Security Check

Authored by: Support.com Tech Pro Team

1. SA - Gather Information

The Security Check process consists of the following steps:

  • Computer/browser malware check/removal
  • OS Automatic Update check
  • Router security check, including review of connected devices
  • Mobile device OS update check
  • Smart TV checks
  • Discussions around IoT devices and security best practices
  • Two Factor Authentication
  • Risks around online activities, including online shopping
  • ID Theft protection provided by our third party vendor
  • Any other recommendations from you, and a summary of actions performed on the call

Words That Work

“What I will be doing for you today is our "Security Check". This will take approximately 45 to 60 minutes. Now during our call, I will be checking your computer, router, and browser settings to ensure that all your systems are secure and meet your online needs. I will also provide you with best practices to stay safe online and to help prevent issues from occurring in the future. I will make sure that when we are done today, that you and your family feel safe, secure, and prepared for the future.”

At the start of the call, understand the customer's home environment and ask probing questions about the types of connected devices in the household:

  • Smartphones / tablets (Android/iOS)
  • Windows / OSX desktops, laptops
  • Smart TVs
  • Router(s)
  • Security camera(s)
  • Other IoT devices

Put this information in the session notes for later reference. 

Build trust by explaining the process to the customer. Explain why the security check is important, and most importantly, personalize the experience based on their needs.

Lifestyle Questions

We want to custom tailor this service based off of the customer's lifestyle and needs. Some steps of the Guided Path should be emphasized (or skipped) based entirely off of the customer's answers.

Here are some example probing questions to ask the customer, and associated actions that you can take to help the customer:

  • Do you have any children in your home? Would you like to learn about parental control features on your network?
  • Be sure to cover the topics under the Parental Controls step - how they work, what options are available for the customer, and the benefits and limitations of.
  • Do you have any security cameras or baby monitors?
  • Cover the importance of checking for software updates for these devices, as outlined in the IoT Discussion step.
  • Do you use the same password on different websites? How difficult do you think your password would be to guess?
  • Discuss best practices for password generation and usage. 
  • What are your concerns about protecting your information and security?
  • Tailor your actions based off of the customer's response, using trusted information sources and your own experience.
  • Do you do a lot of shopping online? Which websites?
  • Review best practices for shopping online at different websites using the information found in the "Online Risks' step, and tailor it to your interaction with the customer. 

 

2. SA - Malware Check

If the customer has a computer, use the following guided paths to check for malware. Then, return to this guide for the remainder of service delivery.

Launch Adware/Malware/Rootkit (Windows)

Launch Adware/Malware/Rootkit (macOS)

 

3. SA - Check for OS Updates

Ensure the customer's computers are receiving OS updates without any issues. It is not in scope to install updates.

Check for updates on Windows 10

Windows 10 updates are automatic. Ensure there are no issues running updates.

  1. Click Start, then Settings.
start settings
  1. Click Update & Security.
update and security
  1. Click Check for updates.
Check for updates
  1. If updates are found, they will download and install automatically.
windows update
  1. It is not within scope to apply Windows updates. We are only to ensure that the system is getting updates normally. Some updates require a reboot and take a long time to install.
restart now

Check for updates on a Mac

Any version of macOS 10.7 (Lion) or older can check for available updates through the Apple Menu and Software Updates.

Mac updates are automatic. Ensure there are no issues running updates.

  1. Click the Apple menu, then App Store.
app store
  1. Click Updates once the app store loads.
  2. macOS 10.13 High Sierra or earlier:
updates
  1. macOS 10.14 Mojave and later:
updates

Check for updates on a Chromebook

Chromebook updates are automatically done on startup. Ensure there are no issues running updates.

  1. Select the User menu by clicking your profile picture in the bottom-right corner.
User menu.
  1. Select Settings.
User menu with settings highlighted.
  1. Select the Menu in the top-left.
Top left corner of the settings screen with the menu icon highlighted.
  1. Select About Chrome OS or About Chromium OS on the bottom left of the menu.
Settings submenu with the about option highlighted at the bottom.
  1. Select Check For Updates.
About screen with check for updates highlighted.
  1. If the device is up-to-date, it will show here.
About screen with the up to date message highlighted.
  1. If there is an update pending, it'll ask to reboot.

