You are probably familiar with many of the standard best practices for safeguarding your data, such as avoid carrying unencrypted sensitive data on portable devices; use a complex password; and keeping your PC current with updated anti-virus software and security patches. However, do you realize that another important aspect of safeguarding your data means taking precautions about the information contained on printers or copiers?

Increasingly, printers, copiers and related devices come with hard drives capable of storing large volumes of information. The data you print, copy, scan, or fax may be stored on the hard drive permanently.

Recent news coverage has highlighted the fact that confidential information can be recovered from printers, copiers and similar devices after they are sent to surplus or returned to the vendor at the end of their lease. Some of the confidential information recently reported to be found on these machines included social security numbers, birth certificates, bank records, income tax forms, medical records, and pay stubs with names.

How do I keep my data secure?

Assume that any document that you printed or scanned is stored on the device. At a minimum, be aware that when you dispose of your printer, fax, copier or scanner, there may be a hard drive containing images of all of your documents. In order to properly dispose of the device, have the hard drive securely wiped before you give the device away or sell it, or if the device’s hard drive is removable, remove the drive entirely and have it securely destroyed.

Individuals and organizations should review the following recommendations for printers, copiers, scanners, and faxes:

• Settings: Configure the devices to encrypt the data, if possible.
• New Devices: Purchase/lease devices with disk encryption and immediate data overwriting capability.
• Disposal: Remove or wipe the hard drive before disposal.
• Use of Public Devices: Be cautious if using public printers\copiers\scanner\faxes for documents containing confidential information.

Additional Information:
• Identity Theft Awareness: http://www.identity-theft-awareness.com/digital-copiers.html
• Identity Theft Fixes: http://www.identitytheftfixes.com/company_copiers_and_identity_theft_–_is_your_company_at_ris.html
• CBS News – Digital Photocopiers Loaded With Secrets: http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
• SANS Reading Room: http://www.sans.org/reading_room/whitepapers/networkdevs/auditing-securing-multifunction-devices_1921
• Xerox: http://www.xerox.com/information-security/product/enus.html
• Cannon: http://www.usa.canon.com/cusa/production/standard_display/security-main-page
• HP: http://h71028.www7.hp.com/enterprise/cache/617575-0-0-225-121.html
• Toshiba: http://www.copiers.toshiba.com/usa/security/device-security/index.html

Brought to you by:

www.msisac.org

http://www.hawaiipublicradio.org/audio/BMC_052610.mp3

for more podcasts from Hawaii Public Radio please visit http://www.hawaiipublicradio.org

As with most types of equipment, you must perform periodic maintenance on your home PC to keep it in good operating condition. Performing maintenance will help your PC run faster, use resources more efficiently, and could save you from headaches caused by system failures and degradation. Most importantly, proper PC maintenance is crucial in order to protect your machine from security threats such as worms, viruses and other malicious activity.

How do I keep my home PC maintained?

Note: The following steps are provided to help ensure that your home PC operates effectively and securely. Most of the tips can be performed with moderate knowledge of PCs and can generally be completed in a short time. More detailed, in-depth assistance may be required in some instances, in which case you may wish to consult a qualified computer repair professional.

 Establish and maintain a plan. Make a plan to perform periodic maintenance and put it on your calendar as a reminder. Back up critical files system files and programs before beginning.

 Set a System Restore Point. Before you begin your periodic maintenance or make any significant changes, set up a system restore point, which will enable recovery from any error that may occur during maintenance. To set a System Restore Point, click Start, All Programs, Accessories, System Tools, System Restore, Create a Restore Point. (For “Classic” Start Menu: click Start, Programs, Accessories, System Tools, System Restore, Create a Restore Point.)

 Remove unnecessary files or programs. Empty your Recycle Bin and delete Windows temporary files. Remove installed programs that you no longer use. The Disk Cleanup program does all of these tasks including the deletion of unneeded Windows components. To access the Windows Disk Cleanup program, click: Start, All Programs, Accessories, System Tools, Disk Cleanup. (For “Classic” Start Menu, click: Start, Programs, Accessories, System Tools, Disk Cleanup.)

In Internet Explorer, clear your history, temporary Internet files, and cookies by clicking on Tools, Internet Options and select the tab labeled “General.” Click on the Delete button under the section labeled “Browsing history.”

Finally, archive or delete old files such as documents, images and graphics that are no longer needed.

 Optimize system performance. Configuring your PC software to operate as efficiently as possible will help your PC run faster and smoother. Organize your data files in a central folder with appropriate subfolders (do not save files in the root directory or on the desktop). This makes backup easier and can reduce fragmentation on your hard drive.

