Technology surrounding the Internet is constantly evolving. Many programs that helped allow the Internet expand and become what it is today are still in use. They stay relevant by issuing updates that often bring more functionality while meeting the evolving needs of Web developers and users. One program, however, has had a number of security issues in the past year that have prompted experts and government departments to recommend that users disable it.

That program is Java - a programming language and application that allows developers to create web applications, and users to view much of the visual content and animations on the Internet. The problem isn't with the programming language per se, but with the application developed by Oracle Systems.

Oracle released an update to Java - Java 7, Update 10 - in December, but it was found to have some serious security flaws. These issues were quickly spotted by hacker groups who released exploit kits - software making it easy to exploit Java 7's security weaknesses - giving them full security privileges. This exposed any computer running Java 7 to potential malware and attack. Because Java runs at the browser level, every OS could be targeted. To make matters worse, 30 security flaws were patched back in September, after nearly 1 billion computers were found to be at risk.

It's this string of security red flags that had the US Department of Homeland Security issue a warning that users should disable Java on their browsers. In response to this, Oracle updated Java again,  to Java 7, Update 11 on January 12, and noted that the security flaw had been fixed. Many experts, including those at the Department of Homeland Security, aren't convinced though, and are still suggesting that users disable Java because new vulnerabilities will likely be discovered.

How do I disable Java? Chrome users

1. Open Chrome and enter Chrome://plugins/ in a blank tab's URL bar.
2. Find Java (TM).
3. Click Disable.
4. Restart Chrome.

Firefox users

1. Open Firefox and click Tools from the menu bar at the top of the screen.
2. Select Add-ons followed by Plugins.
3. Find the Java plug-in, it's usually called Java Applet Plug-in (Mac) or Java(TM) (Windows) and click Disable.
4. Close and restart Firefox.

Safari users

1. Open Safari and click File followed by Preferences.
2. Click the Security tab.
3. Uncheck the box that says Enable Java.
4. Close and restart Safari.

Internet Explorer users There is no way for you to disable Java in the browser, you will instead have to completely disable Java from your computer. This can be done by following the steps on the Java website.

If you do disable Java, some websites will no longer work. This can be a bit of an annoyance, but in all honesty, security of your systems is more important, not to mention the potential costs of dealing with a massive malware infection. Besides that, many websites no longer use Java, so you can probably get by without it. At the very least, we recommend you go download the latest update from the Java website and apply it to all computers.

One issue that we need to be clear on is that these security flaws are part of the Java plug-in. You may see something called JavaScript. While the name sounds similar, they are different. JavaScript is largely used in HTML documents, and allows them to function, and is secure. If you do run across it, it's best to leave the script alone.

If you would like to learn more about this update, you can visit an excellent FAQ here. Before you do update, or disable Java, we recommend you contact us. We can help advise you on what steps to take next if you use Java.

Social engineering - the act of manipulating people into giving up confidential information - has long been a threat to businesses. One of the more common social engineering tricks, in terms of IT, is scammers posing as Windows technicians who call Windows users and try to trick them into believing their computers have viruses and that they need to pay to have the problem fixed. Have you had these calls?

These scams have long been a part of the Windows environment. Despite users being fully aware of these attacks, some people still falling into the trap.

These deceptions generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft. The scammer usually tells you that they need to renew their software protection licenses to keep their computer running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails, the goal being to gain the trust of the user. Once trust is established, or the user seems interested enough, the scammer will offer a seeming sweet deal: They will offer a service that will make your computer run like new, usually for a seemingly reasonable price.

The scammer will then use remote PC support software to show you 'problems' your computer is having. They will usually show you the Windows Event Viewer - a part of the OS that shows errors, usually harmless, that your computer has generated. The scammer will then convince the user that these errors are harmful, and if you have paid, they will make it look like they are cleaning your computer.

If you give them your credit card number, you will likely see ridiculous charges, or even have people trying to access your accounts.

What's being done? Governments are aware of this increasingly common trend, and some organizations, like the FTC, have taken measures to shut down scammers. This article from ars technica gives a good overview of what exactly the FTC is doing, while another article provides a first-hand account of how the scammers operate.

What can we do? While action is being taken, these scams are still continuing. From what we can tell, they likely won't stop in the near future. To ensure you don't fall prey to this trickery, these five tips should help you identify when an attempted scam is at play:

1. Microsoft doesn't call people.
2. Windows Event Manager is a log of errors for ALL programs.
3. Microsoft employees will never ask for your passwords.
4. Most of these scammers operate out of call centers in India, but bill from the US.
5. Microsoft employees won't usually ask you to install software that's not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it's likely not genuine. If these criminals provide you with a website, do a quick Google search to see if there have been any scam reports. You can also join the No-Call Registry if you are in the United States. To learn more about these scams, please contact us.

