Sign In

Security Awareness

Breaking News

Are you being safe while browsing the web?

Here are some cyber security best practices 

Read on for some good rules to follow and solid habits to develop to ensure that you surf online more safely and securely.

  • Avoid public or free Wi-Fi. Attackers often use wireless "sniffers" to steal users' information as it is sent over unprotected networks. The best way to protect yourself from this is to avoid using these networks altogether. A more secure alternative may be using your smartphone to set up a personal hotspot, using a strong password.
  • Ensure the sites you use to access personal and financial information use HTTPS protocols. Check for an "https:" or a padlock icon in your browser's URL bar to verify that the communication between your computer or mobile device is secure before entering any personal or financial information (on banking or travel sites, for example). The "s" in "https" stands for secure, meaning that the website employs SSL encryption for data in transit.
  • Regularly monitor your bank statements. Keep a watchful eye on your credit card and banking statements, so you can react quickly if one of your accounts is compromised.
  • Read those privacy policies and terms of service. Websites' privacy policies and user agreements should provide details on how your information is being collected, used, and protected, as well as how that site tracks your online activity. For example, will the company share your data with third parties? What happens to your data if you delete your account? You should avoid sharing information or creating accounts on websites that do not provide this information in their policies.
  • Disable passwords stored in your browser. Nearly all browsers offer to remember your passwords for websites to make it easier to log in again in the future. However, enabling this feature stores your passwords in one location on your computer, which makes it easier for an attacker to discover a list of your passwords if your system is compromised. If you have saved passwords in your browser, you are encouraged to disable that feature and clear any stored passwords using these instructions for each major browser. Secure password managers like LastPass and Dashlane are a more secure option for managing your strong online passwords. At home, your internet service provider may give you access to Norton or McAfee suites, which also feature secure password managers.
  • Beware of pop-ups or pages that prompt you to click a link and run software. Malicious websites can create prompts that look like messages from your browser or computer. These message pop-ups try to short-circuit your logic and make you panic, like with huge WARNING signs or statements like YOUR COMPUTER HAS A VIRUS. If you see a pop-up you think is risky, go with your gut. Immediately close out of the browser (Ctrl + W keys) without clicking on any OK buttons or links. Your IT department manages the programs necessary to protect your work computer, so no other software or scans are needed.
  • Watch for shortened URLs and numbers, hyphens, or special characters in a URL. As you learned in the Safer Web Browsing course, remember that hackers use legitimate-looking topics and manipulate URLs to trick you into clicking. Be wary of shortened URLs (services like TinyURL and Bitly), all URLs posted in Facebook and other social media sites, as well as those sent via email. Before you click, hover over and scrutinize each URL to make sure you will be taken to a legitimate website. You can even use a search engine to identify the actual URL for this company or website.

These healthy habits can help you use online resources more safely and securely. Safer surfing helps to protect the Society – including its staff, investors, data, and mission – against cyberattacks and other online threats. 


  • Help maintain your own online security – read our IT department's advice on safe use of passwords and usernames

    Life today seems to involve an ever-increasing number of passwords and usernames for the various sites, accounts, and online places we all have reason or need to visit. It can be overwhelming to keep track of them all and change them at the recommended intervals – even if we do understand the reason for passwords. 

    Unfortunately, breaches and attacks are all too common these days. When your data is involved in a breach, it can be released on the dark web and other foul places on the internet. Bad actors will then try combinations of usernames (often an email address) and passwords from the site they breached on other sites and platforms.

    For example, say you used the same password for LinkedIn and your personal email. If they accessed your login information from a LinkedIn breach, a bad actor could then log into your Yahoo or Gmail account and begin spamming emails using your account, tricking your family, friends and even strangers.

    In this month's security awareness article, Information Technology reminds us of the importance of using unique passwords and usernames for each site we visit, and to change our passwords at regular intervals.

    Using unique passwords across different sites makes it harder to hack your whole digital life. For the same reason, consider using unique usernames, rather than your email address, for important accounts like banking and credit cards. If you have trouble remembering all those usernames and passwords, many free and premium password managers like Dashlane and LastPass can help you keep track of your accounts across multiple devices.

    For particularly important accounts, like a social account you use to log into many places or an email account that is tied to your bank accounts, try using two-factor authenticationwhen available. Two-factor authentication requires that you confirm your identity by using something you know (a password) and a second factor other than something you have or something you are. You can also establish a customer-specific personal identification number (PIN) to help secure online access. These features are available for most banking sites and free email providers like Gmail, Microsoft, and Yahoo.

    Also, pick an interval of time at which you will change your passwords, and set a reminder on your calendar. Even once a year is better than never. Sometimes breach information is not published until years after the breach. If you have already changed your password, you have limited the damage. If you are lucky, you changed your password before anyone even bought it!

    If you want to check if your account info is for sale, security researcher Troy Hunt has set up a website,haveibeenpwned.com, that allows you to enter emails and usernames and check whether they appear on data breach lists.

    Using unique usernames and passwords are two ways to help protect yourself in this online world in which we live. 

back to top