 Run a defragment tool on your disk drive. To do so, click Start, All Programs, Accessories, System Tools, Disk Defragmenter. (For “Classic” Start Menu, click Start, Programs, Accessories, System Tools, Disk Defragmenter.)

 Apply updates and patches. Make sure your operating system and software applications have the latest updates installed—and that the auto-update feature is enabled. Ensure that your anti-virus/anti-spyware/anti-adware software are running and receiving automatic updates. Check vendor and manufacturer websites for device drivers updates, and apply patches as needed. Renew all maintenance contracts/subscriptions.

 Perform regular backups. All critical files, as well as any information not easily replaced should be backed up. Check backup functions to ensure they are operating properly. Back up your files to a remote location (external hard drive or PC).

 Check your firewall. Review firewall settings for product configurations. Confirm that settings are appropriate for the current level of security needed.

 Routinely change your passwords. Routinely change all of your passwords for local applications, as well as those used for websites. Use strong passwords with at least eight characters and incorporate a mix of numbers, special characters, and upper and lower case letters.

 Perform hardware inspections. Perform a visual check of your PC hardware to prevent potential problems before they occur. This includes examining your surge suppressor, UPS, power strip, and cables for any damage. Replace batteries as needed.

Additional Information:
• Multi-State Information Sharing and Analysis Center Cyber Security Tips Newsletter – http://www.msisac.org/awareness/news/2008-03.cfm

• Small Business Computing – http://www.smallbusinesscomputing.com/testdrive/article.php/3864116/7-Basic-Windows-PC-Maintenance-Tips.htm

• Tips4PC – http://www.tips4pc.com/articles/computer%20maintenance/computer_maintenance_checklis_tips.htm

• Sensible-Computer-Help – http://www.sensible-computer-help.com/computer-maintenance-tips.html

• Microsoft – http://www.microsoft.com/athome/setup/maintenance.aspx

For more monthly cyber security newsletter tips visit: www.msisac.org/awareness/news/

Brought to you by:

www.msisac.org

Identity theft is a crime in which your personal information such as your name, social security number, date of birth, and address is stolen and may be used by someone to assume your identity, often for the purpose of financial gain. It is also referred to as “identity fraud” when the stolen identity is used to impersonate the victim. Methods a criminal may use to steal your data over the Internet include hacking or using spam and phishing. Social media sites and file sharing can be prime targets for identity thieves, since users often make the assumption of a trusted environment, sharing personal information without understanding the consequences.

Identity theft is not just a risk for those who use the Internet. Criminals can obtain information by sorting through garbage, eavesdropping, stealing wallets, picking up receipts at restaurants, and other means.

Once enough information is gathered, criminals may open new credit card accounts, apply for loans, empty your bank accounts, make charges on your credit card, or develop fake forms of identification.

Identity thieves will not always use the information themselves. They may sell it to underground markets for financial gain.

What can I do to protect my identity?

• Ensure that any computer used to connect to the Internet has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.
• Do not follow links provided by unknown or un-trusted sources.
• Do not open e-mail attachments from unknown users or suspicious e-mails from trusted sources.
• If you employ file sharing programs, check the configuration settings to ensure you are not inadvertently sharing your personal information.
• Be careful what personal information you distribute, particularly on social networking sites, and continuously check to see what information others may be posting about you. Also verify your privacy settings to ensure you are not inadvertently sharing your personal information.
• Check your credit reports from all three major credit bureaus (Equifax, Experian, and TransUnion) at least once a year. You are entitled to one free credit report

from each bureau every year. You may wish to stagger your requests to check a different credit bureau every four months.
• Guard your personal information, including your social security number. Don’t carry your social security card with you, and don’t provide your social security number to anyone unless they have a legitimate need for it.
• Don’t put your social security number or driver’s license number on your checks.
• Be aware of your surroundings when providing personal information orally. Watch for eavesdroppers.
• Properly discard hard copy documents containing personal information. A crosscut paper shredder works best.

What do I do if my identity has been stolen?

The first step is to notify your bank, and any other entities with which you have accounts, to inform them that someone may be using your account fraudulently. File a report with your local police and report the event to the Federal Trade Commision. It is helpful to have your financial statements available to better explain your situation.

Contact all three major credit bureaus to request a credit report, and have a fraud alert or a credit freeze placed on your credit reports to prevent accounts from being opened without your permission.

