Security and Privacy Overview and Summary

Security and Privacy: Whether you're at home, work, or elsewhere, Network Security and Privacy aims to protect your network, devices, software, accounts, and personal information/data from unauthorized access.

The Summary page is intended to provide an overview and trusted links for deeper education and accepted best practices to help enhance your personal security posture.

A compromise of your personal and financial information could lead to identity theft - and the loss of your money, your good credit rating, your overall financial health and your time to get back on track (although financial losses may likely be permanent).

If you are a victim of a scam or fraud, you can file a complaint with the Federal Trade Commission at https://ReportFraud.ftc.gov and the FBI’s Internet Crime Complaint Center at https://ic3.gov

Go to the Education Page. The Guidance provided leverages the three most important principles of cybersecurity - Zero Trust, Least Privilege, and Defense in Depth which assume that the integrity of the network and credentials may already be compromised. In practice, resource access requires strong identity verification every time it is requested (Zero Trust) and should be restricted for actual access rights and time that access is allowed (Least Privilege). Multiple layers of different security technology (Defense in Depth) provide better protection than a single layer. A few examples of practicing a Secure Mindset include:

  • Always using an trusted path (bookmark and verify url) to access important accounts goes hand in hand with not clicking links.

  • Using a password manager with 2-factor authentication helps insure against reused passwords (and credential stuffing attacks), as well as compromised password access via a stolen password or phishing website password disclosure.

  • Logging in from a fresh browser and also logging out of user accounts, and closing the browser window is good hygiene practice.

  • Your devices and operating systems should be current; set them to autoupdate and verify the device is receiving software updates. Device manufacturers may stop updating older devices (replace outdated hardware).

  • Configuring for Security and Privacy provides a foundation to help protect yourself WHEN you are exposed to a malicious actor attack.

  • Control Your Online Identities and Information (if you establish your identity, someone else cannot create and steal it).

Security and Privacy Guidance

The Guidance Section is provided as a public service. It is intended to provide reasonable actions to consider; it is not intended to be bulletproof in terms of home security or privacy - much depends on the underlying devices, the software and the evolving nature of security and privacy risks, but mostly INDIVIDUAL BEHAVIOR. Although this Guidance is reviewed and updated regularly, readers are advised that any statement on security may quickly become out of date due to new threats and vulnerabilities.

  • Problem: Security and Privacy - Defense can be both Tedious and Difficult to Navigate

  • Solution: Education, Best Practices, Cyber Hygiene and User Behaviors are the Strategy

  • Goal: Always practice a Secure Mindset every time you go online or use your devices

Education, Best Practices, Cyber Hygiene and User Behaviors

Control Your Online Identities and Information

Restricting Access: Freeze Your Credit and Review Periodically Strongly recommend freezing your credit through all three credit bureaus to protect against someone using information about you to potentially create fraudulent transactions or open a line of credit in your name. There is Zero Trust for unknown entities potentially checking your credit with your personal information (name, date of birth, social security number) and Least Privilege for opening anything (deny access if they try).

In the future, you will need to temporarily unfreeze the credit when applying for anything requiring a credit check such as a new credit card or loan - this inconvenience is well worth the effort). For initially creating your individual SSA user account, unfreeze Experian (SSA used this service for identity verification at the time this guidance was captured) while - then refreeze after the account is created.

Access your credit report, check your credit score, place fraud alerts, and learn more about protecting your credit on Credit Bureau Sites. Review monthly or quarterly for unexpected activity or changes.You will need to contact each bureau individually online, by phone or by mail (instructions are available on each site):

  1. Equifax: https://www.equifax.com

  2. Experian: https://www.experian.com

  3. TransUnion: https://www.transunion.com