MARCH 1

Protect your kids online through monitoring and parental controls.

Protecting your children online can be a challenge. Have your kids use their own computer with parental controls turned on, and place their computer in a visible and well-trafficked area such as the dining room or living room. Regularly check on what they are doing online, and limit their Internet use to a specific time every day. This will ensure they are constantly monitored and safe.


MARCH 2

Protect your backups as you would protect your primary data.

Common methods of protecting backup data include password protection, encryption, and labeling. Provide a password when backing up your data if your software offers this option. You’ll also need to provide that password when you restore the backup.


MARCH 3

Follow your organization’s records retention & destruction policy. Email constitutes an official “written” record.

Every email that you receive, send, and forward becomes part of the official “written” record that can be used in a court of law. Always follow your organization’s policy about retaining and destroying records. This means that you might need to hold onto email that you would ordinarily want to delete, such as to free up storage space. You might need to keep the messages for a specific amount of time, depending on local governmental and industrial regulations. Authorities often need to access copies of emails during the course of an investigation.


MARCH 4

Secure your data when stored and transmitted through encryption.

Unless you encrypt your data, it will not be protected when saved to a hard drive or transferred over the Internet. Unencrypted data can easily be accessed. Take action to encrypt your sensitive information and never transmit unencrypted data over the Internet. If uploading or otherwise transmitting data, ensure that the recipient is properly secured as well. You can secure your data through the use of a program that encrypts hard drives and other media, or by packing your data in a ZIP or RAR file that is password protected. Many flash drives and external drives also offer password protection features natively.


MARCH 5

Cancel your credit cards and contact your bank if you think you have become the victim of identity theft.

Once a criminal has stolen your personal information and committed identity theft, it’s important to act quickly to minimize any potential harm. Begin by contacting your financial institutions to cancel your credit cards and order replacements. Check your online banking account and change your login information immediately. You will also want to change passwords for your email and any sites that you log into. For added security, sign up with a credit monitoring service to alert you to any fraudulent attempts.


MARCH 6

Look for a security icon (usually a padlock) when using wireless networks to see if Wi-Fi is secure or not.

For Windows 7 and 8, Apple computers, Android devices, and iOS devices, look for a padlock icon (secure) or an alert icon (not encrypted) next to the name of a Wi-Fi network. If there is no padlock icon, do not trust the network and avoid logging in to any accounts, such as your email or bank account, if you access the Internet via the unsecured wireless network.


MARCH 7

Save your files to a location that is automatically backed up.

Computer storage can fail and files can be overwritten. To avoid losing any of your important data, ensure that you are saving your files and documents to a location that you know is being backed up automatically, such as a network directory. Automated backups should also be checked on a regular basis to ensure that they are completed as scheduled.


MARCH 8

Social engineers will attempt to convince you to let them into secure buildings even though they don’t have a key card or key code. Don’t fall for it!

Malicious individuals who want to steal our physical or information assets often try to get into our facilities by posing as a fellow employee or a vendor who lost his or her card key. They’ve even been known to dress as repair technicians, complete with fake uniforms with the logo of an actual vendor. If someone without a eycard asks you to let them into a secured building, offer to contact security or your supervisor who can verify their identity and grant them access to the building if it’s appropriate to do so.


MARCH 9

Use your computer with the assumption you might be audited for acceptable use of equipment.

Most of us are familiar with the idea that cookies help identify us to advertisers and website owners when we visit websites. However, your computer type, model, operating system, and even what version of web browser you are using are also known to every site that you visit. This combined data results in another method to identify you and the types of information you access.


MARCH 10

Protect your home computer by using strong passwords and never reusing passwords.

Your home computer often holds extremely important data. You can protect your home computer thorough the use of a strong password, such as a long password that contains a variety of special characters. Changing your password often also increases your security. Never use your work password for your home computer, as this can represent a security risk for both you and work.


MARCH 11

Use caution when disclosing personal information such as PIN numbers.

Never share your PIN code, even with someone at your bank, and change it if you believe it has been compromised.