Security of a company's network and systems is big business. After all, you don't want your sensitive important information shared or stolen. While you take steps to ensure your systems are secure, there is one area you can't really control: social media. Hackers aren't stupid, and they have taken to these services in droves, looking to take advantage of unwary employees. It's important to develop a policy that educates your employees on ensuring that their use of social media at the office supports a secure organization.

Here are five things you should integrate in a social media policy to ensure social media is conducted in a secure manner.

• Log in using HTTPS - HTTPS is a type of transfer protocol that ensures the data is transferred in a more secure manner between networks. Many websites like Facebook, Google, etc. support HTTPS, and you should ensure that you use it. To use HTTPS, you simply put an S at the end of the usual http address in the URL bar of your browser. I.e., https://facebook.com will open a more secure version of Facebook. By using HTTPS you can eliminate Man-in-the-Middle attacks and other similar types of phishing.
• Don't share personal information - This might seem like a no-brainer to some, but there are still users out there who love to share their personal information. It's important to remember that social media is all about being social. Most information you share can be viewed by others. The last thing you want is a hacker getting a hold of all of your contact info, etc. It's a good idea to limit your contact information and never give it out over social media.
• Update privacy settings - Social media sites, and the companies who run them, love to tinker with security settings on a fairly regular basis. This has led to a number of users being caught unaware of their security settings. It's a good idea to ensure that all of your profile information is private.
• Watch what you click on - Take a look at any service and you'll notice that the vast majority of content contains links. This is where hackers are starting to target, by placing malicious software connected to links, or hijacking accounts and sending links to users to get them to click on them. Tactics like these need to be highlighted, and you should tell your employees not to click on any suspicious links. If they receive links from friends that seem uncharacteristic, it's a good idea to not click on them.
• If you don't know them, they aren't your friend - Yes, social media is about connecting with people. However, when it comes to personal accounts, you should encourage your employees to be judicious in who they connect with. In general, if they don't know the person who has just tried to add them to their network then it's advisable not to do so.

The five tips above are just a few things you should include in a social media use policy in the office. It's important to have a solid policy if you want to ensure that your network and data remain safe from potential threats from social media. Looking to learn more about safety and security of your networks? Contact us, we may be able to help.

A common expectation of the younger generation entering the workforce is that the technology they use is unrestricted. They want to be able to access social networks, YouTube and personalize their systems by downloading favorite apps, backgrounds, etc. Many companies have obliged and just give all users administrative access to their computers. A recent survey however, has highlighted that this could create real problems.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don't know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it's highly likely that many managers don't know who has what access rights to computers.

The survey also found that 20% of all respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don't.

Is this a big deal? One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won't spread to other systems in the network without direct transmission. Similarly, if a user can't install programs because they lack the administration privileges, malware, for the most part, won't be downloaded and installed.

If a user with full administrative privileges and downloads a piece of malware, chances are high that they won't even notice it's been installed and it will be transmitted to other systems with ease. In fact, one of the main ways hackers gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it and then follow the chain up to more vital network systems.

What can we do? While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don't need administrative access privileges.

If this sounds like a chore, it's a good idea to work with a service provider who can help determine not only the type of access employees should have, but also the appropriate security and management that's needed to ensure a more secure organization. If you're unsure of who has access to what, please contact us, we may be able to help.

One of the more ubiquitous devices of the modern era is the smartphone. We can do nearly everything on it, and as such it has played a large part in the blurring of the lines between work and life. While this is good for many businesses, many of these devices are largely unsecured, which can lead to problems, especially if the unsecured data is actually sensitive company information. One way to secure devices is through the use of encryption.

Encryption is not a new concept, it's probably been used since the inception of communication. In standard terms it's the conversion of data into a form that can't be easily understood by unauthorized people. This form is commonly referred to as a ciphertext, or more commonly a cipher. Some people will call this a code, as codes are the same idea. Only the form is not meant to be secure and can be understood by other people e.g., binary code, Morse code, etc.

When data is encrypted, it can be sent to recipients, usually using normal transmission methods e.g., Internet or data connections. Upon receipt of the encrypted data, it needs to be decrypted (changed back to normal data). Decryption on mobile, and most computerized devices, is done using a key. This key is an algorithm that can understand both the encryption and normal data. It takes the encrypted data and essentially translates it to a form of data we can read or interact with.

