Cybersecurity

Practical steps to fortify your privacy and security.

Holiday Deals or
Holiday Deception?
How to Spot the Difference

The holiday season brings plenty of reasons to celebrate — but ‘tis also the season for cyber scams designed to take advantage of busy, distracted shoppers.

Watch Out: Sneaky Scams to Avoid

Fake Deals: From fake retail websites and misleading social media ads, these scams use convincing branding and “unbelievable” deals to lure shoppers, but the product never arrives — or the scammer steals your payment information.

"Your Package is Delayed!" Phishing: Be cautious of fake shipping and delivery notifications, sent via text or email, claiming a package is delayed or needs to be rescheduled. These messages often include links that install malware, steal credentials or capture personal information.

AI Scammers: The holiday rush fuels bot-driven fraud, especially around Black Friday and Cyber Monday. Scammers are increasingly using AI to personalize and enhance their schemes, making fraudulent messages appear more legitimate and tailored to your behavior, thereby increasing the likelihood that you’ll engage.

Be a Smart Shopper: Top 5 Holiday Shopping Tips

Trust Your Gut (and the Lock): Only shop with merchants you know. Always check for the "https://" and the padlock icon in the web address bar.

Go Official: Don't click links in unexpected delivery messages. Type the shipper's or retailer's official website address directly into your browser to check your tracking status.

Password Power-Up: Use a strong, unique password or passphrase for every account, and enable Multi-Factor Authentication (MFA) to secure your accounts.

Verify the Good: If you're feeling generous, use tools like Charity Navigator to ensure your donation is going to a legitimate, verified cause.

Wi-Fi Warning: Public Wi-Fi is a no-go for shopping! Save those purchases for when you are on a secure, private network.

Practice the Core Four to Stay Safe Online

Every October, Cybersecurity Awareness Month highlights the importance of protecting ourselves in an increasingly digital world. With so much of our personal and professional lives happening online, learning how to stay safe has never been more important. This year's focus is the Core 4 cybersecurity practices—proactive steps that anyone can take to improve their digital safety. Download our flyer.

Recognize and report phishing

Phishing emails are one of the most common tricks cybercriminals use to steal sensitive information like passwords, credit card numbers
or personal data.

When you report phishing emails, you're not just safeguarding yourself; you're also helping to protect our entire state network. Clicking the Report Suspicious button empowers our tools to detect and remove malicious content from your inbox and the inboxes of everyone else who received the same message.

Learn more about phishing.

Consider unique passphrases

Use passphrases such as - happyPuppies&slobberyWalksAretheBEST! for accounts you care more about, so if one account is compromised, your other accounts will not also be at risk. Passphrases are easier to remember than complex passwords and tougher for attackers to guess. Make sure to avoid personal information like your birthday, last name or home address.

Keep your software updated

Regularly updating your software is a simple and effective way to protect your devices. Updates and new features fix security vulnerabilities that attackers actively look to exploit. Updates don’t take effect until you restart your device. Follow these steps to ensure your computer stays secure.

Turn on multifactor authentication (MFA)

MFA is an extra layer of security. Instead of relying on just a password, MFA requires two or more ways to prove it’s really you. MFA usually combines:

Something you know – your password or PIN.
Something you have – a phone, security token, or code sent by text or app.
Something you are – biometrics like a fingerprint or facial recognition.

Simple Steps to a More Secure Computer

For State Employees

Connect to VPN and stay connected for at least a few hours every week.
Run a Sync in the Company Portal.
1. Click on the Start menu on your computer.
2. Click All to open all applications.
3. Open the Company Portal application.
4. Click on the Settings icon in the bottom left corner.
5. On the page that opens, click Sync. If you have not previously done so, you may need to sign in using your UPN (e.g., smithj@oit.state.co.us).