Welcome to Cyber Security Awareness Month 2020!
This year’s theme for the National Cyber Security Awareness Month will focus on the increased online presence we all have, especially with the shift in how we are doing things during this pandemic.
Do Your Part. #BeCyberSmart.
In the coming weeks we will be sending out some information covering a few topics that touch on our everyday online comings and goings. As always, short and to the point; these will be small nuggets of valuable information that will help us in the long run. Keep an eye out!
Do Your Part. #BeCyberSmart
Another end to an informative awareness month and we hope we’ve given you at least a few more nuggets of knowledge and wisdom regarding your online habits and safety. Like we’ve made a point this month, you are the most important factor in keeping yourself and us secure by having those cybersmarts so come back and read through them, apply them, and stay safe out there. And remember, if you receive any dubious email, or feel you need to confirm a link or message is safe to use, please do not hesitate to reach out to us and we’ll be more than happy to help and advise you.
The basics, Be Vigilant
Throughout the past couple of weeks we have been driving the point that you are the first and best line of defense when it comes to your online safety and that of the institution. This was by design and to a very specific purpose, to point out that we are equally the weakest link as well as the most secure barrier against attacks and it is up to us to be vigilant against two of the most troubling types of attacks, Ransomware and Phishing.
Ransomware is a type of malware that restricts access to your files with the very real threat of permanent destruction of that data if the “ransom” is not paid. This type of attack has become so prevalent and effective that an attack is made every 11 seconds and the damage costs to business is expected to hit upwards of $20 billion annually by 2021. This is a staggering figure considering five years ago that damage cost was $325 million. Why is this? Don't we have multiple solutions to prevent or catch these problems before they become as bad as they are now? We do, to a certain extent, but it matters little how many doors are between the bad guy and your data, if it is you who gives them the keys to get in. Which brings us to Phishing
Phishing and other social engineering attacks are the best way for attackers to get the data and access they want. In short, it is an attack that relies on you helping the attacker get around the safety measures offered by technology. If the bad guy can convince you to open the door for them, why would they spend the time and effort to hack their way in? That’s why we need to be vigilant and prepared to recognize when we are being attacked. These are a few habits that can help us stay safer online.
- Don't use administrative rights unless strictly necessary
- Keep your sensitive data backed up and current on multiple locations
- Make sure to update your devices
- Always be cautious of email links. Don't click unless you are sure they are safe. Attackers use urgency and your emotions to get you to lower your guard.
- Never use “Free” Wi-Fi
Some of these might sound familiar, and they are, we’ve covered them before, but they are all worth repeating. We suggest you come back to these every so often and get a refresher. Stay vigilant! When dealing with cyber threats you are the front line. Do Your Part. #BeCyberSmart.
The basics, The castle
The password talk does not get old. “123456”. Does this look familiar? We hope not. However it will look familiar to many across the world considering that it has held first place as the most common bad password three years in a row. Not to be outdone, “123456789” and “qwerty” have been fighting for that top spot. These round up the top 3 most commonly used passwords leaked by hackers.
To combat the password conundrum, let's think about an over engineered wall vs a medieval castle. Years ago, the approach was to have this impossibly complex password that needed to change constantly to keep you safe. That single over engineered wall of a password is not a great idea and it ends up with many just adding a “!” at the end every time the password needs to be changed. Now let’s look at that castle, the multi-layered approach of the moat, drawbridge, and inner gate.
A password manager, a good passphrase, and multi factor authentication compliment each other to stay safe online with your accounts and password. First, the moat, the password manager which can help you generate new passwords and store them without having to remember them all. Next the drawbridge, your actual password, a good quality passphrase, different for every account; you don't want a single password leak compromise all your accounts. Finally, always try and apply multi factor authentication whenever possible. That is the inner gate in your castle that finally lets you into your account. Following this multi-layered approach not only does it make you more secure, it makes life simpler in the long run.
The Sentient Toaster
There used to be a time where appliances at the house were just that. A fridge was just a fridge, the thermostat you went and set a temperature with a button, the front door lock just needed the key to work, and a simple toaster toasted toasts. Now all of these things can access the internet, which we most creatively call the Internet of Things or IoT.
Now, this is not to say that progress and innovation are a bad thing, just that we need to adapt to the new ways in which these features can affect us. Imagine every day your thermostat makes your AC run full tilt and the fridge ceases to keep its ideal temperature until you return. Maybe your toaster decides to turn itself on for hours on end potentially causing an electrical short or a fire. And careful of that front door lock if it decides to open all by itself inviting others when you are not home.
