RSN™ Guide: Simple Steps for Internet Safety

Updated: August 2018

In today’s digital world, online safety should be of paramount concern for all individuals and organizations because the threats posed by cybercriminals can’t be ignored. And to counteract these threats, there are steps you can take to minimize the risks associated with doing any kind of business online, surfing the Internet, and/or sharing information on social media sites.

The first step to greater Internet safety is a basic yet vital one—change online passwords several times a year. Use different passwords for each online account, and make them unique but not easily guessed.

Additional levels of cybersecurity, like two-factor authentication (TFA), can provide even greater protection for your information. TFA is a technology that increases security by incorporating requirements beyond a password, like a particular physical trait, a dynamic PIN, or the location or time of a login attempt. Many e-mail service providers and social media platforms offer TFA as a free service—most require a strong password and supply a PIN that changes periodically. Users can receive these PINs easily via mobile applicationsApplications Applications or Apps An application (software), commonly referred to as an ‘app’ is a program on a computer, tablet, mobile phone or device. Apps are designed for specific tasks, including checking the weather, accessing the internet, looking at photos, playing media, mobile banking, etc. Many apps can access the internet if needed and can be downloaded (used) either for a price or for free. Apps are a major point of vulnerability on all devices. Some are designed to be malicious, such as logging keystrokes or activity, and others can even transport malware. Always be careful about any app you are thinking about installing. or text messages.

In terms of social media, remember that once personal or organizational information has been posted to a social networking site, that information can no longer be considered private and can be—and sometimes is—used for criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues. purposes. The highest security settings on an Internet account may not be enough to prevent a leak of sensitive data—for example, cybercriminals often can obtain personal passwords regardless of their complexity. In doing so, they can gain access to banking credentials and credit card numbers, get hold of social security information, download malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts. to a computer, or hijack a device to perpetrate further crimes. So be careful—post as little personal information as possible, use two-factor authentication and beware of embedded links that—if clicked on—may lead to scamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. webpages and malware being downloaded to your computer or mobile device.

Another level of online security involves protecting your mobile devices from cyber intruders in public places. Not all WiFi hotspots at coffee shops, airports, or hotels have strong security protections. Persons in close proximity may be able to access that open network and collect your login information and the content of your online browsing. Securing your phone or tablet is as simple as avoiding sensitive sites that require a login, so try to avoid signing into bank accounts, e-mail, or social media accounts while on a public WiFi hotspot. But if you have to, use a reliable personal virtual private network (VPNVPN A VPN (also known as a proxy) is an app or connection method that keeps your internet connection private, whether you're connecting to unsafe public Wi-Fi or your network at home. Having a layer of security that blocks people from watching you browse helps keep you safe online, no matter where you connect from. Virtual private networks protect you by creating an encrypted "tunnel" that all of your device's data travels through on its way to the internet via a proxy server or service. Encryption turns words and data, like text files, into a secret code. If someone tries to read encrypted data without the password, they'll see random gibberish.) service provider. A VPN enables data encryption and adds a layer of security to communications, making it more difficult for cyber criminals to spy on you.

An out-of-band backup is another useful cyber security technique. This involves backing up your data to a virtual, cloud environment or storing hard copies of digital data at a physical location elsewhere. Using this method is ideal in combating ransomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction., a type of malware which restricts access to files or threatens their destruction unless a ransomRansom A ransom is an amount of mo