Security Central
What's Security Central all about?

There are many ways our personal and financial information can be compromised and many ways our accounts - email, social media, etc. - can be compromised as well. The good news is that there are also many ways to protect ourselves from these threats. 

Security Central is a resource to learn more about the steps you can take to protect yourself. From cyber security to preventing fraud, you'll find some great information here and we'll cover a different topic each month. 

Topic of the Month: 'Tis the Season

This article from 2016 offers timely information on safe online holiday shopping.

'Tis the season for online gift buying. The National Retail Federation forecasts an increase in online holiday sales this year between 7 and 10 percent over last year - to as much as $117 billion1.

In 2016, high-tech connected devices such as fitness trackers, video cameras and wearables - known as the Internet of Things (IoT) - are on wish lists and gift guides like never before.  A new survey2 from the National Cyber Security Alliance (NCSA) found that more than a third of holiday gift givers (36%) plan to purchase internet-connected gadgets and gear for family and friends. But wait: before you give the gift of connectivity, don't let hackers get in your way. According to the survey, 54 percent of respondents reported a raised level of concern about the security of their internet-connected devices following the "distributed denial of service" or DDoS attack in October. This cyber attack used internet-connected devices, such as cameras, home appliances and baby monitors, to disrupt popular online platforms like Amazon, Twitter and Reddit.

Furthermore, the survey disclosed that 62 percent admit to being "somewhat confident" to "not confident at all" about these devices' safety and security. And an astounding 66 percent are either "not sure" or do not think there is enough information available on how to secure their devices.

"People are genuinely excited about IoT devices and the many benefits they bring to our lives," said Michael Kaiser, NCSA's executive director. "We like to remind everyone that in order to function correctly these devices need to collect information about the user - turning them into the 'Internet of Me.' We strongly encourage all digital citizens to pay close attention to and learn as much as they can about how to secure their devices."

Online shoppers have their security and privacy antennae up when shopping; the survey revealed 25 percent had abandoned a purchase, with nearly 10 percent of those doing so between two and four times in the last year.

Here are the top three reasons respondents gave for abandoning a purchase because of security concerns:
  • Too much information was being asked of me in relationship to the transaction (47%)
  • I could not determine if my information was being handled securely (36%)
  • I just did not feel confident about the transaction (32%)
Consumers are, however, getting smarter and taking action to protect themselves. The survey spotlighted the following security and privacy measures they are practicing:
  • Changing the password on their device before using it (47%)
  • Trying to understand what personal information the device collects, how it is being used and how it is stored (45%)
  • Reading information from the manufacturer about how to keep the device secure over time (34%)
  • Keeping IoT mobile apps (e.g., Nest, doorbell, video camera and security system.) up to date with the latest software updates (30%)
  • Researching the past history of security/privacy concerns about a device (27%)

Being safer and more secure while shopping online is a high priority during the holiday season, a key time for online gift buying. This year's Cyber Monday - which falls on November 28 - is predicted to be the biggest and busiest ever, generating $3.36 billion in sales with 9.4 percent growth compared to 20153. And, along with IoT, technology is expected to impact the gift-giving ritual in entirely new ways, with virtual reality, artificial intelligence and mobile and alternative payments taking over the online purchasing landscape.

Online Holiday Shopping

"More consumers are shopping online than ever before, and everyone needs to be extra cautious and protect themselves even more against cyber threats, scams and identity theft. Good cybersecurity practices must be a critical focus not only during heavy-volume timeframes, but all year long," said Kaiser. "Keep in mind that online shopping also means it's scammer season. There are 'can't miss' offers everywhere. It's nearly impossible for thrifty cybershoppers to visit the digital marketplace without thinking about identity theft, credit card fraud or compromising financial data and other personal information that hackers actively seek."

NCSA's STOP. THINK. CONNECT.TM campaign recommends following this basic safety and security advice.

