There are a number of things that every computer user can do to reduce the likelihood of online problems. Your online security starts with you taking a few steps to protect your computer from viruses and other forms of unwanted invasion. The next most important thing you can do is recognize the various types of scams that can be sent to you via spam and email scams of various natures and avoid clicking on those messages or entering any personal information. We listed a number of ways that your personal information can be compromised, sometimes without you doing anything. There are also links to resources which list known scams but there are new scams arising all the time. See the following list of recommended computer security steps that you should take to protect your computer and your personal information and always err on the side of caution before opening or responding to any unsolicited email, especially ones that request account or personal information from you.
Regularly Update Your Operating System
Most major software companies regularly release updates or patches to their operating systems to repair security problems. A large percentage of these patches and upgrades repair security problems that have been found in the software. You can minimize your exposure to unintentional downloads by keeping your computer up to date with the latest security patches. It is generally considered good practice to go accept new upgrades and patches, especially for operating systems.
Use Anti-Virus Software
Up-to-date anti-virus software protects your computer against older and the more current virus threats. Most commercially available virus protection programs offer automatic and emergency updates, which reflect new remedies. These will scan your files using the latest anti-virus updates and you can set the parameters for how frequently and which files get scanned. Some Internet Service Providers (ISPs) offer assistance in filtering spam or identifying suspicious code, such as spyware. The maker of your anti-virus software may also offer anti-spyware protection. Make sure you take advantage of these offers to protect your computer against the growing spyware threat. The U.S. Federal Trade Commission (FTC) has additional information about computer threats and malware.
Use Anti-Spyware Software
Avoid downloading free software that is made available on the Internet. Some of it contains undisclosed code that performs undesireable functions called trojans (from Trojan horses). Trojans are malicious software programs that can perform a variety of invasive operations, including using your computer for other purposes, gathering private information such as passwords, PINs and credit card numbers when you enter that information. Trojans are also responsible for delivering unwanted pop-up advertising as you surf the Web and monitor your browsing patterns. If you want to download software from the Internet, you should be sure to have installed Anti-Spyware Software in addition to Anti-Virus Software and only do so from trusted software companies. You can unintentionally download spyware onto your computer just by surfing the Web, as certain spyware programs automatically install themselves, often without your knowledge or permission. Make sure to keep your computer updated by running your anti-spyware and anti-virus software regularly.
Use a Personal Firewall
Firewalls serve as protective barriers between your computer and the Internet, preventing unauthorized access to your computer when you're online. Firewalls can be software programs or physical devices, often combined with your router. Firewalls are often included in security software suites such as Norton Internet SecurityTM and McAfee® Internet Security. Some ISPs offer firewall software or hardware to their customers. You can also purchase firewalls at many computer stores.
Exercise Caution When Using Wireless Networks
The default configuration of most wireless home networks is not secure. Be sure your home network is set up with protections that prevent hackers from accessing your home network to exploit your computers. Your wireless software vendor should provide specific directions for enabling encryption and strengthening the overall security of your wireless home network. Likewise, do not login to open networks, which may be made available by parties interested in accessing unsuspecting users, who don't have computer security activated.
Taking a few simple precautions when using wireless hotspots can help protect your computer:
Install a firewall on all network computers
Disable your wireless connections when you're not using them
Configure your wireless software to not connect to hotspots automatically
Use reputable encryption software
If you are unsure of the security of a wireless hotspot, don't use it for conducting confidential business, such as accessing your work e-mail or financial information
Wireless technologies are continuously changing. Consult the manufacturer of your network hardware to ensure you have the most up to date security technology.
Minimize Your Risks Online
Read User Agreements
When you sign up for use of web sites or web services, even those of recognized industry leaders, make sure you read the terms that you are asked to agree to prior to your use of that site or service. Many of these agreement bury terms that have you agreeing to them downloading their tracking software — a form of spyware — that you may unintentionally authorize, by clicking terms that you haven't fully read. Make sure you know and trust the company offering the software, so that if you don't like what it does to your computer usage, you can have it removed.
Protect Your Passwords and PINs
Make your passwords and PINs as hard to guess as possible. Avoid obvious numbers, such as a birthdates, anniversaries or cell numbers, which would be easy to guess. Never divulge your passwords or PINs to others, including family or friends.
