Staying Safe

The most common type of attack these days is called "phishing" and it relies on employees simply providing sensitive data because they were tricked into doing so.

STEP 1 - Reporting

Reporting Phishing

If you encounter a phishing attempt you should first report it to your IT administrators. Most email providers also allow users to report suspicious email and phishing scams. The instructions below are for Gmail. Reporting a suspicious message will prevent that user from sending you email, and Google will also use the report to help thwart future attacks.

Report a phishing attempt:

  1. When viewing the suspicious email, click the drop-down arrow next to "reply"

  2. Select Report Phishing

  3. Click Report Message

See more Gmail phishing documentation from the links below.

STEP 2 - 2-Step Verification

Turn on 2-Step Verification on your Google account.

Most people only have one layer – their password – to protect their account. With 2-Step Verification, if a bad guy hacks through your password layer, they'll still need your phone or Security Key to get into your account.

How to enable 2-step authentication

Using strong and unique passwords is an easy step to protect yourself and your employer from hackers.

Step 3 - Strong Password

Creating a strong password.

Passwords protect all of your personal and corporate data on the web.

Using strong and unique passwords is an easy step to protect yourself and your employer from hackers.

Best Practices:

  1. Use unique passwords that you can remember

  2. Use a mix of letters, numbers and symbols

  3. Do not use common, easily guessed passwords

  4. Do not user personal info in passwords

  5. Never send passwords over email or text message

  6. Do not write your password where others could see it

  7. Do not use the same password for multiple websites

  8. Use 2-step verification for every website when available

  9. Change your password often

  10. Make sure password recovery options are up-to-date and secure

Step 4 - Password Management

Keeping your password safe.

Add the Password Alert Chrome extension. Click here and select the Add to Chrome button.

Password Alert is a Chrome extension that helps users avoid phishing attacks by detecting when they enter their Google password into any web sites other than the Google Sign in page:

Managing all of your passwords:

Use the built-in password management in the Chrome web browser, or use a dedicated password manager like LastPass, Dashlane, or 1Password.

Step 5 - Secure your Devices

Set a device pin on your smart phone.

Here are Android and iPhone instructions for setting a screen lock passcode.

Step 6 - Security Checkup

Complete the Security Checkup.

Sign into your account and go to


You have completed the Security Checklist!

More Tips and Tricks for Staying Safe