- I do not discuss personal nor confidential information in public.
- I protect myself from tailgating, drafting, shoulder surfing, and video spying.
- I re-engage latches and locks when I close them, and log out of websites promptly when finished using them.
- I need to be sure consistently that I am not being watched nor followed.
- I stay informed on new means to break security.
- I am on alert with a "good lay of the land" and a good sense of what belongs.
- If someone/something seems out of place, I investigate or report it.
- I am not afraid to ask around.
- I know physical security breaches can tarnish my reputation, take my property, take my competitive advantage, or harm my body.
- I know criminals are opportunistic, and seek out ways to abuse the weakest place and time to make an attack.
- I document information related to suspected breaches including who was notified about it, how/when/where the breach occurred, and what was done to contain the damage.
- I don't hide important items in obvious places such as a doormat or under a keyboard.
I have the right to associate with whom I choose and to be left alone by others and the right to have control of and confidentiality regarding my personal information.
I respect and protect personal information and handle it carefully and securely. I am transparent and accountable for how I use personal information. I give others choice about how I use their information and allow them to view and edit the records about them that I may store. I expect the same care and concern that I would for my own information.
- I protect basic facts about my life.
- I do not trust nor disclose information to strangers nor suspected posers, nor do I rely on contact information from the suspected source.
- I verify identities and credentials (permissions) of people who I meet in person, on the phone, or through electronic channels.
- Even just a few pieces of information such as zip code and birthday can uniquely identify an individual.
I am aware that certain singular pieces of information can by themselves track an individual, including:
- full name
- home address
- phone number
- geographic location data
- IP address
- email address
- account number
- account login
- national, state, or work identifier
- I keep my mobile devices and data secure from loss or theft using passwords, locks, encryption and physical proximity.
- I know social engineering scams such as phishing can cause identity theft, harm reputation, harm finances, cause legal interaction, erode privacy, and disrupt work.
- I identify the URL before accessing the page.
- I avoid bad QR codes and disable instant navigation on QR reader apps.
- I hover over links before clicking to view the URL location, or right click to copy the URL location to examine it before navigating the link.
- I use a search engine or another proper means to verify the identity of a legitimate website before visiting.
I add a
+to URL shorteners so I can view the link first (for example, from tinyurl.com and bit.ly).
I read the authority portion of the URL carefully which lives between
https://and the first following
/ ? #slash, question mark, or pound sign before clicking a link. The righthand side of the link identifies the actual website/root domain, and anything to the left is the subdomain of the URL.
- If the browser, search engine or security software warns about a dangerous URL, I don't ignore nor proceed with navigation.
I read the URL before navigating to it.
I watch for IP addresses, misspelled names and extra
- . @hyphens, dots, or at signs in the URL that could affect the actual authority portion of the URL.
- I realize any unverified, unencrypted, or misidentified website may be a spoof or man-in-the-middle attack.
- Free downloads can tempt me to risk harm to my computer if I yield to their enticements without exploring better (legal) alternatives first.
- I create strong passwords, protect them, and never share them.
- I use a variety of passwords and do not allow websites, auto-complete, and applications to store them directly.
- I am familiar with techniques available to change and strengthen my passwords.
- I don't use personal information in my passwords.
- I use my most complex passwords for financial accounts or other sensitive accounts.
- I don't use dictionary words nor, song nor book titles as passwords.
- I use all character classes available to me in creating a password.
- I use longer passwords to limit brute force attempts.
- I don't rely on predictable character substitutions as sole means of adding complexity.
- I secure with passwords, locks, physical barriers, encryption and surveillance.
- I shred confidential information before disposal.
- I beware of posers, or someone taking advantage of my helpful nature in a way that compels my help, such as for opening a door.
- I don't leave my laptop in my car while eating at a restaurant.
- I take measures to protect my personal information and devices from theft or personal gain.
- I store valuables locked up and out of sight of onlookers at all times. If an onlooker may have seen me stow them, I must move them to discourage theft.
- I lock my computer screen.
- I protect my data stored on mobile devices and removable media with means such as encryption and strong pins and passwords.
- I backup my devices on a regular basis to protect my data from loss.
- I am wary of downloading software or apps from unknown sources or with insufficient public reviews.
- I am wary of downloading software or apps that require excessive permissions such as viewing my address book and silently sending text messages.
- I don't download unnecessary programs to my home or work computer.
- I don't trust prompts in browser content areas, especially where it suggests urgency of action to download a program, to update your browser, or to install a plugin to view content.
- I delete suspicious emails and text messages.
- If in doubt, I do not scan, click nor download.
- I do not login any accounts unnecessarily when I use public Wi-Fi or public computers. I restrict its use to public information.
- I use a VPN and SSL encryptions to protect my computer and communications over networks and Wi-Fi connections.
- I confirm encryption and identity of the website before I attempt to login.
- I think about the headline test before I post to social media.
- I seek a new perspective by second opinions or waiting on commitments I am not prepared to make.
- I teach my family discipline against trust so they do not trust strangers nor posting too much information online.
- I monitor child accounts and do not allow them administrator access nor install privileges.
- I teach children about the dangers of social networks and bullying online.