Skip Ribbon Commands
Skip to main content

Internet and Email Safety

We are continuously adopting new and innovative technologies and spending more of our time online. The thirst for computers, smartphones, and Wi-Fi seems to have no limits. At home, at work and at school, our growing dependence on technology, coupled with increasing cyber threats and risks to our privacy, demands greater security in our online world.

 

Cybercriminals do not discriminate; they target vulnerable computer systems regardless of whether they are part of a government agency, large company, small business, or belong to a home user. Follow these steps to reduce your security risk.

Email Safety Tips

 

Email has become an essential tool for communicating, which is why it is so popular with scammers, cybercriminals and advertising companies. See how each of us can keep safe using these email safety tips.

Identifying Phishing attempts

 

Identifying Spam email and Phishing attempts

Phishing emails are messages sent by individuals trying to "fish" for personal or financial information. Phishers are getting better every day at making their messages look authentic.  Phishing is the most prevalent method of distributing malicious software (malware) including Ransomware to a computer.   There are two types of phishing emails:

  1. Emails that ask you to reply to the message with confidential information, such as your user ID and password.  Never respond to any email with confidential information.  City of Albuquerque and other legitimate businesses will never ask for this information via email.
  2. Emails that ask you to click on a link to a web page, which then asks you to provide confidential information. Many times these web pages look like legitimate sites, such as Bank of America or PayPal, but they are not. When you provide your login ID and password, this information is captured by the phisher, who can then use it to log into the legitimate site. 

Additionally, The use of malicious links in email is a very common method of distributing malicious software or malware such as Ransomware to a computer.   Many of this malware is designed to encrypt files on your computer and hold them ransom until a payment is made.  On most occasions, if payment is made, the release of the files is never completed.  It is critical to have up-to-date backups of critical data.   

 

What to do if you get a phishing email

  1. Send any phishing emails you receive, including its full header information, to helpdesk@cabq.gov
    • If you suspect it may be a phishing email, DTI Security can review the message and advise if it is legitimate or not.
    • If you know it is a phishing email, DTI Security can take measures to have the phishing web site taken down or blocked from entering the networked environment.
  2. Never respond to any email with confidential information.  City of Albuquerque and other legitimate businesses will never ask for this information via email.
  3. Use your mouse to hover over links in an email. This will show you the actual website you will be directed to if you click on the link. It is always best to type the address yourself into your web browser, rather than clicking a link in an email.

How to identify a phishing email

Phishing emails:

  • May show the sender on behalf of someone else, such as the City of Albuquerque and generally will not contain the sender's email.
  • May look like an authentic business such as a bank or other financial institute.  Financial institutions will never ask for user id, account information or password information via email or unsolicited phone call. 
  • May look like it is coming from technical support.
  • May ask for user name or password verification.
  • May contain fuzzy logo symbols which are not genuine.
  • May not contain email signatures or any contact information.
  • May have bad grammar and capitalization.
  • Generally require you to take quick action, such as verifying your account to prevent it from being deactivated.
  • May provide an opportunity that is too good to be true. 
  • Can be threatening in nature, e.g. “This will happen if you do not respond immediately”

Be particularly vigilant during holidays or significant events since attackers heighten their activity during these times.

How to Protect Yourself

Here are some best practices that will help protect you and your information:

  • Never provide personal information to an unsolicited source which can come from an email or a phone call.
  • Beware of messages that claim your account has been suspended.
  • Be suspicious of any email with urgent requests for personal financial information.
  • Never click on a link in an email. Instead, always type the legitimate Web address of the site you want to reach directly into your Web browser.  Hover your mouse over the link to determine the specific url being sent to.  If it looks suspicious, do not click on it. 
  • Be suspicious of email messages and other electronic communications from sources you do not know or recognize
  • Use the latest versions of your operating system (OS) and applications.
  • Have the latest security software updates (patches) installed. This includes patches for your OS and applications.
  • Keep your anti-virus software up to date.
  • Report any suspicious emails
  • Save important documents on provided networked drives which are backed up on a regular basis. 

Personal Identifiable Information and Identity Theft

 

There are important practices each of us can do to protect our personal identity.  These best practices are provided to help understand what Personal Identifiable Information (PII) is and, to prevent this data from being stolen.

In an effort to better secure sensitive data, the City of Albuquerque information security office has compiled a quick reference guide for protecting private data.  

Keeping personal information private is each of our responsibilities

Important practices to keep in mind when dealing with private data include:

  • Never post private data on the web

For the complete document see protecting PII data.

Wireless

Wireless computing is flexible and convenient.  Having the ability to move freely while computing provides great opportunities for each of us both in the work environment and at home.  However, if you are not careful, it unknowingly provides the same opportunities to others.  Go to the Wireless document for the complete document. 

Secure your home wireless network

Properly securing your home wireless network is critical to securing your information. Don’t be an easy victim. Here are some ideas to keep your information and home network safe.

Be careful computing in Wi-Fi hotspots

When you are on the move and computing in a Wi-Fi hotspot provided in a coffee shop, bookstore, campus, or airport you need to be wary of hackers waiting to access your network or steal your information.  Most public wi-fi hotspots do not provide security protection for their users.  Here are some ideas to make those hotspots safer.

Anti-Virus

 

 Update your Antivirus Regularly

Your virus protection is only as effective as its last update. New viruses appear all the time. If your antivirus software isn't current, the latest viruses or worms can sneak in.

Antivirus software is especially useful for scanning attachments and links within e-mail messages. E-mail offers many opportunities for security problems and should not be considered secure. Here are some key signs that your computing system may be infected by a virus or worm, and what to do to solve the problem:

 

Remember that it is important to take action as soon as possible to prevent further damage or spread of a compromised system.

Click here for the complete document on how anti-virus can help you protect your computer from viruses.

Physical Security

Physical security is critical in the protection of computer assets. Below are individual actions which will not only help protect the expensive equipment but, improve the physical safety for all city staff.  While these changes may cause you some inconvenience, they are important for the safety of CABQ resources:

 

· When entering a secure location, be cautious of piggy back traffic. Unauthorized personnel use the kindness of staff to hold the door open so they can access secure areas.

· Never leave a vendor or guest in a secure area alone. All vendors and guests should be escorted to their destination.

For a complete list see Physical Security

 

Remember to protect your computer equipment as well. If you have a laptop, it should be registered with the ITSD.

 

For additional recommendation for physical security see:  Physical Security