4. SA - Router Check

Log in to the customer's routerUse a computer to log into the customer's router. If the customer does not have a computer, they may be able to access the router's settings via an app or web browser on their mobile device. If the customer is purely in an Apple ecosystem, it is highly recommended to use SeeSupport during service delivery in order to see what the customer is seeing.

Default router logins for the top router brands

The defaults can change from model to model. If the logins provided below do not work, look them up.

BrandDefault IP AddressDefault UsernameDefault Password3Comhttp://192.168.1.1adminadminArrishttp://192.168.0.1adminpasswordAsushttp://192.168.1.1adminadminBelkinhttp://192.168.2.1adminadminBenQhttp://192.168.1.1adminadminDigicomhttp://192.168.1.254adminadminD-Linkhttp://192.168.0.1adminno passwordLinksyshttp://192.168.1.1adminadminNetgearhttp://192.168.0.1adminpasswordSUNhttp://192.168.0.1adminadmin

Review the router's settings

  1. Firewall is enabled.
  2. Firmware is up-to-date.
  3. Ensure WPA2 encryption is being used.
  4. Change the router's default password (NOT the password to connect to the network). Explain to the customer the importance of this. Make sure they are able to store the password in a secure location.
  5. Check DNS settings to ensure no hijack has occurred.
  6. Check for open ports that might be used for malicious reasons.
  7. Ask the customer if they routinely have guests that use their Wi-Fi when they come over. If so, ask if they would like to configure and enable the Wi-Fi Guest network. This prevents the need to give out a more permanent password to someone. This keeps shared files, directories, libraries, drives, printers, and smart devices from being accessed by guests in the home.

Review the devices connected to the router

  1. While logged into the customer's router, review their attached devices with them.

attached devices

  1. In some routers, attached devices will be listed under the DHCP Table. 
  2. If the customer is unsure what a device is, you can usually find some sort of information about it by Googling part of its device name or network ID - E.G., I:MT8167B is a SoC used in Android tablets. 
  3. Some devices may retain their DHCP assignment and remain in the connected device list for weeks, even though they are not currently connected. If the customer is unable to identify the device, let them know it may be from a friend or family member who has recently visited and used the Wi-Fi network.
  4. Ensure that there are no unknown devices present.

5. SA - Check for Mobile Device Updates

Ensure the customer's smartphones and tablets are up-to-date.

Different devices may have different setting locations to check for updates; you may have to do a search for the right process based on the customer’s device type 

If the device loses power during an update, it can result in serious problems that would require servicing to fix. 

Check for updates on Android

Watch for any Android devices older than version 8.1 that also cannot upgrade any further. Inform the customer that continuing to use the device will carry security risks. They should consider purchasing a newer device which is still supported.

  1. Open Settings.
Android Settings.
  1. Scroll down and tap About.
Settings with About phone highlighted.
  1. Tap System update.
Status with System update highlighted.
  1. Tap Check for update. If an update is available, download and install it.
Updates with Check for update highlighted.

Check for updates on iOS (iPhone, iPad)

  1. Open Settings.
iOS Settings.
  1. Tap General.
iOS settings page with general highlighted.
  1. Tap Software Update. The device will search for updates.
iOS general settings with software update highlighted.
  1. If no update is available, it'll say "your software is up to date" below the current version.
iOS up to date software page.
  1. If an update is available, tap Download and Install. If prompted, have the customer type in the passcode.
iOS update display.

6. SA - Smart TV Check

If the customer has any Smart TVs in the home, speak to them of the importance of having the latest updates installed. 

Do not walk the customer through the update process itself. Rather, let them know that they will receive an email after the service is completed with links on how to update the most popular brands of Smart TVs.

Talking points

  • Updates are required to patch security threats:
  • A recent Consumer Reports investigation found that millions of Samsung TVs could potentially be controlled by hackers exploiting easy-to-find security flaws. These risks include allowing hackers to change TV channels, turn up the volume, play unwanted YouTube videos, or disconnect the TV from its Wi-Fi connection. Samsung has since addressed the problem with firmware updates.
  • Especially important if the TV has a built-in camera or microphone for Digital Assistant integration (Alexa, Google, etc).

7. SA - IoT Discussion

Ask the customer if they have any common IoT devices in their home (smart lights, heating/thermostats, security camera, Wi-Fi baby monitors, locks, etc).

