Welcome to Cyber Security Awareness Month 2019!
This year’s theme for the National Cyber Security Awareness Month involves three important topics that we want you to consider in your day to day activities.
Own IT, Secure IT, Protect IT
In the coming weeks we will be sending out some information with these topics in mind. Now, we know no one likes reading lengthy posts telling you what to do. Fear not! We don’t like writing them either, so they’ll be short and concise. Keep an eye out for them and just consider their short but important tips and suggestions for a safer online experience!
Own IT, Secure IT, Protect IT
We’ve reached the end of our Cyber Security Awareness Month but that doesn’t mean we stop thinking about being safe online. We are always communicating, always online. Our attention to being safe and secure with our data should always be a priority and habit.
Remember, while you may think “Well, who would target me personally?” the fact is that most times we are not targeted but instead just fall prey to the trap. We need to be aware and prepared.
So OWN your data, be aware of how it is used; SECURE it by using what's available; PROTECT it and prevent them from falling in the wrong hands. After all it is your own personal information and that of your institution.
Protect It: Update me!
The safest computer out there, out of risk of any compromise, is the one that happens to be turned off. Well, that doesn't quite work out for us if we want to use it so we’ll have to look at other alternatives, mainly, updates.
Unless you are sporting a very old Operating System, the chance is high that its developer provides updates for your devices at a regular basis. These can range from updates to functionality and features but more importantly some will be security updates.
Security updates are sent out whenever there is a vulnerability found and fixed. The thing to understand about that is that if you have received notification of this update, it means everyone knows there is a vulnerability in those systems. That includes people with not the best intentions in mind and not updating can put you at risk of being compromised.
Bottom line, while it may take a few minutes to do, it is very important to keep our systems and antivirus software up to date. A healthy and updated device can save you headaches down the road.
Protect It: You are data
Would you scoff at the idea that you can be many places at the same time? Unfortunately giving out the wrong information to the wrong person can make this a harsh reality for your credit cards, bank accounts, credit scores, and other records that together create your digital persona. A persona that might be making purchases on three different states at the same time while you are just at your house watching TV.
There are several habits that can help mitigate the risks of your information falling into less reputable hands:
Avoid sensitive activities such as online banking or e-shopping while connected to open unencrypted networks. Obviously that is not always an option so always try to use secure websites, which leads us to our next point.
Always browse safely by making sure the website you are visiting is using a secure connection. You can find that out if the address to the page has an “https” in front and usually if there is a padlock symbol next to the address bar. This means the conversation between you and that website is in fact encrypted.
Be weary when it comes to giving out your information. If you get a request for personal information from your bank, credit card company, or any other company that you might be familiar with, pause before giving it out. Look up their phone number, go to their website yourself (not through a provided link), and check. Make sure they are indeed the ones asking for your information.
Most devices we use and accounts we create online have security features we can and should enable in order to give us that extra layer of security.
Home WiFi: If you haven't set up a password on your home wifi, do so. From video doorbells to TVs, we might not notice it but if you start counting off devices that connect to your wifi in your house you’ll realize there are more than expected. Not having a way to stop anyone from connecting to your home wifi is the digital equivalent of leaving your actual door wide open 24/7 and hoping no one will come in.
Multi-Factor: Many websites nowadays provide a way to do multi-factor authentication. MFAs provide an additional layer of security by prompting you on your mobile or email for a verification that it is you who wanted to log in to a website. Having this enabled lets you know when an account’s password might be compromised and stop the thief from going any further. Enable this feature whenever possible and if you notice a verification when you know you haven't tried to log in, stop the attempt and change that password!
Device security: This is a simple one and mainly for our tablets, phones, and computers. Put a password or pin on them! These devices contain most of our personal and private information. They shouldn't be open books.
Secure It: The password talk again
Even a recurring cyber security talk would be incomplete without a password security mention, so here we are at it again. Passwords are the keys to our online information vaults and, as such, need to be made to withstand abuse. Here’s how:
Make it strong! Thankfully many places do enforce a strong password policy but even if they don’t, make it a strong password. You can do this by making it a phrase instead of just a word, using numbers and symbols to replace words, changing letters (f) to a phonetic sound (ph), etc.
Make it varied! Great, you have created this masterful password. Now, please don’t use it on every single website you log in! If anything, add a word or phrase to that password that has to do with the website you are logging into. This will make it strong and varied
Ultimately you can also use a random password generator along with a free password manager service such as LastPass or DashLane which takes the pain away from trying to remember multiple strong passwords. The options are out there!
