PHISHING
Coming Soon: Methods to stay safe using email, and also resources for training and user support
IDENTITY Protection
Coming Soon: Ways to keep your personal identity safe from hackers as well as stay informed about new methods hackers use
PHYSICAL SECURITY
Coming Soon: Articles that revisit the basics of physical security as well as demonstrate the need for Zero Trust
Best Practices to Avoid Phishing Emails
Phishing attacks remain one of the most common cybersecurity threats, tricking individuals into revealing sensitive information. Here are the best practices to protect yourself and your organization:
1. Verify the Sender
Always check the sender’s email address. Cybercriminals often use slightly altered domains to mimic legitimate companies (e.g., “@amaz0n.com” instead of “@amazon.com”).
2. Beware of Urgent or Threatening Language
Phishing emails often create a sense of urgency, claiming your account will be locked or demanding immediate action. Take a moment to verify before clicking.
3. Avoid Clicking Suspicious Links
Hover over links before clicking to preview the actual URL. If it looks suspicious, don’t click—go directly to the company’s official website.
4. Watch for Poor Grammar and Spelling
Legitimate organizations use professional communication. If an email contains misspellings, strange formatting, or awkward phrasing, it’s likely a scam.
5. Never Download Unexpected Attachments
Cybercriminals hide malware in email attachments. Only download files from trusted sources and verify with the sender if unsure.
6. Enable Multi-Factor Authentication (MFA)
Even if attackers steal your login credentials, MFA adds an extra layer of security by requiring a second verification step.
7. Report Suspicious Emails
If you receive a phishing attempt, report it to your IT or security team. Many email services also have a “Report Phishing” button.
By staying alert and following these best practices, you can greatly reduce the risk of falling victim to phishing scams.
Best Practices to Physically Safeguard Your Computer at Work
Protecting your computer at work isn’t just about cybersecurity—physical security is just as important. Here are the best practices to ensure your workstation stays safe from unauthorized access or theft.
1. Lock Your Computer When Unattended
Always lock your screen when stepping away, even for a moment. Use Windows + L (Windows) or Control + Command + Q (Mac) to quickly lock your device.
2. Use Strong Password Protection
Ensure your computer is password-protected with a strong, unique password or passphrase. Enable multi-factor authentication (MFA) for an extra layer of security.
3. Secure Your Laptop with a Cable Lock
If using a laptop, attach a security cable lock to anchor it to your desk, preventing opportunistic theft.
4. Keep Workspaces Clear of Sensitive Information
Avoid leaving USB drives, notebooks, or printed documents with sensitive information in the open. Use locked drawers or cabinets to store important materials.
5. Position Monitors Away from Public View
Arrange your workspace so that your screen isn’t easily visible to visitors or passersby. Consider using a privacy screen filter if needed.
6. Be Aware of Shoulder Surfing
Be cautious of people looking over your shoulder while you enter passwords or access sensitive information.
7. Avoid Leaving Devices in Unsecured Areas
Never leave your laptop, tablet, or phone in conference rooms, break rooms, or public spaces unattended.
8. Implement Access Controls
If your company allows, use biometric authentication or smart card access for an additional layer of security.
9. Shut Down or Lock Up at the End of the Day
Before leaving, log out, power down, and store your laptop securely to prevent after-hours access.
By following these best practices, you can help protect your computer and company data from unauthorized access or theft.
Best Practices to Safeguard Your Computer on Public Wi-Fi
Public Wi-Fi networks, such as those in cafes, airports, or hotels, can be high-risk environments for your computer. Hackers can exploit unsecure networks to intercept data, inject malware, or steal login credentials. Follow these best practices to stay secure while using public Wi-Fi.
1. Avoid Accessing Sensitive Information
Do not log into bank accounts, email, or work-related systems on public Wi-Fi. If necessary, use extra security measures like a VPN or multi-factor authentication.
2. Use a VPN (Virtual Private Network)
A VPN encrypts your internet traffic, making it difficult for hackers to intercept your data. Always turn on a trusted VPN service before connecting to public Wi-Fi.
3. Turn Off Automatic Wi-Fi Connections
Many devices automatically connect to available Wi-Fi networks, which can expose you to rogue hotspots. Disable this feature in your Wi-Fi settings and only connect manually to trusted networks.
4. Verify the Wi-Fi Network Name
Hackers create fake Wi-Fi hotspots with names similar to legitimate ones. Always confirm the correct network with staff before connecting.
5. Use HTTPS Websites Only
Ensure websites you visit use HTTPS (look for the padlock icon in the address bar). This helps protect your data from man-in-the-middle attacks.
6. Disable File Sharing & Bluetooth
Turn off file sharing, printer sharing, and Bluetooth when using public Wi-Fi to prevent unauthorized access to your device.
7. Keep Your Software & Antivirus Updated
Ensure your operating system, browser, and antivirus software are up to date to patch security vulnerabilities.
8. Use Two-Factor Authentication (2FA)
Enable 2FA on accounts whenever possible. Even if someone steals your credentials, they will need a second verification step to access your account.
9. Consider Using Mobile Data Instead
For sensitive tasks, use your phone’s mobile hotspot instead of public Wi-Fi. It’s much more secure.
By following these best practices, you can minimize the risks of using public Wi-Fi and protect your personal and work-related data.
Best Practices for Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is one of the best ways to secure your online accounts by requiring more than just a password. It adds an extra layer of protection against hackers, even if they manage to steal your password. Here’s how to use MFA effectively:
1. Use the Most Secure MFA Method
Not all MFA methods are equally secure. Ranked from most to least secure:
Hardware Security Keys (Best) – Physical USB or NFC keys, like YubiKey, offer strong protection.
Authenticator Apps – Apps like Google Authenticator, Microsoft Authenticator, or Authy generate one-time passcodes.
SMS or Email Codes (Least Secure) – While better than no MFA, SMS-based authentication can be intercepted via SIM swapping or phishing.
2. Enable MFA on All Critical Accounts
Use MFA on accounts with sensitive information, including:
Email (Gmail, Outlook)
Financial accounts (banks, PayPal)
Work-related accounts (VPN, remote access)
Social media (Facebook, Twitter, LinkedIn)
3. Store Backup Codes Securely
Many services provide backup codes in case you lose access to your MFA device. Store them in a password manager or write them down in a secure location.
4. Don’t Reuse MFA Across Multiple Accounts
If you use an authenticator app, try to diversify your MFA methods across critical accounts. Using a mix of hardware keys and app-based authentication reduces the risk of a single point of failure.
5. Beware of Phishing Attacks
Hackers can try to trick you into providing your MFA code via phishing emails or fake login pages. Always verify the website address before entering your credentials.
6. Regularly Update and Audit Your MFA Settings
Ensure your phone number or recovery email is up to date in case you need account recovery.
If your MFA method is on an old device, set up a new one before switching phones.
Check your account security settings for unrecognized devices or logins.
7. Use a Password Manager Alongside MFA
Since MFA protects against password leaks, using a strong, unique password with a password manager further enhances security.
By following these best practices, you can maximize the effectiveness of MFA and protect your accounts from unauthorized access.