Use Caution on Public Computers
Be aware that sensitive information may still be stored within the browser, even after you log out of a website on a public computer. If you leave a computer unattended after you have logged in to a website, someone else may be able to use the browser's Back button, or similar functionality, to view your personal information. To avoid this, log out and close the browser completely to minimize any security risk. You may also choose to clear your cache before you leave. Best not to go to any personal sites or provide any personal information using a public computer.
Protect Yourself from Phishing Scams
Phishing is the mass e-mailing of deliberately deceptive messages that falsely claim to come from a legitimate business. These messages often provide links to phony websites, where you are asked to supply personal information such as passwords/PINs, credit card numbers, Social Security numbers, or bank account numbers. Never ever enter personal information into a web page provided to you by an email, as they are difficult to recognize as being legitimate or not. You should be well aware of your bank's security protocol and look for evidence that you are at the right url. Most encrypted (i.e. legitimate) sites will have the letter "s" at the end of the "https" prefix to a website's URL, or address. An example of an encrypted site's address is https://www.companyname.com. The "https" prefix indicates that the site is running in secure mode.
Phishing messages have evolved dramatically over the few years, and they are often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to real companies' privacy policies, and can even include realistic legal disclaimers. To help determine if an e-mail is part of a phishing scam, ask yourself the following:
Do I have a relationship with this company?
Would I expect this company to contact me this way?
Would I expect this company to use this tone or make this request?
If you are at all unsure, contact the company by phone or access the company's site the way you usually do and check on the most recent Phishing Scams at the Anti-Phishing Working Group website or at the Consumer Fraud page of the Office of the Comptroller of the Currency.
Don't Open Unexpected or Suspicious Email
Email is no longer entirely safe, even from names you may recognize. Use caution with all email and attachments, even if they look like they're from a friend, since individual's computers get hacked and their email lists can be compromised. Be careful especially if your friend is recommending that you sign up for something. Most of those online "friend" solicitations are generated without your friend's awareness.
Don't Send Your Personal or Financial Data using Email
Most email is not secure and should not be trusted for the purpose of sending highly personal or financial information. Legitimate companies seeking information normally send written requests on company letterhead. You should be cautious of and verify any requests you receive that ask you to email personal or financial information.
Check that Web Forms Are Secure
When on a website avoid entering sensitive personal information, unless you know that the form is secure. If you do need to enter sensitive personal information look for forms that may encrypt data and make sure that the web address is running in a secure mode as this may provide some enhanced protection of your information. Some websites show certificates that identify the encryption ofinformation, or icons such as this padlock icon () in your browser's status bar (at the bottom of the browser window) to identify encryption modes. Also, the prefix "https" in the address in the browser's address bar that references the site is running in secure mode. Additional information on phishing or identity theft can be found at Anti-Phishing Working Group (APWG) or The FTC's Indentity Theft page.
Protect Printed Personal Information
Be careful with statements and forms that have personal information printed on them. Be sure to shred sensitive documents instead of simply throwing them away, as some scammers have been known to go through private garbage looking for personal information. Also, be absolutely sure you know who you're dealing with before giving any personal or financial information.
Avoid Using Your Social Security Number
Do not give out your Social Security Number to just any retail, telesales or online vendor. When possible, insist that companies and non-essential agencies you do business with create an alternate customer identifier.
Monitor Your Financial Statements
Promptly read any investment, bank account or credit card statements or correspondence when they arrive. Make sure there are no changes or transactions you did not initiate and that the balances are where you would expect them to be. If a bill arrives unusually late or not at all, call the company.
Know the Warning Signs of Identity Theft
Identity theft warning signs include:
Unauthorized charges or withdrawals
Not receiving renewed credit cards, bills, or other mail
Receiving credit cards for which you did not apply
Notices for changes you did not initiate
Denial of credit for no apparent reason
Calls or letters about items or services you didn't buy
Although it could be a simple error, never assume a mistake has been made that will automatically be corrected. Follow up with the business or institution immediately to review the account statement or status. You can place a fraud alert on that and other accounts or close any accounts opened without your knowledge. You may want to file a report with the police. If indeed you have been victimized, you should also file a complaint with the Federal Trade Commission if you know any details about how the fraud was perpetrated. You may also want to make sure that other accounts were not compromised and check with the three nationwide consumer credit reporting agencies — Equifax, Experian and TransUnion — to initiate any impact to your credit rating. As of September 1, 2005, all U.S. residents are entitled to receive one free credit report every 12 months which you can request from AnnualCreditReport.com or by calling (877) 322-8228.