Continue to monitor all of your accounts for any suspicious activity.

Additional Information:

• Multi-State Information Sharing and Analysis Center – www.msisac.org/webcast/02_06/info/resourses.cfm || www.msisac.org/webcast/02_06/

• Federal Trade Commission
www.ftc.gov/bcp/edu/microsites/idtheft/

• Identity Theft Resource Center
www.idtheftcenter.org/

• Test your Identity Theft Knowledge
www.idtheftcenter.org/artman2/publish/c_theft_test/index.shtml

• National Cyber Security Alliance
www.staysafeonline.org/content/protect-yourself

Brought to you by:

www.msisac.org

Volume 5, Issue 3

Social networking sites have become very popular avenues for people to communicate with family, friends and colleagues from around the corner or across the globe. While there can be benefits from the collaborative, distributed approaches promoted by responsible use of social networking sites, there are information security and privacy concerns. The volume and accessibility of personal information available on social networking sites have attracted malicious people who seek to exploit this information.  The same technologies that invite user participation also make the sites easier to infect with malware that can shut down an organization’s networks, or keystroke loggers that can steal credentials.  Common social networking risks such as spear phishing, social engineering, spoofing, and web application attacks attempt to steal a person’s identity. Such attacks are often successful due to the assumption of being in a trusting environment social networks create.

Security and privacy related to social networking sites are fundamentally behavioral issues, not technology issues. The more information a person posts, the more information becomes available for a potential compromise by those with malicious intentions. People who provide private, sensitive or confidential information about themselves or other people, whether wittingly or unwittingly, pose a higher risk to themselves and others. Information such as a person’s social security number, street address, phone number, financial information, or confidential business information should not be published online. Similarly, posting photos, videos or audio files could lead to an organization’s breach of confidentiality or an individual’s breach of privacy.

What are the precautions I should take?

Below are some helpful tips regarding security and privacy while using social networking sites:

• Ensure that any computer you use to connect to a social media site has proper security measures in place. Use and maintain anti-virus software and keep your application and operating system patches up-to-date.

• Use caution when clicking a link to another page or running an online application, even if it is from someone you know. Many applications embedded within social networking sites require you to share your information when you use them.  Attackers use these sites to distribute their malware.

• Use strong and unique passwords. Using the same password on all accounts increases the vulnerability of these accounts if one becomes compromised.

• If screen names are allowed, do not choose one that gives away too much personal information.

• Be careful who you add as a “friend,” or what groups or pages you join. The more “friends” you have or groups/pages you join, the more people who have access to your information.

• Do not assume privacy on a social networking site. For both business and personal use, confidential information should not be shared. You should only post information you are comfortable disclosing to a complete stranger.

• Use discretion before posting information or commenting about anything. Once information is posted online, it can potentially be viewed by anyone and may not be retracted afterwards. Keep in mind that content or communications on government-related social networking pages may be considered public records.

• Configure privacy settings to allow only those people you trust to have access to the information you post. Also, restrict the ability for others to post information to your page. The default settings for some sites may allow anyone to see your information or post information to your page; these settings should be changed.

• Review a site’s privacy policy. Some sites may share information such as email addresses or user preferences with other parties. If a site’s privacy policy is vague or does not properly protect your information, do not use the site.

Additional Information:

• OnGuardOnline: www.onguardonline.gov/topics/social-networking-sites.aspx
• StaySafeOnline – National Cyber Security Alliance:  www.staysafeonline.org/blog/staying-safe-social-media-web-sites
• Social Networking Privacy – A Parent’s Guide: www.ftc.gov/bcp/edu/pubs/consumer/tech/tec13.shtm
• US-CERT–Staying Safe on Social Network Sites: www.us-cert.gov/cas/tips/ST06-003.html

Maintec Inc.

Monthly Security Tips
NEWSLETTER

Volume 5, Issue 1

From the Desk of Jason Fujihara

What  Are the Cyber Trends for 2010?

• Malware, worms, and Trojan horses: These will continue to spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.”  Other methods will require the users to click on a link or button.

• Botnets and zombies: These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks.  Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

• Scareware – fake/rogue security software: There are millions of different versions of malware, with hundreds more being created and used every day. This type of scam can be particularly profitable for cyber criminals — as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

• Attacks on client-side software: With users keeping their operating systems patched, client-side software vulnerabilities are now an increasingly popular means of attacking systems. Client-side software includes things like Internet browsers, media players, PDF readers, etc.  This software will continue to have vulnerabilities and subsequently be targeted by various malwares.

