We look forward to providing you with secure solutions, but since we care deeply about your security, here are a few pieces of advice in the meantime. Don't worry if you don't understand everything. It's a lot to take in. We will be happy to explain anything or assist you with implementing these steps during a consultation or remote service.
Email security: phishing, scams, and malicious filters
Email remains one of the most common attack vectors. Scammers use increasingly convincing messages to steal logins, install malware, or gain silent access to your accounts. Always be cautious with unexpected emails, especially those urging you to click links, open attachments, or “fix” something.
General warnings:
Do not click links unless you explicitly trust the sender.
Be skeptical of urgent language like “immediate action required.”
Double-check the full email address, not just the display name.
Never open attachments unless you were expecting them.
Don’t provide personal information in response to an email.
Malicious filters and forwarding rules
A widespread but lesser-known tactic is tricking users into modifying their email filters or rules. Scammers may instruct you to:
"Add a filter to fix your inbox"
"Block certain warnings for security"
"Filter out these system messages"
"Forward mail to this support address"
These filters often hide security alerts, delete verification messages, or silently forward your mail to the attacker. If anything directs you to “fix” your inbox by adding filters or rules, it is almost certainly fraudulent.
What attackers try to do with filters:
Hide password-reset warnings
Delete security notifications
Forward all mail to themselves without your knowledge
Auto-archive messages from legitimate services
We can help you review your email safely:
Detect unauthorized filters and forwarding rules
Check for compromised login sessions
Identify connected third-party apps you didn’t approve
Secure your account with MFA and proper recovery options
If anything feels “off” with your inbox — missing emails, strange behavior, or unexpected login prompts — bring it in for a checkup. Email compromise often happens silently, and early detection matters.
Home network & Wi-Fi security
Your home Wi-Fi is the entry point to every device on your network. If someone gains access—through a weak password, old router settings, or insecure features—they can intercept traffic, redirect your connections, or tamper with new devices as they join.
Recommended hardening steps:
Use WPA3 when available (WPA2 at minimum).
Change the default router admin password immediately.
Disable WPS (Wi-Fi Protected Setup) — it is insecure and can be brute-forced.
Keep your router’s firmware updated to patch vulnerabilities.
Create a separate guest network for IoT devices.
Rogue DHCP responses (local network interception)
When a new device connects to your Wi-Fi, it broadcasts a request for an IP address. If an attacker has already joined your network, they can reply faster than your router and assign:
a fake IP address,
a fake DNS server,
a fake default gateway.
This allows the attacker to reroute or monitor your traffic, perform man-in-the-middle attacks, or redirect you to fraudulent websites. This type of attack is called a rogue DHCP server or DHCP spoofing.
Rogue access points (false routers)
Attackers can also create fake Wi-Fi networks designed to look like yours. If you accidentally connect, they can intercept unencrypted traffic and manipulate DNS responses. Warning signs include duplicate network names, unexpected disconnects, or continual re-authentication prompts.
We can help you strengthen your home network:
Secure router configuration and firmware checks
WPA3 setup and password hardening
Detection of unauthorized devices and rogue access points
DNS hardening and safer network defaults
Network isolation for IoT devices
Securing your home Wi-Fi is one of the most effective ways to protect all the devices you rely on every day.
Password management & avoiding reuse
Weak or reused passwords are one of the most common causes of account compromise. When one website suffers a data breach, attackers try the same password on your email, banking, and social media accounts. This is why unique passwords are essential.
Guidelines:
Never reuse passwords — especially not for your email.
Use long, hard-to-guess passwords or passphrases.
Avoid personal details (birthdays, names, pets, addresses).
Turn on MFA for important accounts, especially email and banking.
Password managers
A password manager can create and store strong, unique passwords automatically. This dramatically improves your security while reducing the stress of remembering everything yourself. If you don’t want to use a password manager, consider using long passphrases and a few structured memory techniques.
We can help you choose a secure password manager, migrate your accounts safely, and strengthen your overall security posture.
Multi-Factor Authentication (MFA) & account recovery
Enabling MFA is one of the strongest steps you can take to protect your accounts. It prevents most forms of unauthorized access, even if your password is stolen. However, MFA is only effective if it’s set up correctly.
Best practices include:
Use an authenticator app (not SMS) whenever possible — SMS can be intercepted
Set up multiple MFA methods: authenticator app, recovery codes, and a backup device
Store your recovery codes offline in a safe place
Avoid using only your phone number for recovery — phone numbers can be ported or SIM-swapped
Review your account’s recovery email, phone number, and trusted devices periodically
Biometrics
Biometric authentication (fingerprint, face unlock) is convenient and secure for everyday use, but it should always be paired with strong MFA and proper recovery options. Biometrics are excellent second factors — but should not be your only line of defense.
We can help you configure MFA safely, check for insecure recovery settings, and lock down your accounts against takeover.
Back up your data
Any data you care about should be backed up in at least two places. There are numerous options for this including cloud backups, external SSDs, flash drives, ... . There are options for creating incremental snapshots of your entire system, or you can manually copy files, or something in between. We can handle the entire process for you.
Use a firewall
A firewall acts as a barrier to prevent unauthorized access to your device while connected to the internet, we advise you to make sure yours is enabled. Most operating systems come with a firewall installed, but often do not have it enabled by default. Historically, firewalls would often conflict with online games and other programs, however with modern technology this less common, if a conflict does arise we can configure your firewill to work for you.
Verify Programs
Don't run anything you don't trust, and always use official sources for your downloads. Be extremely cautious about running programs you download off the internet, and verify your downloads when possible.
Updates: Keeping up with security updates is important
Ideally you should check for and install security updates every time you use your computer. Vulnerabilities are often discovered and patched on a daily basis.
Power Off / Disconnect the Internet
Some malicious software can run in the background, and even wait until your computer is inactive to kick in. Disconnecting the internet is the most important first step if you think your computer has been infected. After disconnecting the internet, turn your computer off and bring it in for a full virus / malware removal.
Anti-Virus Software
It is a good idea to regularly scan your computer for viruses, and to use real-time detection services. If you use Windows, you can use Windows Defender, which is free and already built-in to Windows. There are good or better alternatives, but be cautious about which service you choose. It's best to try to avoid viruses in the first place rather than relying on virus scans.
Avoid http: Use https
Most browsers have an indicator immediately to the left of the address bar which tells you if a page is using http or https. Using http is not secure, and can leave you vulnerable to data-theft, man-in-the-middle attacks, and other cyber attacks. On the other hand, https is encrypted which makes it far less vulnerable.