Own It: It is our data out there!
Social media has become such a consistent part of our lives that we sometimes don’t even consider everything that we’ve put out there. As it turns out we should be aware that it is OUR data and personal information out there
When using social media have this in mind. There is no “Delete” button on the internet. A minute after posting something, you can be certain it is already been seen by someone and a record of it exists and is backed up in multiple locations. Think before hitting that tantalizing “Post” button.
Another thing to always practice which goes with the Own IT part of our campaign is to be firm with others when you see any of your pictures or information shared by them. If you see something shared that makes you uncomfortable in any way, ask them to remove it. It is your information after all. On the flip side, if a friend approaches you with the same concern, listen and act accordingly. In either case, while you can’t turn back the fact that it was posted, removing it from public view is the next best option to not having posted it at all.
Own It: On the go?
Holidays are approaching and with our traveling opportunities going up, so do the opportunities of our security practices going a little lax. Follow these simple steps to make sure you are keeping your data where it belongs, with you!
There are a lot of open networks out there. Airports, hotels, stores; chances are, there are multiple open networks ready for you to connect when you are on the road, but, should you? Make a habit to check with a staff member wherever you are and ask them which network is the one offered by their establishment and connect to it only when you need to use their connection.
Another helpful change for when on-the-go to help you apply this new habit, turn off the auto connect feature on your devices. Many of our day to day devices like to be friendly and connect to the first open network they can find. And remember, when you are on an open network, yours is only one of many devices seemingly talking very loudly in the same room.
=======Previous Cybersecurity Awareness Topics=======
Scroll down and take a look at previous years' helpful tips to stay secure.
It never hurts to get a refresher!
Welcome to the Cyber Security Awareness Month 2018!
We know that you all have questions about cyber security, on how to be better protected online both at home and here at Ringling, (if you don't have questions, start asking!). That's why we are excited to announce in the coming weeks of this National Cyber Security Awareness month we will be releasing some snippets and blurbs of information to help you along having a safer online presence.
But don't think we'll just email this important information out, we want you involved in looking to be safer online. You'll have the chance to look around campus and spot the extra information. Starting Monday the 8th, look out! there might be some Cybersecurity Awareness waiting for you around the next corner!
However, If you do miss them walking around campus we will have all the information here(as it comes out, no cheating), and we will also email you short messages through the coming weeks.
We've reached the end of our Cyber Security Awareness Month and we thank you for participating with us. Staying secure online is not the duty of some select few but all of us need to stay safe. We all have many contacts and connections and they all can be affected by us being compromised. It is not a matter of being paranoid online but safe in our browsing and posting. Online as well as with most things in life, follow a simple three step process. STOP. THINK. CONNECT. Stop before clicking on that link, before answering that odd question. Think, about where that link is going, about what is being asked. Connect, only if everything checks out. Through the past few weeks we've given you just a sample of things to think about but we urge you to be proactive in your own online safety and of those around you. Remember, don't hesitate to contact us at IT for more information or for help in staying protected.
Scroll down to review the topics discussed on this year's Cyber Security Awareness Month
Social: All that Information
Social engineering, a fancy name for the right questions and conversation to get information about you. This subtle way of obtaining access to your accounts rely on what you yourself provide online. Would you be surprised to know that there is a high chance that most answers to your secret questions are out there on comments or your profile on social media? That along with clever conversations by someone looking to gain access to your accounts can lead to all this information being put in the hands of a bad person by yourself! We urge you to go to your social media pages, look around, and check. Did you put in your profile that you love cheesecake, and did you by chance use "What's your favorite food?" as a secret question somewhere? Well, someone can already change your password and lock you out of an account. Be careful what you post and how you secure your online presence.
Email: Something Phishy
Have you ever received a scam email? Phishing is a more direct way of trying to scam you and you should always watch out for them. These emails often come in as if you already have a relationship with the sender (which might itself be masquerading as a known contact). Maybe they are asking for some information that you may be able to provide and telling you to go to a site and login to provide it. These sites may look like the real thing but are there to gather your credentials. There are other things to look for such as slight spelling or grammar errors. Maybe what they are asking itself is not usually something you would get an email about either. All in all, if you receive an email asking to do something like that, contact the person or institution (bank, school, etc) through an officially listed phone or in person and confirm they are asking for this information.
