Verify data is encrypted
When sending confidential information over the Internet, such as usernames, passwords, or credit card numbers, only send it securely. To verify this, look for a small lock () in the bottom right corner of yourbrowser window or next to the address bar (as shown below). If visible, this lock should also be in the locked position and not unlocked.
Internet Explorer secure address bar
We also suggest making sure the URL begins with https, as shown above.
While the lock is in the locked position, data is encrypted, which helps anyone from understanding the data if it’s intercepted. When no lock is visible or in the unlocked position, all information is plaintext and could be read if intercepted. If a web page is not secure, such as an online forum, use a password you wouldn’t use with protected sites, such as your online banking website.
Use a safe password
Websites that store confidential data, such as an online bank site, need to use strong passwords. Also, it is highly recommended that you use a different password for each website that requires a login. If you need help remembering your passwords, consider using a password manager.
When available always enable two-factor authentication
Two-factor authentication adds additional protection by requiring an additional step in verifying a login. Typically with two-factor authentication, after verifying your password, if the service does not recognize your computer, it sends your phone a text message with a verification code. If someone had your password but did not have your phone, even with a valid password, they cannot access your account.
Tip: Two-factor authentication should at the very least be enabled on your e-mail account. Most account passwords can be reset using the forgot password feature, which sends a new password or link to reset the password to the e-mail address on file. If anyone has access to your e-mail account, they could get the new password for your account.
E-mail is not encrypted
Never transmit confidential data over e-mail, such as passwords, credit card information, etc. E-mail is not encrypted and if intercepted by a third-party, it could be read.
Be aware of phishing scams
Familiarized yourself with phishing scams and techniques, which are used to trick you into divulging your account information. Online banking sites, Paypal, eBay, Amazon, and other popular sites that require logins are popular targets.
Use caution when accepting or agreeing to prompts
When prompted to install any program or add-on, make sure to read and understand the agreement before clicking on the Ok button. If you do not understand the agreement or feel it is not necessary to install the program, cancel or close the window.
Additionally, when installing any program, watch for any check box that asks if it’s ok to install a third-party program, toolbar, etc. These are never required and often cause more issues than good. Leave these boxes unchecked.
Be cautious where you’re logging in from
Your place of work can install key loggers or use other methods of monitoring the computer while online. Someone who has access to this information could read these logs and gather usernames and passwords. Also, do not store any passwords in your browser if your computer is shared with other coworkers.
When on a wireless network, realize that all information being sent to and from your computer can be intercepted and read by someone nearby. Prevent this from happening by only logging onto a secure network using WEP or WPA (only use WEP if WPA is not available). If this is a home wireless network, make sure it is secure.
Be concerned when logging into an account on a friend’s computer. A computer or network you are not familiar with could intentionally or unintentionally log usernames and passwords. Finally, when logging into any site on a friend’s computer, never save the password information on their browser.
Use an alternative browser
Older versions of Internet Explorer are notoriously insecure. If you are using Internet Explorer as your browser, consider an alternative browser such as Google Chrome or Mozilla Firefox. If you are running Windows 10 and want to continue to use a Microsoft browser, consider using Microsoft Edge instead of Internet Explorer.
Be aware of those around you
While at work, school, library, or anywhere that has people around who could look at the monitor, be cautious of anyone shoulder surfing. Someone could watch you type in your password, which would give them access to your account.
If you need information displayed on the screen to remain private, consider a privacy filter for the display.
Update Internet browser plugins
Often many attackers find security vulnerabilities through browser plugins, such as Adobe Flash. Make sure all installed Internet plug-ins are up-to-date.