Another end to an informative awareness month and we hope we’ve given you at least a few more nuggets of knowledge and wisdom regarding your online habits and safety. Like we’ve made a point this month, you are the most important factor in keeping yourself and us secure by having those cybersmarts so come back and read through them, apply them, and stay safe out there. And remember, if you receive any dubious email, or feel you need to confirm a link or message is safe to use, please do not hesitate to reach out to us and we’ll be more than happy to help and advise you.

Throughout the past couple of weeks we have been driving the point that you are the first and best line of defense when it comes to your online safety and that of the institution. This was by design and to a very specific purpose, to point out that we are equally the weakest link as well as the most secure barrier against attacks and it is up to us to be vigilant against two of the most troubling types of attacks, Ransomware and Phishing.

Ransomware is a type of malware that restricts access to your files with the very real threat of permanent destruction of that data if the “ransom” is not paid. This type of attack has become so prevalent and effective that an attack is made every 11 seconds and the damage costs to business is expected to hit upwards of $20 billion annually by 2021. This is a staggering figure considering five years ago that damage cost was $325 million. Why is this? Don't we have multiple solutions to prevent or catch these problems before they become as bad as they are now? We do, to a certain extent, but it matters little how many doors are between the bad guy and your data, if it is you who gives them the keys to get in. Which brings us to Phishing

Phishing and other social engineering attacks are the best way for attackers to get the data and access they want. In short, it is an attack that relies on you helping the attacker get around the safety measures offered by technology. If the bad guy can convince you to open the door for them, why would they spend the time and effort to hack their way in? That’s why we need to be vigilant and prepared to recognize when we are being attacked. These are a few habits that can help us stay safer online. 

• Don't use administrative rights unless strictly necessary
• Keep your sensitive data backed up and current on multiple locations
• Make sure to update your devices
• Always be cautious of email links. Don't click unless you are sure they are safe. Attackers use urgency and your emotions to get you to lower your guard.
• Never use “Free” Wi-Fi

Some of these might sound familiar, and they are, we’ve covered them before, but they are all worth repeating. We suggest you come back to these every so often and get a refresher. Stay vigilant! When dealing with cyber threats you are the front line. Do Your Part. #BeCyberSmart.

The password talk does not get old. “123456”. Does this look familiar? We hope not. However it will look familiar to many across the world considering that it has held first place as the most common bad password three years in a row. Not to be outdone, “123456789” and “qwerty” have been fighting for that top spot. These round up the top 3 most commonly used passwords leaked by hackers.

To combat the password conundrum, let's think about an over engineered wall vs a medieval castle. Years ago, the approach was to have this impossibly complex password that needed to change constantly to keep you safe. That single over engineered wall of a password is not a great idea and it ends up with many just adding a “!” at the end every time the password needs to be changed. Now let’s look at that castle, the multi-layered approach of the moat, drawbridge, and inner gate.

A password manager, a good passphrase, and multi factor authentication compliment each other to stay safe online with your accounts and password. First, the moat, the password manager which can help you generate new passwords and store them without having to remember them all. Next the drawbridge, your actual password, a good quality passphrase, different for every account; you don't want a single password leak compromise all your accounts. Finally, always try and apply multi factor authentication whenever possible. That is the inner gate in your castle that finally lets you into your account. Following this multi-layered approach not only does it make you more secure, it makes life simpler in the long run.

There used to be a time where appliances at the house were just that. A fridge was just a fridge, the thermostat you went and set a temperature with a button, the front door lock just needed the key to work, and a simple toaster toasted toasts. Now all of these things can access the internet, which we most creatively call the Internet of Things or IoT.

Now, this is not to say that progress and innovation are a bad thing, just that we need to adapt to the new ways in which these features can affect us. Imagine every day your thermostat makes your AC run full tilt and the fridge ceases to keep its ideal temperature until you return. Maybe your toaster decides to turn itself on for hours on end potentially causing an electrical short or a fire. And careful of that front door lock if it decides to open all by itself inviting others when you are not home.

These are all possible scenarios with current “Smart” appliances that can be controlled remotely as if they had a life of their own. Dangers that can be avoided by simply protecting your devices and wireless network. The first one we covered in a previous article, if it is online, update it! The second we can do by simply not keeping our home wi-fi open without a passphrase for all to see. Set a password on that wireless network and keep that toaster up to date! It’ll make better toasts.

On campus or off campus? That is the question. During these times many of us have had to adapt to a new work environment. Some of us are coming to campus, others have had to work remotely, while some have had to work out a combination of the two. Whatever the case, one thing remains and that is being cyber safe regardless of where we are.

Here at Ringling we are fortunate to have almost equal access to Ringling resources no matter if we are remote or on campus. That virtually means that even when at home you should think of the computer you are using at the moment as if you were sitting at a desk on campus. 