  • Inform the customer that while some devices will automatically update, many do not. The customer should check their smart device's companion apps regularly to see if their devices are up to date. Assist the customer with this if needed.
  • Why is this important? Depending on the device, it may be vulnerable to hijacking. Most often, the customer will not have any idea this has happened. Some threats include but are not limited to:
  • Manufacturers who use the same default password for every device sent out. This is usually done as a way to cut production line time down, but can ultimately result in the device being hijacked and turned into part of a botnet.
  • Personal information being transmitted on the network can be intercepted and transmitted to a remote server.
  • Home invasion - hackers can potentially listen in on and watch activity inside the home via security and baby monitor cameras.

Words That Work

  • "It can be difficult to find the right kind of device with so many different manufacturers and websites out there. We always recommend getting devices from well known manufacturers with a good reputation."

  • "If you have a smart camera like a baby monitor or a security camera and it doesn't give you the option to change the default username and password to access the live stream, then it is probably not a device that you can trust."

8. SA - Parental Control Discussion

Ask the customer if they have any children in the home and would like an overview of carental controls. If they do not, skip this step. 

There are multiple ways of applying parental controls to connected devices.

What parental controls can help with

  • Time limits
  • Monitoring and tracking
  • Content limits

Words That Work

  • "None of these are perfect solutions and you'll likely need to use multiple methods to be effective. They are a set of rules that you can put into place, and children will find ways around them eventually."

Where parental controls work

There are multiple 'levels' or 'places' you can enact parental controls, and what each can provide varies wildly depending on the hardware and software being used.

Network Level

Network Level Parental Controls

Network level parental controls would be set usually on your home Internet connection's router, and apply to all computers and devices in your home. These depend heavily on what your router manufacturer has made available, and only apply to devices inside your home. Your child's smartphone while they are at school, for example, would be unaffected.

Device Level

Device Level Parental Controls

These apply only to the device itself. While dependent on what kind of device is in use, they will apply no matter where the device is, or what kind of connection is being used.

Application Level

Application Level Parental Controls

These apply to the application or platform in use. For example, a specific web browser or a specific video streaming platform. Nothing else is affected.

Inform the customer that they will receive an email after the service is completed with step by step guides on how to set up parental controls on different devices, including routers, PCs, TVs, gaming consoles, tablets, streaming devices and more.

Content Monitoring Apps

Content monitoring apps allow parents to monitor text messages, emails, and social media for undesired activity and can alert parents to activities in a multitude of ways. They also generally allow parents to control internet access on their child's device, and manage what kind of sites they can visit. Some parents may prefer to take a softer approach by only being alerted to issues without locking down their child's device. This creates opportunities to have open and honest discussions about their online activities. Many content monitoring apps allow this, as well as full lockdown if needed.

If the customer is looking for recommendations on which apps to use, Bark, Net Nanny, and Qustodio all offer comparable features at similar price points.

9. SA - Two Factor Authentication Discussion

Ask the customer if they have two factor authentication set up on their online accounts. Two factor authentication acts as a second layer of security and helps to keep their accounts safe.

The steps for setting up two factor authentication differ depending on the service. Inform the customer that they will receive an email after the service is completed with step by step guides on how to set up two factor on the most popular online services (Google, iCloud, Facebook). 

Words that work

  • "Two step verification or authentication is a method of confirming your identity by using not just a password, but also a second method like a PIN number sent as a text message to your phone to confirm that it's you who is trying to log into an account."

10. SA - Online Risks Discussions

Now is a good time to have a discussion with the customer about their online habits and to bring up some risks associated with some online activities.

Do not read all of the text below to the customer. Tailor your response based off of the customer's online habits and the sites which they regularly use, and use the Words that Work below as solid speaking points. 

Passwords

  • Use a strong password.
  • Don't reuse the same password on every site.

Words that work

  • "When it comes to passwords, longer is better. Programs exist that can guess thousands of passwords a second. The longer your password, the longer it would take to guess. It takes exponentially longer to guess a password for each character."

    ExampleGood:Ceiling2Wall3Chair#Floor7Bad:Office1
  • "Using a more complicated password makes it harder to guess, as well as creating a much larger 'search space' for password cracking programs."

