McAfee Logo
Assess Your Risks

Follow Best Practices  

Print
 
Best Practices
Protect personal information
Open emails from trusted sources only
Be careful when downloading files from the web
Avoid downloads from non-web sources
Update security software often
Backup files frequently
Update your computer and applications regularly
Be wary of email scams
Do not respond to messages or links from unknown users on instant messaging
Use a personal firewall
Check accounts and credit records often
Avoid suspicious websites
Read privacy policies
Create secure passwords
Prevent damages from computer theft
Transact securely
Threats
Protections
Web Resources
 

Best Practices

Both McAfee and the Federal Trade Commission’s (FTC) OnGuardOnline have a number of recommended best practices to help you avoid becoming a victim of cybercrime. Follow these best practices on an ongoing basis to insure your protection.
     
  1. Protect your personal information. It's valuable.
    2. This is true whether you are a business entrusted with customer or employee personal information or you are an individual protecting your own. According to the Federal Trade Commission, millions of people become victims of identity theft every year. Insure your personal information is protected:
    • Assess your risk with McAfee’s Identity Theft Risk Assessment Tool and follow the recommendations in the report that you can download 
    • Never share your account information
    • Never use public or shared computers/kiosks to check your online account information or shop online
    • Encrypt personal information when it must be sent in email
    • Never instant message or text personally identifiable information (PII)
    • Download the FTC’s Guide, Fight Back Against Identity Theft

    Back to top
     
  2. Do not open email attachments from an unknown, suspicious, or untrustworthy source, if it’s from a trusted source but you don’t know what the attachment is, or if the subject line is questionable.

    3. Back to top
     
  3. Exercise caution when downloading files from the Internet. Make sure that the website is legitimate and reputable. Verify that an anti-virus program has checked the files on the download site. If you have any doubts, don't download the file at all. If you download software from the Internet, be especially vigilant of free software, which often carries adware or other potentially unwanted content along with it. Always read the privacy policies and end-user license agreements (EULAs) for software you install, regardless of the source. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P) clients, and any downloads claiming to be “cracked” or free versions of expensive applications, such as Adobe Photoshop or Microsoft Office. If it sounds too good to be true, it probably is.

    4. Back to top
     
  4. Avoid downloads from non-web sources altogether. According to the FTC, every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often, the software is free and easy to access. But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download malware or pornography labeled as something else. Or you may download material that is protected by the copyright laws, which means that you could be breaking the law. According to McAfee, the chances of downloading infected software from Usenet groups, Internet relay chat (IRC channels), instant messaging clients, or peer-to-peer (P2P) is very high. Links to websites seen in IRC and instant messaging also frequently point to infected downloads. Avoid obtaining your software from these sources.

    5. Back to top
     
  5. Update your anti-virus software often. Threats are on the increase, and they are constantly evolving. Hundreds of viruses are discovered each month. To make sure that you are protected against the newest breed of threats, update your anti-virus software frequently. That means downloading the latest virus signature files and the most current version of the scanning engine. The FTC also advises that you keep your security software active and current and that, at a minimum, your computer should have anti-virus software, anti-spyware software, and a firewall.
     
    Security software protects you against the newest threats only if it is up to date. That's why it's critical to set your security software to update automatically. Some scam artists distribute malware disguised as anti-spyware software. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That's a tactic scammers have used to spread malware. Once you confirm that your security software is up to date, run it to scan your computer for viruses and spyware. If the program identifies a file as a problem, delete it.

    6. Back to top
     
  6. Back up your files frequently. If a virus infects your files, at least you can replace them with your backup copy. It's a good idea to store your backup files (on CDs or flash drives) in another secure physical location away from your computer.

    7. Back to top
     
  7. Update your operating system, web browser, and email program on a regular basis. For example, you can get security updates for Microsoft Windows and Microsoft Explorer at www.microsoft.com/security. According to the FTC, it's important to set your operating system and web browser software to download and install security patches automatically. In addition, you can increase your online security by changing the built-in security and privacy settings in your operating system or browser. Check the "Tools" or "Options" menus to learn how to upgrade from the default settings. Use your "Help" function for more information about your choices.

    8. Back to top
     
  8. Vigilance is the best defense against phishing email scams. If you receive an email message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the email or click on any links. If you want to find out whether the email is legitimate, you can contact the company or individual directly by calling or writing to them.

    9. Back to top
     
  9. Do not open messages or click on links from unknown users in your instant messaging program. Instant messaging can be a vehicle for transmitting viruses and other malicious code, and it’s another means of initiating phishing scams.

    10. Back to top
     
  10. Use a personal firewall. A hardware firewall that sits between your DSL router or cable modem will protect you from inbound attacks. It’s a must for broadband connections. A software firewall runs on your PC and can protect you from both inbound and outbound attacks.

    11. Back to top
     
  11. Check your accounts and credit reports regularly. Identity thieves can begin using your personal information to open accounts, purchase goods, and make your life miserable within minutes of obtaining that data. Check your bank account and credit card statements frequently. That way, if you discover that your personal information has been compromised, you can alert credit companies and banks immediately, so they can close your accounts.

    12. Back to top
     
  12. Avoid unknown websites whether you are shopping, researching or performing other activities. Use free website scanning protection such as McAfee® SiteAdvisor® that warns you about suspicious sites before you click. The FTC advises not to provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some scammers have forged security icons. And some hackers have managed to breach sites that took appropriate security precautions.
    • If it's your first time on an unfamiliar site, call the seller's phone number, so you know you can reach them if you need to. If you can't find a working phone number, take your business elsewhere.
    • Type the site's name into a search engine. If you find unfavorable reviews posted, you may be better off doing business with a different seller.
    • Consider using free McAfee SiteAdvisor software, which rates websites using a red, yellow, and green warning system to indicate whether a site is trustworthy based on its latest scan.

