics/science/communications/internet/spam.shtml

Online safety for families: http://www.microsoft.com/about/corporatecitizenship/en-us/youthspark/youthsparkhub/programs/onlinesafety/resources/

Stop.Think.Connect campaign: http://www.dhs.gov/stopthinkconnect

[tsujeeth]

Protecting your email address:

Email addresses have become very common these days. Every online user likely has an email account that they use to keep in touch with their family & friends. In addition, several online services like banking, public utilities, online shopping, social networks etc. require the user to sign-up using their email address. Hence, it is very important to treat one’s email address as personally identifiable information that must be safeguarded.

Here are some simple tips to safeguard yourself from email abuse.

(1) Change your passwords often. It is a good practice to do this once every 3 months or so. It may help to mark your calendar to remind you of this task! Also, you should never share your password with anyone; not even with your dearest friend.

(2) Do not enter your email address on a website that you do not trust. Likewise, do not post your email address on a public web page. You never know who is looking at this information.

(3) Consider opening a secondary email account. While your primary email address may be used to keep in touch with family, friends and organizations you trust; your secondary email address may be used for everything else!

(4) Report spam! In other words, “if you see something, say something”. Most email providers like gmail, yahoo mail etc. provide a button on the inbox page that makes this task easy. Such reporting will help in filtering out junk emails from spreading to more users.

(5) Never forward chain letters. This is an easy way to lose your email address to a spammer.

[tsujeeth]

Protecting Personal Devices & Information:

Mobility and general usefulness have made mobile phones and laptops extremely popular. Since we store personal and professional information in our devices, they have also become very lucrative targets for criminals.

Here are some tips to protect your computer as well as the information that is stored in them.

(1) When in a public space, keep your phone and laptop with you at all times. Unattended devices become easy targets to thieves.

(2) Password protect your devices. Almost all the mobile phones these days come with support for a passcode based login. Set this up!

(3) Take regular backups of personal data. This is the only dependable way to recover lost data; whether it is a case of your device getting lost/stolen or if it does not power up due to technical failures.

(4) Do not install software from web sites that you do not trust. Files from an untrusted source may be malicious software that might harm your device and/or information.

(5) Protect yourself against software viruses by regularly running anti-virus scans.

[tsujeeth]

Protect against phishing attacks:

Phishing is the act of cyber criminals impersonating an organization or individual to trick people into giving out their private information like bank account number, ATM card's PIN etc. Typically a phisher sends an email with a link to the fraudulent webpage that looks (logos, product descriptions etc) very similar to the legitimate business.

Example text from a phishing email: "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."

Here are some tips to protect your from a phishing attack:

(1) Do not reveal personal, financial or sensitive information in email, and do not respond to email solicitations for this information. A legitimate business would never request for this information to be disclosed this way.

(2) If there are any links in the email, pay closer attention to the website's URL. Phishing links look very similar, except for a few misspellings, to the legitimate business. For example, a phisher might use the URL http://www.bankofamericas.com while pretending to represent https://www.bankofamerica.com

(3) If you believe your financial accounts may be compromised, contact your financial institution immediately and block future transactions on the accounts that may have been compromised. Watch for any unexplainable charges to your account.

Reference: https://www.us-cert.gov/ncas/tips/ST04-014

[jerluc]

@tsujeeth from Jayson:

Couple quick comments on the 2 tutorials:

Email tidbits

• consider using 'scare' tactics or statistics to back up some of the suggestions
• secondary email can be used for 'everything else' what does 'else' mean? might be helpful to provide some examples, i.e. it can be used in some cases to recover an account if the primary email address is lost
• report spam: are there any immediate, direct benefits to the direct user if he/she reports?
• chain email: add another line? emails used when forwarding chain letters get extracted, you are providing a means for spammers to target your friends and family

Protecting personal devices

• discussion point number one seems like common sense, any way to link to online security?
• some beginners may not understand "regular backup" and how it is applied to a mobile device vs. laptop

Overall the message and content looks good.