    ExampleGood:OfF1c3xq%tpBad:Office1

Password managers

Recommend that the customer adopts using a password manager for doing things like generating and storing saved passwords. If the customer would like recommendations, you can mention the following:

  • LastPass
  • Keeper
  • 1Password
  • Roboform
  • Google Chrome (built-in)
  • iCloud Keychain

Words that work

  • "If the idea of having to keep track of multiple passwords seems daunting, we recommend using a Password Manager that can generate, keep track of, and auto-fill your login information for every site you use, every time, on any device." 

Inform the customer that we will be sending them Guides on how to do this after the service has been completed.

Online shopping

Ask the customer which sites they tend to use for online shopping. Customize the information you give them based off of available site information.

Words that work

Amazon

"Look for "Ships from and sold by Amazon.com" on the product listing, usually found below the "Add to Cart" button if you want to ensure that you have the safest purchasing experience."

"If purchasing from a third party seller through the Amazon website, click on the name of the seller to see their rating. We recommend purchasing products from sellers who have at least a 90% positive score."

eBay

"If you are making an expensive purchase of a used item on eBay (electronics, musical instruments, etc), do your research and compare photos of the product in the listing with photos of known good copies of it. When in doubt, attempt to have the seller provide some kind of proof that the product is not a counterfeit (especially if the price seems too good to be true!). Usually, sellers are just looking to quickly turn around a product and may not even be aware that the product in question could be a counterfeit."

"Always review Seller Feedback before buying an item. This will give you a good indication if the seller is reputable. Generally, eBay will always side with the buyer when a dispute is filed, so that also provides another layer of protection for you. Review to see if the seller has sold similar items in the past."

"Try to avoid making transactions with individuals in foreign countries, especially those known to harbor cyber criminals."

Craigslist / Facebook Marketplace

"When selling an item in-person, do not accept cash as payment. This is a very common way for sellers to get scammed. Counterfeit money is relatively easy to test for, but not everyone has testing tools ready. You also risk offending the buyer by using them. Using services like PayPal or Venmo provides a certain degree of protection that will keep scammers away."

"When exchanging an item, it's always a good idea to find and utilize a public area within your local community which is safe and monitored by security."

General Safety

"If a seller on any third party website contacts you directly asking for your credit card number after the sale, this could be a possible attempt at fraud. Your credit card number is never fully exposed to any seller and they should never have to ask for it."

"Never speak your credit card number to any individual, nor type it in manually into someone's smartphone."

"If you receive a suspicious email claiming to be from Amazon/eBay/etc, do not click on any links from that email. Simply tag it as spam in your email and move on."

11. SA - ID Theft Signup

This is a summary of the features included with the ID Theft Protection service that is bundled along with this service. Review these features with the customer to ensure that they have a clear understanding of the product.

  • Monitor
  • Dark Web and Credit monitoring to alert you if your data has been leaked or you are under attack
  • Restore
  • If Prevention and Monitoring are not enough, you have someone to assist you in restoring your identity and be your advocate in restoring stolen funds.
  • ID Theft Insurance
  • Compensation for lost wages, out of pocket expenses, and funds not reclaimed.

Below is a table detailing the features above.

Category

Feature

Detail

Monitor

Dark Web Monitoring

Social Security Number Monitoring

Bank Account Number Monitoring

Credit Card Account Number Monitoring

Debit Card Account Number Monitoring

Driver's License Monitoring

eMail address  Monitoring

Medical Insurance ID Monitoring

Passport Number Monitoring

Phone Number Monitoring

Identity Threat Alerts

Junk Mail Opt-Out

Medical ID Fraud Protection

Mobile App

Credit

Single bureau credit Monitoring

Recover

24/7 U.S. Customer Support

Fully Managed White Glove Restoration

Lost Wallet Assistance

Identity Theft Insurance

$1 Million

FAQ

What do I need to do to activate my Identity Theft Protection?

Once you completed your purchase of “Support + Security”, your Identity Theft Protection account was created.  Log into your ID Theft Protection portal to confirm the information is correct.  It is highly recommended you enable credit monitoring.  You may also enter additional identifying information, such as passport or credit card numbers that you would like to monitor.

How do I access my Identity Theft portal?

Log into Tech Solutions and navigate to My Account.  Scroll down to Identity Theft Protection and click on the portal link. (or look for welcome email from when you signed up)

How do I add my spouse or children?