These are all possible scenarios with current “Smart” appliances that can be controlled remotely as if they had a life of their own. Dangers that can be avoided by simply protecting your devices and wireless network. The first one we covered in a previous article, if it is online, update it! The second we can do by simply not keeping our home wi-fi open without a passphrase for all to see. Set a password on that wireless network and keep that toaster up to date! It’ll make better toasts.
Home or Office? Stay safe
On campus or off campus? That is the question. During these times many of us have had to adapt to a new work environment. Some of us are coming to campus, others have had to work remotely, while some have had to work out a combination of the two. Whatever the case, one thing remains and that is being cyber safe regardless of where we are.
Here at Ringling we are fortunate to have almost equal access to Ringling resources no matter if we are remote or on campus. That virtually means that even when at home you should think of the computer you are using at the moment as if you were sitting at a desk on campus.
As we’ve covered before, you should always maintain a high level of “CyberSmarts” but when connecting to Ringling from home this should be doubly important. We tend to relax our habits when at home and maybe not being as alert as to what sites we visit and what we download. When connected to Ringling, while you might be at your computer, you are also connected to homespaces, shares, or even full desktop computers that contain important and sensitive information. Keep Ringling safe by keeping yourself safe.
The best Anti-everything
Look up any bad thing that can infect your devices and there is a program or app that will deal with it. Virus, malware, adware, spyware; for all these PUPs (that’s potentially unwanted programs) there is a plethora of software packages that will detect, prevent, or eradicate them from your devices. Side note: these are also available for phones on their respective app stores, install them!
Now, there are a few caveats to that last statement. Mainly, we need to use them properly and pay attention to them. It is no good to have an anti-malware package if we do not scan our computer more than once a year. Having a great antivirus package does little to help if we dont let it update itself and scan for problems.
However, the main thing we want to get across here is to pay attention. Having all these safeguards is great and strongly encouraged but what would be even better is if they didn't actually have to do anything. We want you to be the best safeguard there is. Be cautious, use common sense, and be safe when browsing or clicking anything. The first and best line of defense is your own online habits. #BeCyberSmart.
(Don’t) Set it and forget it! Unlike those old oven commercials, our devices need some attention every now and then to keep them safe and secure. Software updates or even firmware updates (a kind of update for the base code running on any hardware) are an important part of the health of all your devices. These updates can cover many things from adding new features on your device to fixing security issues that you may not even know they had. The problem with that last one is that, while we as users may not know our computer or phone has a gaping hole in its security, you can rest assured that the bad guys know and will take advantage of it if given the chance
Now don't just think it's only your computer (with its annoying "update available" messages) or your phone with that sudden request to restart and update in the middle of the day. If it is connected to the internet it will most likely need, get, or request an update sooner or later. Keeping devices up to date is an important part of maintaining a secure online presence.
=======Previous Cybersecurity Awareness Topics=======
Scroll down and take a look at previous years' helpful tips to stay secure.
It never hurts to get a refresher!
Welcome to Cyber Security Awareness Month 2019!
This year’s theme for the National Cyber Security Awareness Month involves three important topics that we want you to consider in your day to day activities.
Own IT, Secure IT, Protect IT
In the coming weeks we will be sending out some information with these topics in mind. Now, we know no one likes reading lengthy posts telling you what to do. Fear not! We don’t like writing them either, so they’ll be short and concise. Keep an eye out for them and just consider their short but important tips and suggestions for a safer online experience!
Own IT, Secure IT, Protect IT
We’ve reached the end of our Cyber Security Awareness Month but that doesn’t mean we stop thinking about being safe online. We are always communicating, always online. Our attention to being safe and secure with our data should always be a priority and habit.
Remember, while you may think “Well, who would target me personally?” the fact is that most times we are not targeted but instead just fall prey to the trap. We need to be aware and prepared.
So OWN your data, be aware of how it is used; SECURE it by using what's available; PROTECT it and prevent them from falling in the wrong hands. After all it is your own personal information and that of your institution.
Protect It: Update me!
The safest computer out there, out of risk of any compromise, is the one that happens to be turned off. Well, that doesn't quite work out for us if we want to use it so we’ll have to look at other alternatives, mainly, updates.
Unless you are sporting a very old Operating System, the chance is high that its developer provides updates for your devices at a regular basis. These can range from updates to functionality and features but more importantly some will be security updates.
Security updates are sent out whenever there is a vulnerability found and fixed. The thing to understand about that is that if you have received notification of this update, it means everyone knows there is a vulnerability in those systems. That includes people with not the best intentions in mind and not updating can put you at risk of being compromised.
Bottom line, while it may take a few minutes to do, it is very important to keep our systems and antivirus software up to date. A healthy and updated device can save you headaches down the road.