• Ransom attacks: these attacks occur when a user or company is infected by malware that encrypts their hard drives or they are impacted by a Distributed Denial of Service Attack (DDOS) attack. The cyber criminals then notify the user or company that if they pay a small fee, the DDOS attack will stop or the hard drive will be unencrypted.  This type of attack has existed for a number of years and is now gaining in popularity.

• Social Network Attacks: Social network attacks will be one of the major sources of attacks in 2010 because of the volume of users and the amount of personal information that is posted.  Users’ inherent trust in their online friends is what makes these networks a prime target.  For example, users may be prompted to follow a link on someone’s page, which could bring users to a malicious website.

• Cloud Computing: Cloud computing is a growing trend due to its considerable cost saving opportunities for organizations. Cloud computing refers to a type of computing that relies on sharing computing resources rather than maintaining and supporting local servers.  The growing use of cloud computing will make it a prime target for attack.

• Web Applications: There continues to be a large number of websites and online applications developed with inadequate security controls.  These security gaps can lead to the compromise of the site and potentially to the site’s visitors.

• Budget cuts: fiscal constraints will be a problem for security personnel and a boon to cyber criminals.  With less money to update software, hire personnel and implement security controls, enterprises will be trying to do more with less. By not having up-to-date software, appropriate security controls or enough personnel to secure and monitor the networks, organizations will be more vulnerable.

What Can I Do?

The following are helpful tips to assist in minimizing risk:

• · Properly configure and patch operating systems, browsers, and other software programs.
• · Use and regularly update firewalls, anti-virus, and anti-spyware programs.
• Be cautious about all communications; think before you click. Use common sense when    communicating with users you DO and DO NOT know.
• Do not open email or related attachments from un-trusted sources.

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment.  While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture. Organizations have permission–and in fact are encouraged–to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Brought to you by:

www.msisac.org

Maintec Inc.

Monthly Cyber Security Tips
NEWSLETTER

Volume 3, Issue 9

What Personal Information is Collected?

Many types of organizations are interested in obtaining and using your personal information, and it’s important to know what information is being collected, by whom and how it will be used.

Websites track web users as they navigate cyberspace. Data may be  collected about you as a result of many of your routine activities including:

• When you make purchases and pay bills with credit cards, you leave a data trail consisting of purchase amount, purchase type, date, and time.
• When you pay by check, data such as phone number, home address, driver’s license number, etc. may often be requested to verify your identity.
• When you use supermarket discount cards, the store is able to create a comprehensive database of everything you have purchased.
• When you surf the web, you leave a significant data trail such as your name, email address, Internet address of your computer, the name of your computer, the last time you visited that particular site, the type of browser and operating system you are using.
• When you sign up for a subscription or service (for a magazine, book or music club, professional association, warranty card, etc.) or give money to charities your personal information is often collected and stored.

Protecting Your Personal Information

The following tips should be used to help you manage your personal information wisely, to help minimize its misuse, and to lessen the risk of your personal information being compromised:

• Most legitimate websites include a privacy statement.  This is usually a link at the bottom of the home page and details the type of personally identifiable information the site collects about its visitors, how the information is used—including with whom it may be shared— and how users can control the information that is gathered. Be sure to read the privacy statement on websites you are visiting prior to providing any personal information, to understand that entity’s policy regarding protection of data.
• When shopping online, guard the security of your transactions by ensuring the transaction is submitted securely. When submitting your purchase information, look for the “lock” icon on the browser’s status bar to be sure your information is secure during transmission.
• Periodically check your Internet browser settings (e.g. Security and Privacy) to ensure that the settings are adequate for your level and type of Internet activity.
• If you are not already using anti-spyware or adware protection software, start now.  This software is designed to protect against spyware or malware designed to extract private information from your computer without your knowledge. Make sure you keep the anti-spyware or adware protection programs updated.
• Be sure to have a firewall installed and enabled on your computer.
• If you store private data on your laptop or other portable electronic devices (e.g. USB), use encryption software to protect your private data in the event the device is lost or stolen.
• Use strong passwords on all your accounts, such as a minimum of eight characters and a mix of special symbols, letters and numbers.
• To protect against identity theft, always question someone who is asking you to reveal any personably identifiable information. Find out how it will be used and whether it will be shared with others.
• Keep items with personal information in a safe place. When you discard receipts, copies of credit applications, insurance forms, health records, bank statements, or other personal documents, tear or shred them.
• Order a copy of your free annual credit report. Make sure it’s accurate and includes only those activities you’ve authorized.

