Protecting Your Identity and Information

The Internet can be a great way to get more done faster, but it comes with risks. Here are some rules of thumb to help limit your risk. We have grouped them by things you should "set", things you should "never" do and things you should "always" do.

While surfing the Internet

1. Set - your browser Internet security as high as possible, without interfering with real web sites. Tweak it.
2. Set - Cookies allowed, but never with personally identifiable information. (I.E. Click Tools, Options, Privacy, "Medium High" or "High") If you block all cookies many sites no longer work well.
3. Set - Block pop-ups!
4. Never - trust a web site is who they say .
5. Never - surf a web site with continuous pop ups. (It can be difficult to distinguish between system messages and pop ups. Are you clicking "OK" about a download finishing or a pop up asking to install a virus on your system?
6. Never - keep more than a few browser windows open (You could get confused and click on the wrong thing.)
7. Never - directly click on a pop up to close it. 1) Find it on your task bar, right click it and select "close." (Why not click it? Hackers can draw that window, including an "X" to close, which actually installs it or initiates a worm!
8. Never - trust what a pop up is telling you. (Even if it claims you are infected and they are the cure!)
9. Never - log onto any system using a public or foreign computer (Keyloggers could be sending your username and password to badguys@gotcha.com)
10. Never - use a computer you suspect may be infected (While you browse an infection could be downloading your bank information to now.u.r.bankrupt.com or collecting your log in information.)
11. Never - surf a different web site until you log off of the one you just logged into. (Cross Site Scripting (XSS) and Cross Site Request Forging (CSRF) can be used to take over your session identity. They can get your identity and privileges in the system you are logged into!)
12. Never - run unsupported or older computers directly on the Internet. (Windows 95, 98, ME, etc.) There are often many well known vulnerabilities. It is said that Windows XP SP1 takes 4 minutes on the open Internet to become a zombie. What chance does your Windows 95 have?
13. Always - run a fire wall on your computer, but never assume it will protect you from surfing dangerous web sites.
14. Always - enable any external fire wall on your high speed Internet modem/router. (We can help)
15. Always - run an up-to-date virus scanner, but never assume it will protect you (We've seem them miss obvious infections!)
16. Always - run a deep virus scan from time to time. (Many scanners do not check files until they are opened!)
17. Always - make sure your operating system is up to date and patched. Windows can auto-pull and apply patches. Do it!
18. Always - Check slow systems for spyware, viruses, keyloggers and rootkits. (You may not be alone.) We can help!
19. Always - If your computer is slow or suddenly becomes busy without a reason, check it. We can help!

E-mail can be a great way to keep in contact with business associates and loved ones. Here are a few good rules of thumb to help keep you safe:

1. Set - "Hide Extensions for Known File Types" off on Windows systems. (With it on, an e-mail attachment "picture.jpg.exe" can look like a harmless "picture.jpg")
2. Set - Make sure your e-mail software (Outlook, Outlook Express, etc.) is up to date. New versions block linked embedded images, which could be used to obtain your IP address and verify your e-mail address is valid! More Spam* anyone?
3. Settings - If your e-mail client supports it, try not to even display an e-mail until you know who it is from and can inspect the subject
4. Settings - Get a good Spam filter to illuminate Spam before you open it. (Please note that no Spam filter is perfect because Spammers are very good at what they do.)
5. Never - trust e-mail, especially unsolicited e-mail. Be skeptical. The sender may not be who it appears to be. The content may not be what it appears to be. Do not be afraid to delete it. Trust your instincts.
6. Never - trust senders. They may be infected and not know it.
7. Never - click on the body of an e-mail messages you suspect. (It could be a giant image link which will whisk you off to their web site)
8. Never - click on links contained within an e-mail message. Re-type the link in your browser if possible. If you trust the author you might be able to drag your mouse across it and copy it, but be aware of the prior warning.
9. Never - trust links go where they say. You might get e-mail from someone claiming to be PayPal or the IRS and giving you a link to their web site so you can log in and fix the problem. They want to flustered and not thinking. If you click the link you will likely find yourself at an IP address like 32.35.102.33 but you will be so upset you wont even see it. When you log in to check the problem they will record your username and password. Do not be fooled. Do not trust the link they give you. Calmly search Google for the correct web site and log in. Verify everything is "OK". Delete the e-mail! Get a Spam filter.
10. Never - cancel a subscription you never signed up for. Spammers use this to verify you are a real e-mail address and can now sell your address for more.
11. Always - delete e-mail from unknown senders
12. Always - delete e-mail with misspellings. They are trying to get past anti-Spam software.
13. Always - delete to-good-to-be-true messages. They may simply want to verify your e-mail address! If it is real they will call you!
14. Always - watch what web site a link actually brings you to. (PayPal.com may actually go to 32.35.51.139! You are not a PayPal.com!)

* Spam is unsolicited e-mail. It can make reading real mail difficult and clogs servers with junk. Often spammers, who send the mail, obtain the addresses through various nefarious means which in themselves cause problems.