Many businesses go to great lengths to ensure their data is encrypted both within the network, when sent amongst the network, or to trusted recipients outside the network. In a perfect world, all of your connection points - devices that connect to the network - would be secure. In the real world, employees using mobile devices that are unencrypted to store data or access company systems pose a big risk.

Take for example the CEO checking his work email on his own iDevice. Any emails sent between the company's email server and the phone's email program will usually be encrypted. However, when an attachment is opened with confidential news about an upcoming merger, a copy is usually downloaded onto the phone's memory. If the boss hasn't taken steps to encrypt the mobile device's memory, and the phone is lost then someone picking up the phone could turn it on and see this information. If the user can understand the information, they could create a ton of trouble for both companies involved.

Another scenario, one that's becoming more popular, is where the company's accountant has visited one of the increasingly popular drive-by-malware sites and malware has been installed on an unencrypted phone. The accountant might open work emails and download next quarter's financial projections, along with a document containing the password to a newly reset work account. The phone's memory is unencrypted, so the hacker who monitors the malware can come along and grab the information. Now, not only does the hacker have access to the system - through the password - they also have confidential numbers a competitor would likely pay a handsome sum for.

While these situations may seem extreme, they can and have happened. The risks can be minimized though. While the obvious answer to problems like this is to simply bar employees from accessing work systems from mobile devices, this solution runs counter to the way most people work, and will likely be largely ignored by nearly everyone.

The best solution lies in a mixture of different approaches, all centered around a solid mobile device usage plan. You should take steps to first figure out when your employees access office systems using a mobile device, why they are doing this and what are they accessing. From there it's a good idea to look into security options, vendors like us can help you with this step. It's also beneficial to establish a use policy that dictates when devices can and can't be used. Also, utilizing apps to encrypt memory on phones will help. At the very least, it's a good idea to encourage your employees to use a password on their phone.

Mobile device encryption should be an important part of your company's security plan. If you'd like to learn more, or implement a security system please contact us as we may have a solution that meets your needs.

Spam can be a number of things. The original being canned spiced ham developed by Hormel in the 1930s. Due to food rationing in Britain during the Second World War, Spam became a popular menu item, so much so that it seemed to be everywhere, in every dish, whether you liked it or not. When the Internet was created and people started using email, we started getting emails that we didn't want, these came to be known as spam.

There are about a million different kinds of spam messages, here's nine of the most popular (in no particular order) and how to identify that they are spam:

• Emergency messages - These often come from family, or people on your contact list, usually asking you for money because they are stranded. While you may have relatives traveling, it's a good idea to reach out to them using other means of communication when you get an email like this. Be wary, especially if they don't want to give a phone number or exact location.
• Requests to update your account - These usually come in after a website has had a security breach. They almost always ask you to update contact information, and usually provide a link. Clicking this link will take you to a site that looks almost exactly the same as the real one, only this one usually has viruses or other malicious intent. If you ever get an email like this: Read the email and sender's email address carefully - they usually have spelling mistakes - and don't click any links. Instead, close and log out of your email, go to the website and log in.
• Requests for your password - Sometimes spammers don't even bother to set up elaborate websites, they'll just grab the company logo, make a fancy letterhead and send you an email, or message asking you for your password. This type of spam usually comes from scammers posing as representatives of a bank or credit card company. Never, ever reply with your password. Organizations do not ask for passwords over email.
• Obvious misspellings - Unless you work with people or companies with employees who aren't native English speakers, obvious misspellings in messages e.g., 'Here iS som3 FREE Stuffz', usually indicate the message is spam. If you're not sure, and know the sender, contact them. If you don't know the sender, or the sender has an email address like: pradaoutletonlinestore4u.comGliemATgmail.com, it's spam.
• Pleas for help - This is a tough one, we all want to help people, but when we receive pleas to help the poor starving hipsters of Manhattan, you have to be skeptical. Charities don't email you unless you put your name on a mailing list, or gave them your email when you last donated.
• Contest winner - The main rule here is: If you didn't enter the contest, you're not a winner, no matter how sweet the prize. The same goes for those spam pop-ups on some of the more adult oriented websites. You're not the 1,000,000th viewer and clicking on the link, or shooting the three ducks won't get you a free iPad. You will get more spam however, or a virus if you're a really good shot.
• Chain emails - These have been circling the globe more or less since the beginning of the Internet and have now made their way onto Facebook and other social networks. The vast majority of them are harmless, but, they are annoying. Think about it, you get one telling you to forward to 10 people or a cute, fluffy kitten will be shaved. If you forward it to 10 people, you're now the spammer. If you get emails like these, they are spam, just delete them.
• Messages in attachments - Be extra cautious with this one. If you get an email from any contact that says something along the line of, "Please see my message in this attachment," or has nothing at all in the body, it's pretty much guaranteed to be spam. That attachment is likely some malicious software. No organizations or companies will send you messages in an attachment, so when you get one, just delete it.
• Awesome deals - Contacted out of the blue by someone offering you an all inclusive ski trip to Steamboat Springs Colorado for just a dollar? Or how about an LV Handbag for just USD$10? These deals seem too good to be true, and what's the rule with things that seem too good to be true? They are. Just because it's in an email, or chat message doesn't mean it's real. If you get these, don't click on any links or even reply to the sender, just delete or ignore them.