Get Ready to Cyber Shop Safely:
  • Lock down your login: One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics,security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Keep clean machines: Before searching for that perfect gift, be sure that all web-connected devices - including PCs, mobile phones, smartphones, and tablets - are free from malware and infections by running only the most current versions of software and apps.
  • Conduct research: When using a new website for your holiday purchases, read reviews and see if other customers have had a positive or negative experience with the site.
While Navigating the Digital Marketplace:
  • Get savvy about Wi-Fi hotspots: If you are out and about, limit the type of business you conduct over open public WiFi connections, including logging in to key accounts, such as email and banking. Adjust the security settings on your device to limit who can access your phone.
  • When in doubt, throw it out: Links in emails, posts and texts are often the ways cybercriminals try to steal your information or infect your devices.
  • Personal information is like money; value it and protect it: When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
Resources for staying safe and secure while shopping online during the holidays:

1National Retail Federation Holiday Headquarters, October 4, 2016.

2NCSA Online Holiday Shopping Survey, November 10, 2016.

3Adobe 2016 Digital Insight Shopping Predictions, October 27, 2016.

Methodology: As part of widespread efforts to promote online safety education and awareness, NCSA commissioned Zogby Analytics to conduct an onlinesurvey of 1,215 adults in the U.S. on Nov. 9 and 10, 2016. Based on a confidence interval of 95 percent, the margin of error for 1,215 is +/-

Bonus Topic: Tech Support Scams

Some scammers call and claim to be computer techs associated with well-known companies like Microsoft or Apple. Other scammers send pop-up messages that warn about computer problems. They say they’ve detected viruses or other malware on your computer. They claim to be “tech support” and will ask you to give them remote access to your computer. Eventually, they’ll diagnose a non-existent problem and ask you to pay for unnecessary – or even harmful – services.

If you get an unexpected pop-up, call, spam email or other urgent message about problems with your computer, stop. Don’t click on any links, don’t give control of your computer and don’t send any money.

How the Scam Works

Scammers may call, place alarming pop-up messages on your computer, offer free “security” scans, or set up fake websites – all to convince you that your computer is infected. The scammers try to get you on the phone, and then work to convince you there’s a problem. Finally, they ask you to pay them to fix that non-existent problem. To convince you that both the scammers and the problems are real, the scammers may:

  • Pretend to be from a well-known company – like Microsoft or Apple.
  • Use lots of technical terms.
  • Ask you to get on your computer and open some files – and then tell you those files show a problem (when they don’t).

Then, once they’ve convinced you that your computer has a problem, the scammers might:

  • Ask you to give them remote access to your computer – which lets them change your computer settings so your computer is vulnerable to attack.
  • Trick you into installing malware that gives them access to your computer and sensitive data, like user names and passwords.
  • Try to sell you software that’s worthless, or that you could get elsewhere for free.
  • Try to enroll you in a worthless computer maintenance or warranty program.
  • Ask for credit card information so they can bill you for phony services, or services you could get elsewhere for free.
  • Direct you to websites and ask you to enter your credit card number and other personal information.

These scammers want to get your money, access to your computer, or both. But there are things you can do to stop them.

If You Get a Call or Pop-Up

  • If you get an unexpected or urgent call from someone who claims to be tech support, hang up. It’s not a real call. And don’t rely on caller ID to prove who a caller is. Criminals can make caller ID seem like they’re calling from a legitimate company or a local number.
  • If you get a pop-up message that tells you to call tech support, ignore it. There are legitimate pop-ups from your security software to do things like update your operating system. But do not call a number that pops up on your screen in a warning about a computer problem.
  • If you’re concerned about your computer, call your security software company directly – but don’t use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online, or on a software package or your receipt.
  • Never share passwords or give control of your computer to anyone who contacts you.
  • Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything the software says is a problem.
  • Change any passwords that you shared with someone. Change the passwords on every account that uses passwords you shared.
  • If you paid for bogus services with a credit card, call your credit card company and ask to reverse the charges. Check your statements for any charges you didn’t make, and ask to reverse those, too. Report it to ftc.gov/complaint.

Here's another good read about tech scams.