Information Security Do’s And Don’ts

September 8, 2021

Information Security Do’s And Don’ts

Online Safety

If you didn’t go looking for it, don’t install it.

Many times, we  are  on  websites  that  advertise  a tool to remove viruses and speed up your computer, and  there  are  many   great   software   packages aimed at doing just that. However, links surrounding our favorite online recipe site or blog may contain spyware or malware. If you specifically search for software to speed up your computer, you are much more likely to find a reputable source.

If you installed it, update it.

Those dreaded updates.  iTunes,  Windows,  Adobe, how many programs could  possibly  need  updates? The answer – ALL OF THEM. Many times websites and viruses exploit your computer due to an outdated browser, operating system, or software. To ease the burden, most software can be set to automatically update. New vulnerabilities come out every day and it only takes one to severely damage your family photos, files, and even your identity.

If you are done using it, remove it.

Chances are, programs  you  stop  using  aren’t getting updated because they are never opened. This is one of the leading causes of virus infection and system compromise.

Does your computer stay on all the time?

When plugged into power, many laptops  and desktops will stay on  24/7.  While  they  use  much less power than they used to, one of the largest risk is leaving a computer connected to the internet

24/7. Putting it to sleep when you leave reduces the amount of time your system has exposure to the internet, which in turn reduces its risk of unattended compromise.  Most  anti-virus/anti-spyware applications  run  at  all  times  and  help  protect against anything that may attack your computer. It’s still a good rule of thumb to have the device turned off if it is not needed at the time.

Installing applications on mobile devices

A lot of our digital lives are spent on smart phones and tablets when we are on the move and  not around our computers. Many of the same tips we have discussed for computers also apply to applications (apps) on mobile devices. In the app stores, there are a lot of apps that could do what you are needing it to do but there are a lot of choices. Some apps may be from non-reputable or third-party developers that should not be trusted.

Make sure to look for the reputable version of the app and grant access to only those items in your mobile device that are not sensitive.

Passwords and Security Questions

When creating passwords, you should ideally use a different password for every website. Password vault applications (LastPass, 1Password, KeePass) are very handy for this. Create passwords that use a combination of words, numbers, symbols, and both upper and lower-case letters. Examples that are easy to remember and secure include phrases from your favorite movie or an inside joke you have with your significant other. While the use of phrases may seem easy to guess, the spacing and  punctuation can make it difficult, and can also thwart a dictionary attack that typically use common word and number combinations (Show me the $$$$!!).

There are also some things that you should avoid when creating a password. Do not use your network id as your password with a number after it and don’t use easily guessed passwords like “admin,” “password” or “user.” Also do not use any personally identifiable information in your password (Social Security number, names, birthday, anniversary, kids, pets, etc). Avoid using words that are in the dictionary with a number after them and using keyboard combinations that are easily guessed (qwerty, 123456, q1w2e3r4t5).

Again, don’t use the same  password  at  multiple sites. If you must reuse a  password,  never  reuse your primary email password. If that email is compromised, other  sites  you  use  that  password for may soon be compromised. You shouldn’t store your passwords in a text file on your computer. It is substantially safer to actually write them down on paper and store them in a fireproof safe.

Many sites like Google’s Gmail allow you to use multi-factor authentication requiring a specific time based PIN as well as your password. That way if your password is compromised, access is still denied.

When creating an account, you will most likely  be asked to set up security questions in the event you forget your password and need to  retrieve  and/or reset it. Make sure to use questions and answers that are not obvious. That makes it harder for someone trying to get into your account by resetting your password.


Probably the most successful way of allowing a system  compromise  or  network  penetration  is by clicking on fraudulent links or files sent to you by someone you trust. It is very easy to spoof an email  address  and  act  as  someone  else  (despite it being against  the  law).  It  happens  every  day, and most likely you have received something  like this in the past. If it seems too good to be true, it probably is. Contact the sender of the email by phone to validate the request. By operating under that principle, you will delete those emails instead of opening them. Also, report these emails to your administrator as soon as you  receive  them.  They will be able to investigate their origin and protect against future attacks. For personal email, mark the email as spam and reach out to your email provider.

Set the privacy mode of all your social media to the highest settings. This is a way attackers can gain the information they use to guess security questions and passwords. As social media matures, it is possible they can guess your mother’s maiden name, as well as the street you grew up on — which are two of the most common security questions.

Use a secure Wi-Fi network at home. While not having a password is convenient, it is one of the worst things you can do for your security.

Free Wi-Fi

While convenient, attaching to any public network, say Starbucks, puts you at substantial risk for someone being able to impersonate you on the internet or completely compromise your computer. This can happen in minutes or even seconds, so your best bet is using your phone as a hotspot.

If you absolutely need to use free Wi-Fi, consider the following tips:

  • Don’t access any of your sensitive sites such as online banking.
  • Make sure the Wi-Fi network you are connecting to is the legitimate network presented by the establishment. You can check with the front-desk at a hotel or someone behind the counter at a restaurant to verify this.
  • Use a Virtual Private Network (VPN) if that is available through your work.


The views expressed are for commentary purposes only and do not take into account any individual personal, financial,  legal  or  tax  considerations.  As such, the information contained herein is not intended to be personal legal, investment or tax advice. Nothing herein should be relied upon as such, and there is no guarantee that any claims made will come to pass. The opinions are based on information and sources of information deemed to be reliable, but Mariner Platform Solutions does not warrant the accuracy of the information.

Investment advisory services provided through Mariner Platform Solutions, LLC (“MPS”). MPS is an investment adviser registered with the SEC, head quartered in Overland Park, Kansas. Registration of an investment advisor does not imply a certain level of skill or training. MPS is in compliance with the current notice filing requirements imposed upon registered investment advisers by those states in which MPS transacts business and maintains clients. MPS is either notice filed or qualifies for an exemption or exclusion from notice filing requirements in those states. Any subsequent, direct communication by MPS with a prospective client shall be conducted by a representative that is either registered or qualifies for an exemption or exclusion from registration in the state where the prospective client resides. For additional information about MPS, including fees and services, please contact MPS or refer to the Investment Adviser Public Disclosure website ( Please read the disclosure statement carefully before you invest or send money.

Investment Adviser Representatives (“IARs”) are independent contractors of MPS and generally maintain or affiliate with a separate business entity through which they market their services. The separate business entity is not owned, controlled by or affiliated with MPS and is not registered with the SEC. Please refer to the disclosure statement of MPS for additional information.

You May Also Like…