Education Sources and Advice

This page focuses on Security Education and Security Education Sources

Freezing Credit Reporting and Controlling online identities is also addressed here

Key Security Concepts drive the information on this page.

Always using an trusted path (bookmark and verified url) to access important accounts goes hand in hand with not clicking links.

Using a password manager with 2-factor authentication helps insure against reused passwords (and credential stuffing attacks), as well as access via a stolen / compromised password or password disclosure through a phishing website.

Configuring for Security and Privacy is a foundation to help protect yourself WHEN you are exposed to a malicious actor attack.

Background: You should assume that Personally Identifiable Information (PII) including your name, date of birth and social security number, is available online and may be utilized to steal your identity or your money. As cyberattacks become more sophisticated and Artificial Intelligence (AI) makes attacks easier, individuals must stay informed, practice good security habits, and use available product features to help protect themselves, their devices, and their loved ones. Some of the most significant cybersecurity threats can be thwarted with user behaviors and protections available in the devices you already have, but that you do not currently use.

As Product Security and Privacy controls evolve such as vulnerability updates or improved encryption algorithms, associated configurations should be updated when available. Your home network, computer and mobile devices are the most sensitive and critical devices, as they contain personal information like banking details, credit cards, contacts, taxes, documents, and photos. These devices often have layers of configuration that require special attention to security and privacy.

Zero Trust, Least Privilege, Defense in Depth are part of a secure mindset.

Secure by Design and Secure by Default are principles that should be part of any new device purchase decisions.

Network Awareness applies to every network and every device. Home Networks are important because they are most often used with most sensitive devices (computers) and accounts (financial).

Education, Best Practices, Cyber Hygiene and User Behaviors are the Strategy

Advice from Trusted Sources

Trust and Advice: Know where your information is sourced. US Government, International Governments, Standards Organizations and Education Organizations are the best places to start. The links below are from the US Government. The National Security Agency (NSA) and Cybersecurity & Infrastructure Security Agency (CISA) have useful best practices guides and information for your home network. The FBI has a useful page on Credit/Debit/EBT Card Skimming. The Project Upskill link is from CISA and provides a much deeper dive on security and privacy education.

These links are provided for self-education and convenience. Always verify a link is what you expect - in this case, specifically including the “https://” indicates a secure link protocol is being used and “.gov” indicates a U.S. government domain - as well as carefully looking at the rest of the link.

NSA link on Home Networks Best Practices (February 2023).

https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF

NSA’s Mobile Device Best Practices (September 2021; despite the age, it is still applicable).

https://media.defense.gov/2021/Sep/16/2002855921/-1/-1/0/MOBILE_DEVICE_BEST_PRACTICES_FINAL_V3%20-%20COPY.PDF

CISA guidance on Mobile Communications Best Practices (December 2024)

https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf

FBI webpage on Avoiding Credit / Debit / EBT Card Skimming

https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/skimming

Deeper Dive Education: CISA put together education modules on cybersecurity for “high-risk communities” (journalists, human rights defenders, and others who are at higher risk from cyber threat actors because of their identity or work), but CISA also notes that “this guidance will benefit any individual seeking to improve their personal cybersecurity posture.”

https://www.cisa.gov/audiences/high-risk-communities/projectupskill (this is a set of education modules with some additional useful links included in the material)

Control Your Online Identities and Information

Restricting Access: By establishing online identities (for example, with Social Security, even if you are not old enough to start collecting), someone else cannot fraudulently create an ID using your information. Downloading annual earnings may protect you against database manipulation or destruction.

Freeze Your Credit and Review Periodically Strongly recommend freezing your credit through all three credit bureaus to protect against someone using information about you to potentially create fraudulent transactions or open a line of credit in your name. There is Zero Trust for unknown entities potentially checking your credit with your personal information (name, date of birth, social security number) and Least Privilege for opening anything (deny access if they try).

In the future, you will need to temporarily unfreeze the credit when applying for anything requiring a credit check such as a new credit card or loan - this inconvenience is well worth the effort). For initially creating your individual SSA user account, unfreeze Experian (SSA used this service for identity verification at the time this guidance was captured) while - then refreeze after the account is created.

Access your credit report, check your credit score, place fraud alerts, and learn more about protecting your credit on Credit Bureau Sites. Review monthly or quarterly for unexpected activity or changes.You will need to contact each bureau individually online, by phone or by mail (instructions are available on each site):

  1. Equifax: https://www.equifax.com

  2. Experian: https://www.experian.com

  3. TransUnion: https://www.transunion.com

Experian must be unfrozen to create your “my Social Security account

Online Identities

my Social Security User Account can be established here: https://www.ssa.gov/myaccount/

The SSA uses Experian to verify information. When creating an account, Experian credit report information must be unfrozen. After creating an account, refreeze your credit.

The IRS has an Online Identity Verification Process. Establishing an IRS User Identity (through ID.me service) is one way to help lock down your identity with the IRS.

For IRS related tax scam and fraud information: https://www.irs.gov/help/tax-scams/recognize-tax-scams-and-fraud