You can enter family member in your Identity Theft Portal by going to Manage Account and scrolling to the Protection Plan section

How do I take advantage of the junk mail opt-out?

Call the phone number in your Identity Theft portal

What if I don’t feel comfortable entering my social security, passport or bank account numbers in my IdentityTheft portal?

The info you enter into the portal is stored encrypted.  Nevertheless, you do NOT need to share these details to benefit from Identity Theft Protection.  

At a minimum, log into your ID Theft portal and confirm your name, address, email are correct and provide your social security number.  This information allows for basic dark web and credit monitoring and also to enjoy full restoration services if you ever experience an identity theft event. 

Should you elect not to activate your proactive monitoring you will still be covered with the insurance and white glove restoration in case of an identity theft incident.

Passport number, medical records, credit card numbers, bank accounts allow for additional monitoring and activity alerting.  Only enter them if you want the additional monitoring and protection.

Who is providing the IdentityTheft Protection?

Support.com has partnered with IdentityForce, a leading provider in Identity Protection and restoration for over 40 years with a 100% recovery success rate in stolen identity-related events

12. SA - SAS Setup

Customers who have purchased a TechSolutions plan that is eligible for a bundled copy of SuperAntiSpyware (SAS) will see the software listed in their My Account section of the support.com website.

Screenshot of Support.com Website

Clicking details will show them the current key that is generated, or if a key is not generated, there will be a button to do so, as below:

Generate Registration code page and button

If the customer wishes to install the software, show them how to get to the download and registration code page on the website after they have logged in.

Do not install and set up SAS for the customer. 

 

13. SA - Followup Recommendations

If you have any additional information or recommendations to pass along to the customer, do so now.

14. SA - Email Summary and Closing

Inform the customer that they will receive an email that details everything that was discussed today, as well as several useful Guided Paths that can help them along with online security.

Words That Work

“Now, what is going to happen next is that you will receive an email that will contain a summary of what was checked and reviewed today, links to get started with SUPERAntiSpyware and IdentityForce, as well as several useful Guided Paths that can help them with online security.”

"Ensuring that you are highly satisfied is the most important part of our conversation today. So, before I let you continue with your day, is there anything else I can help you with?"

 

This is an example of the email that the customer will receive, should the customer have any questions about its contents 

 

Security Check Summary Report

Purpose: this email will be sent to the customer WHEN
the agent completes service delivery of the Security Check.

With the red text removed, this is also the summary report hosted on the website.

Subject Line: Security Check Summary Report

Hi <first name>,

Thank you for completing your 1:1 Security Check with your Tech Pro security expert.

Here’s what we checked and reviewed with you:

[NOTE: Table is a placeholder for a nicer html table]

Computer OS (operating system) security check
Checked that operating system is up to date, malware is not running on the system, and (for Windows machines)  antivirus is enabled.

Computer Browser check 

Checked browser settings for issues, that default search engine, plugins and extensions are legitimate, and that the browser has not been hijacked.

Router check

Checked that firewall settings are appropriate for your environment, firmware is up to date, traffic is encrypted, there are no unknown devices connected to the network, and DNS settings have not been changed to redirect your traffic through an unknown third party. 

Smart Phone update check

Checked that your smartphone is up-to-date.

Keeping smart devices and TVs up-to-date

Discussed the importance of keeping smart devices up to date including  updating any smart TVs.

Parental control and monitoring options

Discussed how to filter content for younger children and monitor online behavior of older children if relevant

Using two factor authentication

Discussed how to improve the security of your online accounts with two factor authentication.

Security and Online Safety

Discussed setting strong passwords and benefits of a password manager.

Staying safe while shopping online

Discussed how to stay safe and avoid scams while shopping online from top ecommerce sites such as Amazon and eBay.

Special categories that present online risks

Discussed online habits, such as downloading pirated movies, that present a higher level of risk if relevant to your usage.

ID Theft Protection
Your subscription includes an ID Theft protection family plan with dark web monitoring, white glove restoration, $1 Million insurance, and more.

SUPERAntispyware (Windows)

Your subscription includes a FREE copy of the Pro X edition for this leading malware scanner as an additional layer of protection to antivirus.

What’s next?