References

To learn more about protecting your privacy, you may wish to visit the following sites:

• Identity Theft: www.ftc.gov/bcp/menus/consumer/data/idt.shtm
• Consumer Action: www.consumer-action.org
• Electronic Privacy Information Center: www.epic.org
• Privacy Rights Clearinghouse: www.privacyrights.org
• World Privacy Forum: www.worldprivacyforum.org
• Free Annual Credit Report: www.annualcreditreport.com
• US-CERT Tips for Strong Passwords: www.uscert.gov/cas/tips/ST04-002.html

The information provided in the Monthly Security Tips Newsletters is intended to increase the security awareness of an organization’s end users and to help them behave in a more secure manner within their work environment.  While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization’s overall cyber security posture.

Brought to you by:

]]> http://www.maintec-hi.com/uncategorized/february-newlsetter/feed/ 0 http://www.maintec-hi.com/uncategorized/monthly-newsletter-2/ http://www.maintec-hi.com/uncategorized/monthly-newsletter-2/#comments Mon, 28 Dec 2009 21:57:43 +0000 jason.fujihara http://www.maintec-hi.com/?p=105 Maintec Inc.

Monthly Security Tips
NEWSLETTER

Volume 4, Issue 12

From the Desk of Jason Fujihara Security vulnerabilities are flaws in the software that could allow someone to potentially compromise your system.  Each year, the volume of software security vulnerabilities discovered increases, and the hacking tools available to exploit these vulnerabilities become more readily available and easier to use.  Vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office are prime targets of attacks on computers connected to the Internet. Recent statistics reported show that 48% of the cyber attacks identified in the second quarter of 2009 were targeted against vulnerabilities in Adobe Acrobat/Adobe Reader¹ and in October 2009 Microsoft released patches for a record number of security holes.  No entity is immune to vulnerabilities, so we must ensure we understand the risks and take appropriate mitigation steps.

Why do I need to update my software?

One of the basic tenets of computer security is to update your operating system and other software installed on your computer. Software updates fix problems in the software, add functionality, and most importantly, fix vulnerabilities that impact the security of the software and subsequently your computer.  These vulnerabilities can lead to your computer—and information that resides on it—being compromised.  Exploitation of vulnerabilities may occur by opening documents, viewing an email which contains malicious code or visiting a web site hosting malicious content.  Seventy percent of the top 100 web sites hosted malicious content or contained a link designed to redirect users to malicious sites.²

What is a software patch (fix) and when should I install software patches?

Patches are often called “fixes.”  A patch is software that is used to correct a problem to an application (software program) or an operating system.  Computer companies are continuously addressing security holes (i.e. vulnerabilities) in computer software which could be used to infect your computer with a virus, spyware or worse.  When vulnerabilities are discovered, the software vendor typically issues a fix (i.e. patch) to correct the problem.  This fix should be applied as soon as possible since the average time for someone to try to exploit this security hole can be as little as a few minutes.  Most major software companies will periodically release patches, usually downloadable from the Internet, that correct very specific problems in their software programs.  Please check with your software vendor that the update will not interfere with the operation of your programs.

My computer includes hundreds of software programs– which ones do I need to update and how often?

One of the challenges facing the average computer user is to know which software needs to be updated and how often. Software programs that communicate or interact with the Internet are especially susceptible to attacks and should be kept at a vendor-supported version and current on all patches.

Many software programs include a feature called “auto update.”  This feature allows the computer to check for updates at periodic intervals.  The software will automatically check for updates and save them

to your computer.  Some updates will instruct you to “reboot” your computer before the software update can be applied.

At a minimum, you should enable the auto update feature on the following products:

• Anti-virus and Anti-spam signatures: anti-virus and anti-spam software requires regular updates to virus and spam signatures to remain effective.  New viruses and other types of malware appear every day and the anti-virus/anti-spam vendors release new signatures on a daily basis to stay on top of the new threats.
• Windows Office software: Word, Excel, Outlook, etc. – (see below for updating Windows software)
• Internet Browsers: e.g., Internet Explorer (Microsoft), Firefox (Mozilla), Safari (Apple) and Chrome (Google).  Make sure you update any software you use for browsing the Internet.
• Adobe products: e.g., Adobe Reader, Adobe Acrobat, Flash, Shockwave
• Media Players: e.g., Windows Media Player (Microsoft), QuickTime (Apple), Real Player (Real Networks) and Flash Player (Adobe)
• Java (Sun Microsystems):  Java is software that is installed on most computers to allow users to play online games, conduct online chats, and view images in 3D, among other functions. It is also used for Intranet applications and other e-business solutions.
• Other software programs that communicate or interact with the Internet, like e-mail, web servers, and remote desktop software are especially susceptible to attacks and should be kept current on patches and version levels.