As we’ve covered before, you should always maintain a high level of “CyberSmarts” but when connecting to Ringling from home this should be doubly important. We tend to relax our habits when at home and maybe not being as alert as to what sites we visit and what we download. When connected to Ringling, while you might be at your computer, you are also connected to homespaces, shares, or even full desktop computers that contain important and sensitive information. Keep Ringling safe by keeping yourself safe.

Look up any bad thing that can infect your devices and there is a program or app that will deal with it. Virus, malware, adware, spyware; for all these PUPs (that’s potentially unwanted programs) there is a plethora of software packages that will detect, prevent, or eradicate them from your devices. Side note: these are also available for phones on their respective app stores, install them!

Now, there are a few caveats to that last statement. Mainly, we need to use them properly and pay attention to them. It is no good to have an anti-malware package if we do not scan our computer more than once a year. Having a great antivirus package does little to help if we dont let it update itself and scan for problems. 

However, the main thing we want to get across here is to pay attention. Having all these safeguards is great and strongly encouraged but what would be even better is if they didn't actually have to do anything. We want you to be the best safeguard there is. Be cautious, use common sense, and be safe when browsing or clicking anything. The first and best line of defense is your own online habits. #BeCyberSmart.

(Don’t) Set it and forget it! Unlike those old oven commercials, our devices need some attention every now and then to keep them safe and secure. Software updates or even firmware updates (a kind of update for the base code running on any hardware) are an important part of the health of all your devices. These updates can cover many things from adding new features on your device to fixing security issues that you may not even know they had. The problem with that last one is that, while we as users may not know our computer or phone has a gaping hole in its security, you can rest assured that the bad guys know and will take advantage of it if given the chance

Now don't just think it's only your computer (with its annoying "update available" messages) or your phone with that sudden request to restart and update in the middle of the day. If it is connected to the internet it will most likely need, get, or request an update sooner or later. Keeping devices up to date is an important part of maintaining a secure online presence.

This year’s theme for the National Cyber Security Awareness Month involves three important topics that we want you to consider in your day to day activities. 

Own IT, Secure IT, Protect IT

In the coming weeks we will be sending out some information with these topics in mind. Now, we know no one likes reading lengthy posts telling you what to do. Fear not! We don’t like writing them either, so they’ll be short and concise. Keep an eye out for them and just consider their short but important tips and suggestions for a safer online experience!

We’ve reached the end of our Cyber Security Awareness Month but that doesn’t mean we stop thinking about being safe online. We are always communicating, always online. Our attention to being safe and secure with our data should always be a priority and habit.

Remember, while you may think “Well, who would target me personally?” the fact is that most times we are not targeted but instead just fall prey to the trap. We need to be aware and prepared.

So OWN your data, be aware of how it is used; SECURE it by using what's available; PROTECT it and prevent them from falling in the wrong hands. After all it is your own personal information and that of your institution.

The safest computer out there, out of risk of any compromise, is the one that happens to be turned off. Well, that doesn't quite work out for us if we want to use it so we’ll have to look at other alternatives, mainly, updates.

Unless you are sporting a very old Operating System, the chance is high that its developer provides updates for your devices at a regular basis. These can range from updates to functionality and features but more importantly some will be security updates.

Security updates are sent out whenever there is a vulnerability found and fixed. The thing to understand about that is that if you have received notification of this update, it means everyone knows there is a vulnerability in those systems. That includes people with not the best intentions in mind and not updating can put you at risk of being compromised.

Bottom line, while it may take a few minutes to do, it is very important to keep our systems and antivirus software up to date. A healthy and updated device can save you headaches down the road.

Would you scoff at the idea that you can be many places at the same time? Unfortunately giving out the wrong information to the wrong person can make this a harsh reality for your credit cards, bank accounts, credit scores, and other records that together create your digital persona. A persona that might be making purchases on three different states at the same time while you are just at your house watching TV.

There are several habits that can help mitigate the risks of your information falling into less reputable hands:

Avoid sensitive activities such as online banking or e-shopping while connected to open unencrypted networks. Obviously that is not always an option so always try to use secure websites, which leads us to our next point.

Always browse safely by making sure the website you are visiting is using a secure connection. You can find that out if the address to the page has an “https” in front and usually if there is a padlock symbol next to the address bar. This means the conversation between you and that website is in fact encrypted.

Be weary when it comes to giving out your information. If you get a request for personal information from your bank, credit card company, or any other company that you might be familiar with, pause before giving it out. Look up their phone number, go to their website yourself (not through a provided link), and check. Make sure they are indeed the ones asking for your information.

Most devices we use and accounts we create online have security features we can and should enable in order to give us that extra layer of security.

