Cybercriminals are increasingly targeting regular citizens with daily threats, including spear phishing emails, identity theft, account takeovers, ransomware attacks, and remote takeovers. Data security within a household is only as strong as the least-informed member.

October is National Cyber Security Awareness Month, which makes it a great time to review the precautions you can take to avoid these threats on the Internet.

What can you do to keep your and elderly loved ones’ information safe and secure?

Be careful of email attachments and web links

Do not click on a link or open an attachment that you were not expecting. If it appears important, call the sender to verify they sent the email and ask them to describe what the attachment or link is. Before you click a link (in an email or on social media, instant messages, other web pages), hover over that link to see the actual web address it will take you to.

Use separate personal and business computers, mobile devices and accounts

As much as possible, have separate devices and email accounts for personal and business use. This is especially important if other people, such as children, use personal devices. Do not conduct business or any sensitive activities (like online banking) on a personal computer or device and do not engage in activities such as web surfing, gaming, downloading videos, etc., on business computers or devices. Do not send sensitive information to personal email addresses.

Do not connect personal or untrusted storage devices or hardware into computers, mobile devices or networks

Do not share USB drives or external hard drives between computers or devices. Do not connect any unknown / untrusted hardware into the system or network, and do not insert any unknown CD, DVD or USB drive. Disable the “AutoRun” feature for the USB ports and optical drives like CD and DVD drives on business computers to help prevent such malicious programs from installing on the systems.

Be careful downloading software

Do not download software from an unknown web page. Be very careful with downloading and using freeware or shareware.

Watch out when providing personal information

Social engineering is an attempt to obtain physical or electronic access to information by manipulating people. A very common type of attack involves a person, website or email that pretends to be something it’s not. A social engineer will research a person to learn names, titles, responsibilities and any personal information they can find. Afterwards, the social engineer usually calls or sends an email with a believable, but made-up, story designed to convince the person to give them certain information.

Never respond to an unsolicited phone call from a company you do not recognize that asks for sensitive personal or business information.

Never give out usernames or passwords

No company should ask for this information for any reason. Also, beware of people asking what kind of operating system, brand of firewall, internet browser, or what applications are installed. This is information that can make it easier for a hacker to break into the system.

Watch for harmful pop-ups

When connected to and using the Internet, do not respond to popup windows requesting that users click “OK.” Use a popup blocker and only allow popups on trusted websites.

Use strong passwords

Good passwords consist of a random sequence of letters (upper case and lower case), numbers, and special characters. Passwords should be at least 12 characters long. For systems or applications that have important information, use multiple forms of identification (called “multi-factor” or “dual factor” authentication).

Many devices come with default administration passwords – these should be changed immediately when installing and regularly thereafter. Default passwords are easily found or known by hackers and can be used to access the device. The manual or those who install the system should be able to show you how to change them.

Passwords should be changed at least every three months.

Passwords to devices and applications that deal with business information should not be re-used.

You may want to consider using a password management application to store your passwords for you.

Conduct online business more securely

Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner or upper left of the web browser window.

Erase the web browser cache, temporary internet files, cookies and history regularly. Make sure to erase this data after using any public computer and after any online commerce or banking session. This prevents valuable information from being stolen if the system is compromised. This will also help the system run faster. Typically, this is done in the web browser’s “privacy” or “security” menu. Review the web browser’s help manual for guidance.

More resources

Looking for more information? The Tennessee Department of Finance & Administration has an excellent website dedicated to online security awareness. Find tips for protecting kids, keeping your identity secure, and links to many other resources at https://www.tn.gov/finance/article/security-awareness.