In our January 31 blog, we highlighted 3 steps for creating a strong password with some ways to keep your computer and personal information safe. At last week’s U.S. Conference on AIDS, which focused on Ending the HIV Epidemic, we held a social media lab. This reminded us to share some ways to keep your computer and personal information safe. So the following are again some common potential security risks.
Hackers are always looking for new ways to breach your system or get you to unwittingly give up some of your personal information, so it’s a good idea to keep a list of these 5 types of security risks close at hand:
- Phishing Emails: These are online scams sent via email. They often appear to be from a legitimate company and ask you to log-in to a site that looks legitimate or respond to their email and provide sensitive information. These emails often include links to the website, but the links are clever fakes. The name of the organization can be familiar—but it often varies slightly from the real one. If you have any questions about the legitimacy of an email, contact the company directly (not by the links in the email).
- Vishing Calls: These are voice calls or messages similar to phishing emails. Hackers who are trying to obtain your login credentials or other sensitive information often sound urgent and frightening; most claim to be dealing with outstanding debts, other urgent financial or legal matters, or, ironically, claim to be warning you of a potential security risk that you can avoid by downloading an app to your computer. Similarly, if you have any questions about the legitimacy of an email, contact the company directly using the phone number listed on their website (not the phone number given in the voice call).
- Loss of Personally Identifiable Information (PII): All of the following can lead to a catastrophic security breach:
- Giving out your PII, (e.g., your name, address, birthdate, social security number) to people you don’t know or have good reason to trust
- Sending your PII online over an unencrypted internet connection (i.e., “free Wi-Fi” anywhere, unless it requires a password to log on)
- Sending your PII via an unencrypted email
Never give out PII unless you know it is a verified, trusted and documented source and look for the “HTTPS” at the beginning of a website’s URL address to ensure that the connection is encrypted.
- Loss of Equipment: Cybercriminals are always interested in getting your computer and communications equipment, such as your laptop, smartphone, or tablet because of all the files and contact information they contain. Be especially careful in public spaces, from coffee shops to public transportation. Don’t leave your equipment unattended for any length of time. It only takes a minute for a criminal to walk off with it—and your priceless data.
- Sharing Credentials and Equipment: Sharing your credentials (username, passwords) or equipment with others, including coworkers, may pose a system and information security risk. Never share your credentials or equipment with others.
And, if by chance, you experience a security breach, here are several steps you can take to respond:
- If your organization has a designated cybersecurity representative, contact that person immediately.
- Record as much detail about what happened as you can and what you were doing at the time of the breach.
- Put together a list of data that might have been stolen (e.g., credit card numbers, passwords, PINs, email addresses).
- Change passwords as quickly as possible.
- Contact financial institutions (e.g., banks, credit card companies) and report the breach.
- Contact the three major credit bureaus—Equifax, Experian, and TransUnion—and put a security freeze on your credit files. This can prevent cybercriminals from stealing your identity—a crime that can have long-lasting, and potentially devastating, consequences for you, both legally and financially.
For more resources, check out our post on the difference between security and privacy and why it matters to your program.