US-CERT Cyber Security Tip ST11-001 -- Small Office/Home Office Router Security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1                           Cyber Security Tip ST11-001             Holiday Traveling With Personal Internet-Enabled Devices     The internet is at our fingertips with the widespread use of    internet-enabled devices such as smart phones and tablets. When traveling    and shopping anytime, and especially during the holidays, consider the    wireless network you are using when you complete transactions on your    internet-enabled device.  Know the risks     Your smart phone, tablet, or other internet-enabled device is a full-fledged    computer. It is susceptible to risks inherent in online transactions. When    shopping, banking, or sharing personal information online, take the same    precautions with your smart phone or other internet-enabled device that you    do with your personal computer — and then some. The mobile nature of these    devices  means  that you should also take precautions for the physical    security of your device (see Protecting Portable Devices: Physical Security    for more information) and consider the way you are accessing the internet.  Do not use public Wi-Fi networks     Avoid using open Wi-Fi networks to conduct personal business, bank, or shop    online. Open Wi-Fi networks at places such as airports, coffee shops, and    other public locations present an opportunity for attackers to intercept    sensitive  information  that  you  would provide to complete an online    transaction.     If you simply must check your bank balance or make an online purchase while    you are traveling, turn off your device's Wi-Fi connection and use your    mobile device's cellular data internet connection instead of making the    transaction over an unsecure Wi-Fi network.  Turn off Bluetooth when not in use     Bluetooth-enabled  accessories  can  be helpful, such as earpieces for    hands-free talking and external keyboards for ease of typing. When these    devices are not in use, turn off the Bluetooth setting on your phone. Cyber    criminals have the capability to pair with your phone's open Bluetooth    connection when you are not using it and steal personal information.  Be cautious when charging     Avoid connecting your mobile device to any computer or charging station that    you do not control, such as a charging station at an airport terminal or a    shared computer at a library. Connecting a mobile device to a computer using    a USB cable can allow software running on that computer to interact with the    phone in ways that a user may not anticipate. As a result, a malicious    computer could gain access to your sensitive data or install new software.    Don't Fall Victim to Phishing Scams If you are in the shopping mode, an    email that appears to be from a legitimate retailer might be difficult to    resist. If the deal looks too good to be true, or the link in the email or    attachment to the text seems suspicious, do not click on it!  What to do if your accounts are compromised     If you notice that one of your online accounts has been hacked, call the    bank, store, or credit card company that owns your account. Reporting fraud    in a timely manner helps minimize the impact and lessens your personal    liability. You should also change your account passwords for any online    services associated with your mobile device using a different computer that    you control. If you are the victim of identity theft, additional information    is available from http://www.idtheft.gov/.     For  even  more  information  about  keeping  your  devices safe, read    Cybersecurity for Electronic Devices.      _________________________________________________________________     Produced in 2011 by US-CERT, a government organization.     Terms of use     http://www.us-cert.gov/legal.html     This document can also be found at     http://www.us-cert.gov/cas/tips/ST11-001.html     For instructions on subscribing to or unsubscribing from this    mailing list, visit http://www.us-cert.gov/cas/signup.html.      -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)  iQEVAwUBTu9Xmz/GkGVXE7GMAQJKKAf/UcQLo41xzzLRs1TmvhOwNzx0fCguFHdh W4/6YaDQ7rDxOBBaZLLwu351/Lh1ohMixF3GheLhqNZ9TB1A/cxxUrIa/i38wvpz aWcrNP9eQ55cs3+ngyZl98ZOnE+pyyFKNDctgZrohM3folJeRXj+Bj3gcxkJ80fi t7aQ0gJ94y6lkDZChLoVlNACOiErZcGh2/kcIYMgXSpnJU2mC5XLciZAsXxg/n9J yAar0zNOy/dKUJMkVJcfTaVtmMO8QlWb2iWkoAjC6qmqt8jE92Whntgw2HQ/e01m snMfLm791S6VBiOJG8+76h9404yFK6sC+mCnpeBtRgr06thtwnZfNA== =y/DQ -----END PGP SIGNATURE-----