Home WiFi: If you haven't set up a password on your home wifi, do so.  From video doorbells to TVs, we might not notice it but if you start counting off devices that connect to your wifi in your house you’ll realize there are more than expected. Not having a way to stop anyone from connecting to your home wifi is the digital equivalent of leaving your actual door wide open 24/7 and hoping no one will come in.

Multi-Factor: Many websites nowadays provide a way to do multi-factor authentication. MFAs provide an additional layer of security by prompting you on your mobile or email for a verification that it is you who wanted to log in to a website. Having this enabled lets you know when an account’s password might be compromised and stop the thief from going any further. Enable this feature whenever possible and if you notice a verification when you know you haven't tried to log in, stop the attempt and change that password!

Device security: This is a simple one and mainly for our tablets, phones, and computers. Put a password or pin on them! These devices contain most of our personal and private information. They shouldn't be open books.

Even a recurring cyber security talk would be incomplete without a password security mention, so here we are at it again. Passwords are the keys to our online information vaults and, as such, need to be made to withstand abuse. Here’s how:

Make it strong! Thankfully many places do enforce a strong password policy but even if they don’t, make it a strong password. You can do this by making it a phrase instead of just a word, using numbers and symbols to replace words, changing letters (f) to a phonetic sound (ph), etc.

Make it varied! Great, you have created this masterful password. Now, please don’t use it on every single website you log in! If anything, add a word or phrase to that password that has to do with the website you are logging into. This will make it strong and varied

Ultimately you can also use a random password generator along with a free password manager service such as LastPass or DashLane which takes the pain away from trying to remember multiple strong passwords. The options are out there!

Social media has become such a consistent part of our lives that we sometimes don’t even consider everything that we’ve put out there. As it turns out we should be aware that it is OUR data and personal information out there

When using social media have this in mind. There is no “Delete” button on the internet. A minute after posting something, you can be certain it is already been seen by someone and a record of it exists and is backed up in multiple locations. Think before hitting that tantalizing “Post” button.

Another thing to always practice which goes with the Own IT part of our campaign is to be firm with others when you see any of your pictures or information shared by them. If you see something shared that makes you uncomfortable in any way, ask them to remove it. It is your information after all. On the flip side, if a friend approaches you with the same concern, listen and act accordingly. In either case, while you can’t turn back the fact that it was posted, removing it from public view is the next best option to not having posted it at all.

Holidays are approaching and with our traveling opportunities going up, so do the opportunities of our security practices going a little lax. Follow these simple steps to make sure you are keeping your data where it belongs, with you!

There are a lot of open networks out there. Airports, hotels, stores; chances are, there are multiple open networks ready for you to connect when you are on the road, but, should you? Make a habit to check with a staff member wherever you are and ask them which network is the one offered by their establishment and connect to it only when you need to use their connection.

Another helpful change for when on-the-go to help you apply this new habit, turn off the auto connect feature on your devices. Many of our day to day devices like to be friendly and connect to the first open network they can find. And remember, when you are on an open network, yours is only one of many devices seemingly talking very loudly in the same room.

Once upon a time here at Ringling, when a person would leave their computer logged in and stepped away, someone would come around and change their background to a tiled David Hasselhoff picture.  Objectively funny admittedly, but it hides a bad problem.  What happens if you do this and someone with bad intentions happens to notice?  What happens if you leave your browser open and perhaps your bank account logged in?  Or your hard worked on files right there for the taking?  Pretty bad situation. So please remember to always lock your computer or simply log off if you are stepping away.

Let's say one of your passwords was unfortunately compromised. Chances are you won't know that until something bad happens to your account. That's where multi factor authentication works wonders! This will let you enter a generated code sent to you so that only you can log in. Some sites will even let you know that someone tried to access it unsuccessfully without the code. At that point your account is still safe and you can go and change that password. All is good! Not all sites or programs have this feature but if there is the opportunity, take it!

Now that we use sentences or phrases for our passwords, why use the same old boring one for everything? Using different passwords for different things makes it harder for someone that may have guessed one of your password to have access to everything else that you log into. Can’t possibly remember all of them? Fair enough, we’d recommend using a free password manager such as LastPass and keep them there under a single GOOD lock and key, instead of sticky notes all over your desk with all your passwords… Please don’t. So, with those useful phrases as our passwords, why not say something about what you will log into as part of your password? Be creative! 

IC@nRememberTh1sP@$$2, We’re sure you can actually read that password and possibly remember it quite well. Best part? It would be considered a strong password with all those little details that most want you to have. The trick is to use sentences or phrases and just sprinkle characters and numbers where they make sense to you. Doing this prevents bad people from making a computer go through a dictionary just to guess your password, and they do that all the time! Making a phrase reduces that threat significantly since a computer will have more trouble trying to Cr@ckTh1sP@$$. Try it and you won’t have password problems anymore! Just don’t use those particular ones; You wouldn't want everyone reading this to know your password.