There's one thing in common with nearly all forms of spam, messages usually contain links. If you're ever unsure about the link, hover your mouse over it for a few seconds, and your browser should tell you where the link will take you i.e., Chrome will display the address at the bottom of the window. If the link looks unfamiliar, or seems wrong, don't click it.

An important thing to be aware of is that Spam is unwanted, or unasked for. If you sign up for a daily newsletter, that's not spam, you agreed to allow the company to send you messages. Luckily, most of these have links you can press at the bottom of the message to unsubscribe. To learn more about spam, and how we can help you stop it, please contact us.

Open and unrestricted Internet access is one thing we consider to be a right, especially true for the younger generation who have grown up with it in their homes. Many have come to rely on the Internet both for work and day-to-day life. As such, they demand unrestricted Internet access at work, and many company bosses have obliged. Unbeknownst to them, however, there may be a risk associated with this.

Here's four potentially negative outcomes that can result from unrestricted Internet access.

Loss of productivity We live in a world where we are reliant on the Internet and the once clear line between work and life has blurred into more or less the same thing. When we're at work, it's often hard to resist the temptation of checking our email, personal Facebook accounts, or even the news. When we do this, we aren't focusing on work which could mean we are less productive as a result.

Legal liability The potential legal liabilities from improper use of the Internet while at work could lead to some serious legal implications. For example, over 27% of Fortune 500 companies have been accused of sexual harassment stemming from inappropriate emails sent by employees. To go one step further, in the US, the Supreme Court has ruled that companies can be held liable for their employees forwarding offensive or illegal material.

Reputation damage There are numerous cases where an employee has received an email and forwarded it to several other employees, who then in turn forward it on until it reaches someone who is unintentionally offended. It's made worse when this email is plastered with company branding and from a work email address. In serious cases word can leak to the media and the company’s reputation takes a serious hit.

Increased bandwidth consumption Websites like YouTube, or those with some sort of streaming media, can be bandwidth intensive. With services like these, you'll notice that anything that relies on an Internet connection runs slower. This alone will increase costs, especially if you rely on the Internet and need to purchase more than one connection to keep speeds where they should be.

With these four outcomes, it seems like the answer might be obvious: you should limit or block non-essential websites. Be warned however, younger generations entering the workforce have come to rely on and expect openness, and freedom of the Internet. Watch your typical Gen Y work, and they will use the Internet both for work and relaxation. Draconian blocking of sites could in fact bring about an even larger decrease in productivity in these Internet-hungry employees, as they either focus on finding ways to circumvent the block instead of working, or simply leave the company.

So, what is the best solution? The answer is one many companies have struggled with. The truth is, it's different for every company, but the one thing productive companies have in common is a policy on Internet use, combined with taking adequate steps in terms of security. Many tech companies allow free and open access to sites like Facebook in the belief that even if used for personal measures, the employee is spreading the word about the company. If you're not an expert in this, or would like some guidance, we are happy to help, so please get in touch.

Ahh phishing. We're not talking about the get up early, sit on a boat in the hot sun all day kind, we mean the more harmful social engineering kind. While this isn't new, it's a big issue, one many users are well aware. They dread finding themselves victims of a malicious attack on their systems. There are many ways to protect against catching something malicious, one of which is upgrading to Windows 8.

Below are three common security issues faced by all networks and how Windows 8 combats them.

Spear phishing Spear phishing is a form of social engineering conducted over email. If a hacker wants to access a system, they will often pose as a customer and either send an email with an attachment, or send this over IM. The attachment contains a virus or trojan horse which then gives the hacker access to any system that the 'attachment' is downloaded onto.

