The Washington Post
• Don't share passwords with anyone. Avoid using common words, phrases, or personal information. Update regularly.
• Keep your operating system, browser, anti-virus and other critical software up to date. Security updates and patches are available free from major companies.
• Verify the authenticity of requests from companies or individuals by contacting them directly. If you are being asked to provide personal information via email, you can independently contact the company directly to verify this request.
• Pay close attention to the URLs of websites you visit. Malicious websites sometimes use a variation in common spelling or a different domain (for example, .com instead of .net) to deceive unsuspecting computer users.
• Major data thefts can happen when attackers gain wireless access to an organization from a conference room or parking lot. Run wireless scanning detection to see unauthorized uses.
• Restrict access and secure the personal information of employees and customers to prevent identity theft.
• Run "penetration testing" on your own system to expose vulnerabilities.
• Maintain a functional backup system.
• Update software with constantly upgraded security.
• Turn off the option to automatically download attachments.
• Save and scan any attachments before opening them. If you have to open an attachment before you can verify the source, take the steps listed below.
• Run anti-virus scans frequently.
Social media, videogames, chat sites
• Limit the amount of personal information you post, such as your address. Watch what friends post about you to make sure you are comfortable sharing that information with strangers.
• Use privacy and security settings that limit the information you share online.
• Be wary of strangers and the huge amount of false information online.
• Only access the Internet over a secure network. Maintain the same vigilance on your mobile device that you would on your computer.
• Be suspicious of unknown links or requests sent through text message. Do not click on unknown links or answer strange questions sent to your mobile device, regardless of who the sender appears to be.
• Download only trusted applications from reputable sources or marketplaces.
• Talk to your children about Internet safety. Keep your family's computer in an open area and talk to your children about what they are doing online, including who they're talking to and what websites they're visiting.
• Inform children of of online risks so that they are able to recognize suspicious activity and safeguard their personal information.
SOURCE: Department of Homeland Security, SANs, CSIS