It is very important to promptly download and patch your operating system and programs whenever security updates or “service packs” become available.  These patches are created to protect systems against potential attacks.  Be aware that attacks sometimes occur before updates are released.

How do I update my Microsoft Windows programs?

Windows Update is a Microsoft service that provides updates for the Windows operating system and other Microsoft software.  Installing Windows updates, such as “service packs” and other patches, is necessary to keep your Windows system secure.   To activate Windows Update, go to Settings/Control Panel/Automatic Updates.  When you turn on Automatic Updates, Windows routinely checks the Windows Update web site for high-priority updates that can help protect your computer from the latest viruses and other security threats. These updates can include security updates, critical updates, and “service packs.”  Depending on the setting you choose, Windows automatically downloads and installs any high-priority updates that your computer needs, or notifies you as these updates become available. Be sure to set the auto updates to daily, as patches can be released at any time.

Note: Many organizations have formal processes to patch systems that will automatically update all appropriate software.  In these situations, no end user action is required.

******************************

Source:  1.  F-Secure
Source:  2.  SC Magazine

For more information, please visit the monthly cyber security newsletter tips at:

www.msisac.org

The holiday season is approaching quickly and many of us will be shopping online. comScore estimates that in one day alone last year –Cyber Monday on December 1–$846 million was spent in online shopping, marking a 15% jump from 2007. With the increased volume of online shopping, it’s important that consumers understand the potential security risks and know how to protect themselves and their information.

The following tips are provided to help promote a safe, secure online shopping experience:

 Secure your computer. Make sure your computer has the latest security updates installed. Check that your anti-virus/anti-spyware software is running and receiving automatic updates. If you haven’t already done so, install a firewall before you begin your online shopping.

 Upgrade your browser. Upgrade your Internet browser to the most recent version available. Review the browser’s security settings. Apply the highest level of security available that still gives you the functionality you need.

 Ignore pop-up messages. Set your browser to block pop-up messages. If you do receive one, click on the “X” at the top right corner of the title bar to close the pop-up message.

 Secure your transactions. Look for the “lock” icon on the browser’s status bar and be sure “https” appears in the website’s address bar before making an online purchase. The “s” stands for “secure” and indicates that the webpage is encrypted. Some browsers can be set to warn the user if they are submitting information that is not encrypted.

 Use strong passwords. Create strong passwords for online accounts. Use at least eight characters, with numbers, special characters, and upper and lower case letters. Don’t use the same passwords for online shopping websites that you use for logging onto your home or work computer. Never share your login and/or password.

 Do not e-mail sensitive data. Never e-mail credit card or other financial/sensitive information. E-mail is like sending a postcard and other people have the potential to read it.

 Do not use public computers or public wireless to conduct transactions. Don’t use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your credit card information when you place your order. Criminals may be monitoring public wireless for credit card numbers and other confidential information.

 Review privacy policies. Review the privacy policy for the website/merchant you are visiting. Know what information the merchant is collecting about you, how it will be used, and if it will be shared or sold to others.

 Make payments securely. Pay by credit card rather than debit card. Credit/charge card transactions are protected by the Fair Credit Billing Act. Cardholders are typically only liable for the first $50 in unauthorized charges. If online criminals obtain your debit card information they have the potential to empty your bank account.

 Use temporary account authorizations. Some credit card companies offer virtual or temporary credit card numbers. This service gives you a temporary account number for online transactions. These numbers are issued for a short period of time and cannot be used after that period.

 Select merchants carefully. Limit your online shopping to merchants you know and trust. Confirm the online seller’s physical address and phone number in case you have questions or problems. If you have questions about a merchant check with the Better Business Bureau or the Federal Trade Commission.

 Keep a record. Keep a record of your online transactions, including the product description and price, the online receipt, and copies of every e-mail you send or receive from the seller. Review your credit card and bank statements for unauthorized charges.

What to do if you encounter problems with an online shopping site:

If you have problems shopping online contact the seller or site operator directly. If those attempts are not successful, you may wish to contact the following entities:

 State Attorney General’s office
 Consumer protection agency
 Better Business Bureau at: www.bbb.org
 Federal Trade Commission at: www.ftc.gov/