The main way Windows 8 prevents this is through Windows Defender. This is a full antivirus and malware solution that is based on the Microsoft Security Essentials platform. If you aren't currently working with a Managed Service Provider, or have decided to take on the migration in-house, Windows Defender can be a good device to protect you while you upgrade and before you implement other antivirus solutions, and is available on all versions of Windows 8.

Drive-by malware One way to infect a network is to post a link to a website or file that contains malware. When a person clicks on the link, the malware is installed, often without the user knowing. To combat this, Windows 8 has two features: SmartScreen and Secure Boot.

SmartScreen has two functions. It scans URL links typed into a browser. When a URL is entered that's known to contain malware, it blocks the user from accessing the website. While this isn't a new feature, reports have noted that this is the best URL scanner among any modern browser. The other function of SmartScreen is to scan files that have been downloaded for malicious software.

Many users know there is a similar feature on Windows 7, that notifies you that a file has been downloaded from the Internet when you open it, and gives you choices on what to do with it. SmartScreen improves on this, and takes an active role in notifying you about the security of downloaded items. SmartScreen is available on all versions of Windows 8.

Secure Boot on the other hand works on a far more basic level. Developed for use on motherboards using UEFI - Unified Extensible Firmware Interface, a new form of firmware which will replace the aging BIOS. It works by validating the digital signature of all boot components - software and hardware that starts during the bootup of a computer - to look for any tampering. If a disparity is found, Windows Recovery will start and attempt to fix the problem. This will help cut down on the number of Rootkits - malware that modifies an OS before it starts up. Secure Boot is available on Windows 8 Pro and Enterprise

Out-of-date devices connecting to network One of the more common trends in the past couple of years is employees wanting to bring their own devices to work (BYOD). While there are many benefits to this, a device that an employee brings in which isn't up to date, or already infected, could pose a huge security risk. One way IT can manage this is through an approved list of programs that can be centrally managed.

Windows 8 allows this through a feature called Applocker. Applocker is an application control program that allows an administrator to create either a white (allowed) or black (not allowed) list of apps users are allowed to download on a company controlled system. If you create a BYOD policy where an employee can bring in their own device, but have to connect through a virtualized desktop, managed by the company, this is a great way to ensure malicious apps and unapproved programs aren't downloaded and that company security is maintained. Applocker is available on Windows 8 Enterprise.

These are just a few of the common security issues faced by companies, and how Windows 8 can protect a network or system from them. If you're thinking of upgrading to Windows 8, please contact us.

Imagine having your phone, tablet and computer wiped, followed by email accounts hacked and deleted, taking with them nearly your whole digital life. This would be a devastating loss for anyone, but it happens on a fairly regular basis. In the past few months alone, there have been two similar instances, both involving Apple, that’s making users wonder just how safe and secure Apple’s and other companies’ products really are.

Here’s a brief overview of the two high profile Apple security breaches and seven steps you should take to prevent these from affecting you.

Mat Honan’s problem Mat Honan is a writer for Wired, who in early August had nearly his whole digital life wiped off the map. His article on Wired is a fantastic and scary read, we highly recommend it. To summarize, he had the majority of his website accounts linked together, with one account linked to many. Hackers were able to get into his iCloud account by taking advantage of Apple’s lax password reset.

To begin with, the hacker wanted to take Honan’s Twitter account. They noticed that he had a Gmail account linked to Twitter, and from there was able to find that an Apple account was linked to the Gmail account, as a secondary account. To get access to the Apple account, they reset the password, which requires a billing address and the last 4 digits of the card registered to that account. The card number came from hacking into Honan’s Amazon account, which shows the last 4 digits of the card.

From there, it was a simple step of resetting the Apple account and shortly thereafter the Gmail password, sending the Gmail reset to the registered Apple account address (the secondary address on the Gmail account). Once in control of the Gmail account, asking Twitter to reset the password using the Gmail account and Bob’s your uncle, the hacker had access to the Twitter account.

Apple UDID leaks In early September infamous hacker group Antisec, related to the hacker group Anonymous, released over 1 million Apple UDIDs. A UDID, Unique Device Identifier, is the code Apple applies to all devices to be able to identify them. Upon the release of the UDIDs, Antisec announced that they had come from a breached laptop, owned by the FBI, and that the FBI was using the UDIDs to track users.