MARCH 12

Manage your passwords with safety in mind: do not use words found in any dictionary, in any language.

To keep your online accounts safe, you need to carefully manage your passwords. Don’t use words from any dictionary, because criminals can use automated programs to run an entire dictionary against your account password in practically no time and gain access to your organization’s information. Use numbers or other characters, include upper case and lower-case letters, and otherwise change your password until it no longer can be found in any dictionary.


MARCH 13

Never give out information without verifying the identity of the person requesting it.

A social engineer is a person who attempts to get confidential information purely through social skills, such as by calling and asking for passwords or other sensitive information. They will often claim to be a member of your organization or an organization that works directly with you, and may even know detailed information about your organization and your coworkers. Never give out information, such as passwords, to anyone without verifying their identity first. When in doubt, consult your supervisor.


MARCH 14

Sending email over a Wi-Fi connection? Be sure your email system uses encryption or secure Wi-Fi network.

Email systems often send messages in plain text with no encryption. If your email is not encrypted and you are using an unsecured Wi-Fi connection, you are literally broadcasting your email messages to anyone within range of your computer, so anyone with the right software who is near you can easily listen in. To prevent this, make sure that either your email system uses encryption or that you are connecting via a secure Wi-Fi connection (WPA2).


MARCH 15

Beware of free or found USB flash drives. They may contain viruses or malware to compromise your computer.

We’re accustomed to getting free promotional items, such as t-shirts or coffee mugs with company logos on them through the mail and at trade shows. Think twice before accepting a USB flash drive as a gift or using a flash drive that you’ve found in some random location. Criminals often put viruses and malware on USB drives and leave them around, hoping victims will pick them up and use them in their computers. Protect your organization’s computers and network by avoiding found or “gift” USB drives.


MARCH 16

Protect your identity by shredding personal documents at home.

Many identity thefts occur every year through the use of physical documents that were thrown away in the trash. Rather than throw out your personal information, invest in a small shredder and shred all of your documents before you get rid of them.


MARCH 17

Simply clicking on a social media link can infect your computer with malware. Never click on suspicious links.

Hackers often post messages on social media sites with links to malware. For example, they might hijack a friend’s account and then post a message saying they are “Stuck in London” and need you to send money. To avoid these traps, never click on suspicious links in social media posts.


MARCH 18

Con artists may construct fake social media accounts. If you feel suspicious, trust your instincts.

There are many con artists who create social media accounts to get close to others and get information from them. They may even claim to have gone to the same school you did or know other people that you know. If you feel suspicious at all about a person online, you should trust your instincts and block them. Do not add anyone to your social media accounts that you don’t know.


MARCH 19

Spam emails may use the “unsubscribe” option to determine whether your email address is active.

Spam emails may prompt you to unsubscribe from them. When you click the unsubscribe link, you could potentially be redirected to malware. The Spam sender could also use your response to determine your email account is active; they could then either continue sending you emails or even sell your email to another spammer. Don’t unsubscribe from unsolicited emails.


MARCH 20

Any email could potentially contain or link to a virus. Avoid clicking on links or opening attachments in emails.

Emails can expose you to viruses or malware in two ways: through a link or through an attachment. Do not click on links in emails that appear suspicious or come from people you don’t know. Do not open unidentified email attachments. Any type of email attachment could potentially contain malware. Even email attachments that you recognize or requested should be scanned by your virus scanning software before you open them.


MARCH 21

Always be near the fax machine when receiving sensitive data.

When you receive a fax of a sensitive or confidential document, those around the fax machine could read it or even make a copy of it. You should always wait by a fax machine when you’re receiving sensitive documents to avoid compromising the data. Once you have received the data, you must treat it as a sensitive document: avoid placing it where it could be viewed by others and destroy it properly when you no longer need it.


MARCH 22

Phishing techniques may be used to trick you into clicking harmful links. Never click on suspicious links.

