While the Internet allows us to stay connected, informed, and involved with co-workers, family and friends, any public environment requires awareness and caution. Just as you use locks to keep criminals out of your home, you also need safeguards to secure your computer.

• Think Before You Click: Recognize and Report Phishing -- If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
• Update Your Software: Don't delay -- act promptly if you see a software update notification. Better yet, turn on automatic updates.
• Use Strong Passwords: Use passwords or passphrases that are long, unique, and randomly generated.
• Use password managers to generate and remember different, complex passwords for each account. A password manager will encrypt passwords, so you only need to remember one password!
• Enable Multi-Factor Authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked. See  Multifactor Authentication.
• Safeguard your phone. Always keep your mobile devices in your possession and be aware of your surroundings.
• Confirm before sharing. If you use social networking sites such as Facebook, limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
• Beware of any requests to update or confirm your personal information. Most businesses or organizations don’t ask for your personal information over email.
• Add only people you know on social media sites and programs like Skype; adding strangers could expose you and your personal information to scammers.
• Avoid opening attachments, clicking links, or responding to email messages from unknown senders or companies that ask for personal information.
• Beware of “free” gifts or prizes. If something is too good to be true, then it probably is.

Report a Cyber Incident

CISA provides a secure means for constituents and partners to report incidents, phishing attempts, malware, and vulnerabilities.
Report a Cybersecurity Incident: Report anomalous cyber activity and/or cyber incidents 24/7 to [email protected] or (888) 282-0870.

• Report an Incident
• Report Phishing
• Report a Vulnerability

Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include

• Attempts to gain unauthorized access to a system or its data,
• Unwanted disruption or denial of service, or
• Abuse or misuse of a system or data in violation of policy.

Federal incident notification guidelines, including definitions and reporting timeframes, can be found here. Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to [email protected]

References:

• Consumer Reports. (2024). Password Managers. 
• Cybersecurity & Infrastructure Security Agency (CISA). (2024 July 31). Joan the Phone: Music Video. Retrieved from https://www.youtube.com/watch?v=E4P7EJktAfM.
• Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). More than a Password. Retrieved from  https://www.cisa.gov/MFA
• Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). Multifactor Authentication. Retrieved from https://www.cisa.gov/topics/cybersecurity-best-practices/multifactor-authentication.
• Cunningham, A., Klosowski, T., & Eddy, M. (2024, January 25).  The best password managers. The New York Times. 
• Federal Trade Commission.  How To Recognize, Remove, and Avoid Malware | Consumer Advice (ftc.gov)
• Federal Trade Commission.  (2021 May). Protect Your Personal Information and Data. Retrieved from https://consumer.ftc.gov/articles/protect-your-personal-information-and-data
• National Cybersecurity Alliance Manage Your Privacy Settings (staysafeonline.org)
• Office of the Privacy Commissioner of Canada.  Tips for using privacy settings.
• Paulsen, C. (NIST) and Patricia Toth (NIST) (November 2016). NIST IR 7621 Rev. 1. Small Business Information Security: The Fundamentals.  National Institute of Standards and Technology (NIST). Retrieved from https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf
• SANS Security Awareness. (2024). OUCH! Security Awareness Newsletter. Retrieved from  https://www.sans.org/newsletters/ouch/
• SANS Institute. (2023). Power of Password Managers. OUCH! Security Awareness Newsletter. Retrieved from  https://www.sans.org/newsletters/ouch/power-password-managers
• SANS Institute. (2021). One Simple Step to Securing Your Accounts. OUCH! Security Awareness Newsletter. Retrieved from https://www.sans.org/newsletters/ouch/one-simple-step-to-securing-your-accounts/.
• Spadafora, A. (2024 March 19). Tom's Guide.The Best Password Managers for 2024. Retrieved from https://www.tomsguide.com/us/best-password-managers,review-3785.html.