    Back to top
     
  13. Read website privacy policies. According to the FTC, the policies should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don't see a privacy policy—or if you can't understand it—consider doing business elsewhere.

    14. Back to top
     
  14. Create strong passwords, change them often, and keep them secured. Here are some pointers from the FTC:
    • Use passwords that have at least eight characters and include numbers or symbols. The longer the password, the tougher it is to crack. A 12-character password is stronger than one with eight characters.
    • Avoid common words that hackers can easily guess
    • Don't use your personal information, your login name, or adjacent keys on the keyboard as passwords
    • Change your passwords regularly (at a minimum, every 90 days)
    • Don't use the same password for each online account you access

    Back to top
     
  15. Prevent the consequences of data loss from computer theft.
    • Encrypt your computer’s information to help lower the risk of cybercrime as a result of a lost or stolen computer. Experts recommend that you use encryption to protect any sensitive information you have stored. There are many types of encryption products available for your computer, including McAfee Anti-Theft File Protection that helps protect your personal and confidential information should your computer fall into the wrong hands.
    • Frequently back up your hard drive so that you do not lose any important files if your computer goes missing
    • If you’re a business owner and store valuable information on your computers, you can use recovery services offered by vendors to help you locate laptops that have been stolen.

    Back to top
     
  16. Transact securely at all times on social networking sites, with online retailers, and with payment processors

    17. Back to top
   

Threats

  • Identity theft—Your personal information can provide a cybercriminal instant access to your financial accounts, your credit record, and other assets. Anyone can be a victim of identity theft. In some cases, cybercriminals obtain the information from you directly by requesting that you provide it in an email or on a website that you link to from that email. In other cases, the cybercriminals steal personal information from many people at once, by hacking into large databases managed by businesses, such as retailers or government agencies.
     
    Share your personal information only with organizations you know and trust. Don't give out your personal information unless you first find out how it's going to be used and how it will be protected. Do not share information that is requested of you through an email or on a website link provided in an email.

  • Phishing—Cybercriminals often obtain your personal information through links in emails that look like they come from legitimate companies. This is called "phishing." By posing as legitimate companies or organizations, cybercrooks convince you to share your account numbers, passwords and other information so they can get your money or buy things in your name.
     
    Cybercriminals send email, text, or pop-up messages that appear to come from your bank, a government agency, an online seller or another organization with which you do business. The message asks you to click to a website or call a phone number to update your account information or claim a prize or benefit. At times, the email may suggest that something bad may happen if you don't respond quickly with your personal information. Legitimate businesses should never use email, pop-ups, or text messages to ask for your personal information.

  • Spyware—Installed on your computer without your consent, spyware software monitors or controls your computer use. It may be used to send you pop-up ads, redirect your computer to malicious websites, monitor your Internet surfing, or record your keystrokes, which, in turn, could lead to the theft of your personal information. A computer may be infected with spyware if it:
    • Slows down, malfunctions, or displays repeated error messages
    • Won't shut down or restart
    • Serves up a lot of pop-up ads or displays them when you're not surfing the web
    • Displays web pages or programs you didn't intend to use or sends emails you didn't write

  • Botnets—If you allow your computer to remain unprotected, did you know you are likely to become part of the spam problem? Most spam is sent remotely by millions of home computers that are not protected. Yes, cybercriminals search the Internet looking for unprotected computers. They then install malicious software ("malware") on your unprotected computers so that they can control and use your computer to send spam. You become part of a robot network known as a "botnet." Also known as a "zombie army," a botnet is made up of many thousands of "controlled" computers sending emails by the millions. That's one reason why up-to-date security software is critical.
     
    Malware may also be hidden in free software applications. It can be appealing to download free software like games, file-sharing programs, customized toolbars, and the like. But sometimes just visiting a website or downloading files may cause a "drive-by download," which could turn your computer into a "bot." Another way spammers take over your computer is by sending you an email with attachments, links, or images which install hidden software if you click on or open them.

  • Distributed Denial of Service (DDoS)—A distributed denial of service attack is one executed by the use of multiple machines against a single server, such as a website’s server, to cripple it or stop it from functioning. Many DDoS attacks can be perpetrated by using many consumer PC’s which are controlled by a bot controller, using the individual consumer PC’s as individual zombies, as described above.

Back to top
 

Protections

  • Captchas—You have seen these when you send email. You don't need to install anything. These little box-prompts may seem annoying, but they do protect you and your recipients. Captchas are the small prompts that ask you to input the letters and numbers that you see in a box on a page. They are usually triggered when you are about to send an email or an IM that includes a website address/URL. They are also triggered when you try to post a website address on someone's social networking site. Because those who are illegitimate users or spammers typically automate spam, they cannot respond to these "captchas." When captchas are used, they can only be answered by humans—because you have to see what's in the box and then retype it yourself. The result is that machines/illegitimate users/spammers are then blocked from posting or sending the content—and you are further protected! All you have to do is respond when you are prompted.
  • Personal firewalls—A firewall is one way to prevent cybercriminals from using your computer without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and blocking communications to and from sources you don't permit.
  • Anti-virus software—Anti-virus software protects your computer from viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.
  • Anti-spyware software—Just like anti-virus software, this additional protection prevents spyware from being downloaded onto your computer without your knowledge

Back to top
 

Web Resources:


Back to top