Apps: Beware of the Permissions
Countless apps are installed in our phones but, do we know what these apps are asking for or do we blindly tap Install? More and more we are hearing about data breaches happening because of apps taking advantage of overreaching permissions granted to them at installation. When installing an application and it asks you to grant it permissions, stop and think why it is asking for them. It makes sense for that messaging app to have access to your contacts. If that funny car horn app is asking to check on your contacts, pictures, messages, and call history, there's something wrong with it.
Software: Keep it up to date!
It is a fact of life that we will always be bothered by that update reminder jumping at us every couple of days. However, this computer version of the Check Engine light is its way of telling you it needs some help to keep things clean and smooth for you. Many of the updates that your computer requests are in fact fixes for security problems it may have. Ignoring these is like leaving your door open on purpose after someone tells you there is a thief trying out doors to find an open one and get in. Take the extra time and keep your computer happy and updated. It will run better and keep you safer.
Websites: Always use HTTPS
More and more we are visiting websites that require us to login and enter personal or financial information in order to take full advantage of their services. This is not necessarily a bad thing but it does require us to be careful where we put our information. When visiting a website, especially when we know it will require giving them our information, it is important that we notice the website is secure. One of the ways to do that is to check if the website is using the HTTPS protocol (at the beginning of the website address). If it just uses HTTP or if it does but your browser warns you that the site is still not secure, do yourself a favor and avoid entering any important information in it because guess what? It is not secure!
Files: Scan Everything
We download a lot of files on a daily basis. We plug in all sorts of external and thumb drives to our computers on a daily basis. But, do we ever stop and think where those files came from or what they can do to our computers? Malware and spyware, among other more nefarious bugs, usually hide alongside seemingly innocent or useful programs and files we download off the internet. Then we can be carrying those along in thumb and external drives and sharing them around. That's why it is important to always take a couple seconds to run a scan on any file you download or any drive you plug in that you are not familiar with. Catch 'em all before they do any damage.
Files: Back them up!
A bad program crash, a power outage, an accidental deletion, a lost drive, or the accidental drop of said drive. We've all experienced something that has made important files we always thought would be available no longer there. That is why it is important that we back up what we do not want to lose. Be it in multiple external drives, to the cloud, or shares and homespaces, there are options to safeguard those important files. That cute picture of your first niece? The files for that project you have been working on for weeks? That spreadsheet with all the information you need to finish a report? Back them up! Trust us, knowing that your files are safe from harm makes a huge difference.
Logout! Have you been Hasselhoff'd
Once upon a time here at Ringling, when a person would leave their computer logged in and stepped away, someone would come around and change their background to a tiled David Hasselhoff picture. Objectively funny admittedly, but it hides a bad problem. What happens if you do this and someone with bad intentions happens to notice? What happens if you leave your browser open and perhaps your bank account logged in? Or your hard worked on files right there for the taking? Pretty bad situation. So please remember to always lock your computer or simply log off if you are stepping away.
Multifactor: Another Me?
Let's say one of your passwords was unfortunately compromised. Chances are you won't know that until something bad happens to your account. That's where multi factor authentication works wonders! This will let you enter a generated code sent to you so that only you can log in. Some sites will even let you know that someone tried to access it unsuccessfully without the code. At that point your account is still safe and you can go and change that password. All is good! Not all sites or programs have this feature but if there is the opportunity, take it!
Passwords: None of these is like the other!
Now that we use sentences or phrases for our passwords, why use the same old boring one for everything? Using different passwords for different things makes it harder for someone that may have guessed one of your password to have access to everything else that you log into. Can’t possibly remember all of them? Fair enough, we’d recommend using a free password manager such as LastPass and keep them there under a single GOOD lock and key, instead of sticky notes all over your desk with all your passwords… Please don’t. So, with those useful phrases as our passwords, why not say something about what you will log into as part of your password? Be creative!
Password: Are you strong enough?
IC@nRememberTh1sP@$$2, We’re sure you can actually read that password and possibly remember it quite well. Best part? It would be considered a strong password with all those little details that most want you to have. The trick is to use sentences or phrases and just sprinkle characters and numbers where they make sense to you. Doing this prevents bad people from making a computer go through a dictionary just to guess your password, and they do that all the time! Making a phrase reduces that threat significantly since a computer will have more trouble trying to Cr@ckTh1sP@$$. Try it and you won’t have password problems anymore! Just don’t use those particular ones; You wouldn't want everyone reading this to know your password.