1) Be suspicious of unexpected files, e-faxes, documents, photos, etc. that are emailed to you. These may appear to come from someone you know, but if you aren’t expecting the file or if the message looks suspicious in any way DON’T open them. Always double check with the sender to make sure the unexpected attachment is valid before opening.
2) Don’t get hooked by a ‘Phishing’ scam. Phishers can send an email, call you on the phone or pop-up a message from a website that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, or a government agency. They may even claim to be from your own company or from F1-Networks. The message may ask you to “update,” “validate,” or “confirm” your account information or to wire money. Some phishing emails threaten a dire consequence if you don’t respond. The messages may direct you to a website that looks just like a legitimate organization’s site.
If you get an email or pop-up message that asks for personal or financial information, do not reply. Legitimate companies don’t ask you to volunteer this info. If needed, offer to contact the organization or person mentioned using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. Don’t cut and paste the link from the message into your Internet browser.
And don’t forget – phishing can happen just as easily on a phone call as well. Never give out ANY sensitive information on an incoming unsolicited call. ALWAYS offer to call the person back, and use a telephone number that you know is legitimate, not one that the caller provides.
3) Use a strong voicemail password. Your phone line and voicemails can be easily hijacked if your password is easy to guess.
4) Report or challenge strangers in your office. Vistors you don’t recognize may be opportunist thieves who have walked past reception or found an open back door. Grab a co-worker and politely ask if they need some assistance or report them to your security or reception staff. Thieves are as likely to steal your purse or wallet as they are to take company property, so it is in everyone’s interest to keep our premises safe.
5) E-mail is insecure by default – more like a postcard, not a sealed envelope. Don’t include sensitive information in emails. A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that’s why you have to open e-mail right?) and that it goes directly to the person it was sent to. The truth is your e-mail is sent in plain text (i.e. readable by any server that picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with bad intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.
6) Do not use the same password for everything. A new study by Trusteer, an online security firm, reports that 73% of us use the same password for online banking as we do for email or some other login. Out of that 73%, a bunch use the same password for EVERYTHING. There are many tools available such as LastPass that can help you manage and generate different passwords for every service that you use, making good security rather painless.
7) Check for encryption or secure sites when providing confidential information online. Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or “faked” sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site’s URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window. Look for this padlock and don’t hesitate to ask IT if there is any question as to a site’s legitimacy.
8) Don’t use unauthorized software. It may be tempting to use useful-looking software that you can get free on the Internet, but these tools may carry a hidden cost. Installing them may often cause other programs to stop working and it can take a long time for your IT teams to track down the problem. More seriously, they can display unwanted ads, slow your PC down or make it less secure by letting the PC download more ads from the Internet. Most seriously, they can be infected by viruses or spyware that are intended to damage your PC or steal confidential information.
9) Don’t pass on chain messages or send warnings to everyone you know. Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don’t pass them on — it is as simple as that. You may get messages from friends, warning you about a new virus, health scare, charity appeal or con trick. These are very likely to be hoaxes or just plain wrong. Be very suspicious of messages that ask you to pass them to “everyone you know”. That leads to an endless chain of forwarded messages that go on long past any real or imagined threat. If it is really convincing, pass it to your IT section or helpdesk for them to consider.
10) Read error messages and checkboxes. When you see an error message pop up on the screen, read it! You may not understand everything, but if you look through the message, you can get the gist. Hackers can sometimes generate errors to collect everything you type and everything that comes up on your screen. If you don’t understand the error, at least capture the screen. To do that, hold down the shift key and press the key labeled “Print Screen” or “PrtSc”. That will put the screen into short-term storage called the clipboard. Then open an e-mail message, right click on the message body and select “paste”. Now you can print it or send it to tech support for further analysis.