  1. Follow-up on any recommendations from the TechPro
  2. For Windows users, keep SUPERAntispyware running in the background to guard against future malware infection.  Download your FREE copy of the Pro Edition from your support.com account page. You will find it under “Bundled Software”.
  3. Monitor your identity theft protection alerts. If you have not already done so, complete your account setup and profile in your Identity Theft Protection portal:  https://secure.identityforce.com/memberArea  

Below is a select set of Guided Path® articles explaining steps you can take to continue to keep your devices, you, and your family safe online. 

[NOTE TO DESIGNER: All links should be embedded as below]

  1. Computer OS (operating system) security check
  1. How to Keep Windows Secure
  2. How to Prevent Malware on a Windows PC
  3. How to Get a Mac as Secure as Possible
  4. How to Prevent Malware on a Mac
  5. How to Keep a Chromebook Secure
  1. Smart Phones
  1. How to Keep an Android Phone or Tablet Secure
  2. How to Secure an iPhone, iPad, or iPod Touch
  3. How to Prevent Malware on an Android Phone or Tablet
  4. How to Prevent Malware on iPhone, iPad or iPod Touch
  1. Keeping smart devices and TVs up-to-date
  1. How to update an LG Smart TV
  2. How to update a Panasonic Smart TV
  3. How to update a Samsung Smart TV
  4. How to update a Sony Smart TV
  5. How to update a Vizio Smart TV
  1. Parental control and monitoring options
  1. How Parental Controls Work
  1. Using two factor authentication to improve your account security
  1. How to Set Up Two-Factor Authentication on Facebook
  2. How to Set Up Two-Factor Authentication for Apple ID
  3. How to Turn On Two-Step Verification Google Account
  1. Security and Online Safety
  1. How to Tell if Email Attachments are Safe or a Virus
  2. How to Stop Email Scams, Spam and Phishing
  1. Staying safe while shopping online
  1. Top eBay Marketplace Scams to Be Aware Of
  2. Top Facebook Marketplace Scams to Be Aware Of
  3. Top Craigslist Scams to Be Aware Of
  1. Special categories that present online risks
  1. Is Online Gambling Safe and What to Avoid?
  2. Is It Safe to Pirate Movies, Music, Books and Apps?
  3. How to Keep Personal Information Safe Online
  4. How to Avoid Online Scams
  1. ID Theft Protection discussion
  2. SUPERAntispyware benefits for Windows

You can also find many of the Guided Paths above and more at:
Complete Guide to Online Safety, Phishing and Scams

Hold on to this email so you can come back to this information. Give us a call at 1-833-202-2695 anytime you have questions or need advice.

The TechSolutions Team

Guided Paths® is a registered trademark of Support.com

<END OF REPORT AND EMAIL>

--------

NOTES: 

Blue font = links to GPs once published

Red Font = email only

  1. Are Password Managers Safe?
  2. How to Avoid Online Scams
  3. How to Create a Strong Password You Can Remember
  4. How to Create, Store and Manage Passwords Securely
  5. How to Keep Personal Information Safe Online
  6. How to Prevent Spectre and Meltdown CPU Flaw Attack
  7. How to Secure Zoom and Stop Zoom-bombing
  8. How to Set Up Two-Factor Authentication for Apple ID
  9. How to Set Up Two-Factor Authentication on Facebook
  10. How to Stop Email Scams, Spam and Phishing
  11. How to Tell if Email Attachments are Safe or a Virus
  12. How to Test Out Zoom Audio Settings
  13. How to Test Zoom Audio and Video Settings
  14. Is It Safe to Pirate Movies, Music, Books, and Apps?
  15. Is Online Gambling Safe and What to Avoid?
  16. Top Craigslist Scams to Be Aware Of
  17. Top eBay Marketplace Scams to Be Aware Of
  18. Top Facebook Marketplace Scams to Be Aware Of
  19. Troubleshoot Zoom Audio Not Working
  20. Troubleshoot Zoom Video Not Working
  21. What is Two-Step Verification? (2FA, TFA, 2SV, MFA)
  22. How to Set Up Google Family Link Parental Controls
  23. Complete Guide to Online Safety, Phishing, and Scams
  24. What is Identity Theft and How to Recover from It
  25. What Parental Controls are Available on Apple Devices
  26. Protect and Recover an Amazon, eBay, or Etsy Account