Phishing emails may be sent to you asking you to click on a link. Once you click on the link you may be directed to an infected website which will install spyware on your computer. Always be skeptical about links sent to you via email. Do not click on links that come from unknown senders or that do not go to where they claim they are going to.


MARCH 23

Cyber bullying isn’t just a matter for school officials. It’s also a crime. Report any cyber bullying to authorities.

Cyber bullying is a crime. If your child is the target of cyber bullying, you should document everything and contact both your child’s school and the local authorities. This will increase the likelihood that the matter will be dealt with in an appropriate and productive way. It will also send a message to your child that they are protected and that what is happening to them is wrong.


MARCH 24

Fraud may occur through bank accounts and credit cards without notice. Check your statements often.

Fraudulent or simply incorrect transactions may occasionally hit your bank accounts or credit cards without you noticing. Some criminals will even test out new bank accounts or credit cards by putting through very small transactions, which will usually go unnoticed. Check your statements every month and follow up on any unusual activity. Even a small deposit in your transactions might actually be a criminal trying to determine whether your account is active.


MARCH 25

Transmitting confidential or sensitive information via email or IM may expose data to risk.

The transmission of confidential, private, sensitive, proprietary, or valuable information through email or IM may represent a significant security risk. Email and IM channels are usually unencrypted, allowing anyone to intercept or view this information. If you need to send sensitive data for business reasons, contact the help desk to find out more about sending encrypted data.


MARCH 26

Using the same password for multiple accounts could expose all your accounts following a single security breach. Use unique passwords for each account.

If you use the same password for multiple accounts, you increase your overall risk. The breach of a single account could potentially lead to the breach of all of your accounts, because when a hacker knows your username and password on one service, he or she will try the same login information on other services. Instead, use unique passwords for every account you have and change them often. Email addresses, personal banking, web services, mobile devices, and work computers should all have separate passwords.


MARCH 27

Viruses and malware can infect a device or computer via email attachments, links from any source, USB drives, and many other ways.

There are many ways in which malware may infect a system. USB drives, emailed files, instant messaging, web links, and applications are all among the major ways that a virus may be introduced. Comprehensive antivirus utilities may be used to scan risky files, and you can protect yourself and your system by avoiding any links, files, and removable media devices.


MARCH 28

Always be on guard against thieves looking to steal your laptop or mobile devices.

You should always secure your mobile device or laptop, especially when traveling or in an unfamiliar area. Your mobile device or laptop may have sensitive personal information on it or even confidential business data. Never bring a device that contains work information anywhere if it isn’t necessary, and always keep an eye on your mobile device or laptop. Encrypt the data on your device or laptop, and ensure that it is password protected. If using a laptop for a long time in a single location, use a cable lock.


MARCH 29

Protect your data with secure storage and transmission. Otherwise, your data may be vulnerable.

Most users have sensitive data on their computer that could be used for malicious purposes: bank account information, personal information, and more. To protect this data, you should always use the appropriate encryption protocols for both storage and transmission. Encryption protocols seal stored data behind a virtual lock, protecting the data from hackers. Storage devices, such as a hard disk drive or a flash drive, should be encrypted and you should use secure Wi-Fi and SSL (secure socket layer) protection when transmitting sensitive information. Look for HTTPS in the web address to verify the data is being transmitted securely.


MARCH 30

Your instant messages are not private. Don’t say anything you wouldn’t want your employer seeing.

While at work, your email and instant message conversations are part of your workplace’s data. You should never introduce anything into this professional data that you would not want your boss or colleagues to see. Always remain professional while you are at work and while you are talking to your colleagues.


MARCH 31

Only use authorized devices to access workplace information.

Always follow your organization’s device security policy. When using a laptop, desktop, smartphone, or other device while working remotely, your device must meet minimum security requirements to keep unauthorized people from accessing critical workplace information. For example, you will need to use a robust login and password system on your smartphone, and only connect to the Internet through a virtual private network. Configure your device so that you can wipe it from remote in case it is lost or stolen. When in doubt, contact your supervisor to verify that your device is authorized for use and has the latest security updates.