While it’s not known exactly where the breach came from, security experts have been able to prove, to a 98% surety rate, that the UDIDs came from Blue Toad, an app developer that had a digital breach previous to the release of the UDIDs. Blue Toad’s CEO has come forward acknowledging the leak and noted that the company is sure the info came from them, and not the FBI.

While it can be alarming that UDID were out there, users can be assured that passwords were not exposed, as the UDID tends to store information like account name, phone number and address. Yes, contact information is out there, which might raise concerns,  but don’t kid yourself, this information, or most of it, is already readily available on the Internet anyway.

With these two, fairly serious incidents, iPhone users are right to be a little wary, and should be taking steps to insure their information is secure. Related to these two events, here’s seven steps you can take to minimize the chances of this happening to you:

• Unlink all essential accounts from one another.
• Set up an email account that’s only used for other account resets.
• Regularly back up all your devices onto a secure hard disk.
• Change your password regularly and use two-factor authentication if available.
• Don’t have the same username or password for all accounts.
• If the information isn’t necessary for your account don’t provide it.
• Delete and never store any credit card numbers.

If you have any questions or concerns about the security of your accounts or systems, please don’t hesitate to call us.

Peter Parker: a smarter than average high school student, often ostracised for being different, and more commonly known as Spider-Man. Spider-Man goes to extremes to protect his identity and if he had an email address in the modern age, he would ensure it wasn’t captured by web criminals. Do you channel Spider-Man and take the necessary steps to protect that which is important to you, namely your email address?

If you don't know a superhero who is watching over your email, here’s five things you can do to ensure your email address is properly protected.

Give your email a disguise Superheros often protect their identity through the use of a disguise. We’re not saying you need to dress up in spandex, go out and search for spammers/scammers to beat down, or prevent from getting your email. Instead, you should be aware of how scammers operate - largely by writing programs that search websites for email addresses - and disguise your email from this.

Many programs look for traditional emails like imthebatman@gmail.com, so to disguise your email, spell it out: imthebatmanATgmailDOTcom or, imthebatman(DELETETHIS)@gmailDOTcom. People are smart enough to figure out that the AT and DOT are actually @, . or to delete (DELETETHIS). You’d be surprised at how much this will cut down on spam.

Protect your email’s identity Aside for a disguise, superheroes will often go to great lengths to protect their identity. You should do the same with your email address. When signing up for a new service, forum, or anything that requires a username, don’t use your email as the username. If possible, don’t use your email address at all.

You should also read the Privacy Statements of all websites you have accounts with. Yes, there is lots of legal speak and they are long, but thats to get the user to scroll to the bottom of the document and hit accept. Look for clauses regarding your email, and note any companies that say they reserve the rights to sell your email to advertisers or aren’t held liable for stolen information, as you can ensure that your email will be spammed.

Beyond that, many websites allow you to hide your email address from other users. It’s highly recommended that you do this and an option to do so can usually be found in the Account Options or Account Security sections of your user profile on websites.

Don’t respond to flashy requests When a superhero is not out fighting crime, they’re off cultivating and maintaining their alter-ego. They hardly do anything outside of their normal character, and normally won’t respond to flashy requests for super luxury balls (unless you’re Bruce Wayne or Tony Stark of course). If you get an email that sounds too good to be true, such as announcing that you’ve won something spectacular, it’s a good idea to not open or respond to it, as chances are near 100% that it’s a scam or simply aimed at getting your email address or other information.

Get your email a side-kick Some superheroes have sidekicks that help them fight crime or solve mysteries. We recommend that you get your main email a sidekick and sign up for a separate email that you use for online shopping, forum registration and basically anything that’s non-work/family/friends related.

Take a picture of your email In numerous Spider-Man story arcs, Peter Parker is tasked with taking pictures of Spider-Man. Of course, being Spider-Man, all he has to do is take a picture of himself and people seem to be happy with that. As many spam programs don’t take information from pictures, it’s a good idea to make your email addresses into a picture that you place onto email signatures, or into the body of the email itself.

The easiest way to do this is open MS Paint, (if you have a windows machine), or an online image creator like pixlr and type your email address into the image, resize so it just fits the font and hit save. The best format to save it as is a .jpeg, as it can be easily read by Internet browsers and email programs. Most email programs will allow you to put an image into your signature, typically done under Settings.

You don’t have to be a superhero to protect your email, just take these precautionary steps and your important email addresses will be as safe as any superhero’s true identity. If you’d like to learn more about staying secure while surfing the Internet, please contact us, and we will come to your aid.