Protect It: You are data
Would you scoff at the idea that you can be many places at the same time? Unfortunately giving out the wrong information to the wrong person can make this a harsh reality for your credit cards, bank accounts, credit scores, and other records that together create your digital persona. A persona that might be making purchases on three different states at the same time while you are just at your house watching TV.
There are several habits that can help mitigate the risks of your information falling into less reputable hands:
Avoid sensitive activities such as online banking or e-shopping while connected to open unencrypted networks. Obviously that is not always an option so always try to use secure websites, which leads us to our next point.
Always browse safely by making sure the website you are visiting is using a secure connection. You can find that out if the address to the page has an “https” in front and usually if there is a padlock symbol next to the address bar. This means the conversation between you and that website is in fact encrypted.
Be weary when it comes to giving out your information. If you get a request for personal information from your bank, credit card company, or any other company that you might be familiar with, pause before giving it out. Look up their phone number, go to their website yourself (not through a provided link), and check. Make sure they are indeed the ones asking for your information.
Most devices we use and accounts we create online have security features we can and should enable in order to give us that extra layer of security.
Home WiFi: If you haven't set up a password on your home wifi, do so. From video doorbells to TVs, we might not notice it but if you start counting off devices that connect to your wifi in your house you’ll realize there are more than expected. Not having a way to stop anyone from connecting to your home wifi is the digital equivalent of leaving your actual door wide open 24/7 and hoping no one will come in.
Multi-Factor: Many websites nowadays provide a way to do multi-factor authentication. MFAs provide an additional layer of security by prompting you on your mobile or email for a verification that it is you who wanted to log in to a website. Having this enabled lets you know when an account’s password might be compromised and stop the thief from going any further. Enable this feature whenever possible and if you notice a verification when you know you haven't tried to log in, stop the attempt and change that password!
Device security: This is a simple one and mainly for our tablets, phones, and computers. Put a password or pin on them! These devices contain most of our personal and private information. They shouldn't be open books.
Secure It: The password talk again
Even a recurring cyber security talk would be incomplete without a password security mention, so here we are at it again. Passwords are the keys to our online information vaults and, as such, need to be made to withstand abuse. Here’s how:
Make it strong! Thankfully many places do enforce a strong password policy but even if they don’t, make it a strong password. You can do this by making it a phrase instead of just a word, using numbers and symbols to replace words, changing letters (f) to a phonetic sound (ph), etc.
Make it varied! Great, you have created this masterful password. Now, please don’t use it on every single website you log in! If anything, add a word or phrase to that password that has to do with the website you are logging into. This will make it strong and varied
Ultimately you can also use a random password generator along with a free password manager service such as LastPass or DashLane which takes the pain away from trying to remember multiple strong passwords. The options are out there!
Own It: It is our data out there!
Social media has become such a consistent part of our lives that we sometimes don’t even consider everything that we’ve put out there. As it turns out we should be aware that it is OUR data and personal information out there
When using social media have this in mind. There is no “Delete” button on the internet. A minute after posting something, you can be certain it is already been seen by someone and a record of it exists and is backed up in multiple locations. Think before hitting that tantalizing “Post” button.
Another thing to always practice which goes with the Own IT part of our campaign is to be firm with others when you see any of your pictures or information shared by them. If you see something shared that makes you uncomfortable in any way, ask them to remove it. It is your information after all. On the flip side, if a friend approaches you with the same concern, listen and act accordingly. In either case, while you can’t turn back the fact that it was posted, removing it from public view is the next best option to not having posted it at all.
Own It: On the go?
Holidays are approaching and with our traveling opportunities going up, so do the opportunities of our security practices going a little lax. Follow these simple steps to make sure you are keeping your data where it belongs, with you!
There are a lot of open networks out there. Airports, hotels, stores; chances are, there are multiple open networks ready for you to connect when you are on the road, but, should you? Make a habit to check with a staff member wherever you are and ask them which network is the one offered by their establishment and connect to it only when you need to use their connection.
Another helpful change for when on-the-go to help you apply this new habit, turn off the auto connect feature on your devices. Many of our day to day devices like to be friendly and connect to the first open network they can find. And remember, when you are on an open network, yours is only one of many devices seemingly talking very loudly in the same room.
Welcome to the Cyber Security Awareness Month 2018!
We know that you all have questions about cyber security, on how to be better protected online both at home and here at Ringling, (if you don't have questions, start asking!). That's why we are excited to announce in the coming weeks of this National Cyber Security Awareness month we will be releasing some snippets and blurbs of information to help you along having a safer online presence.
But don't think we'll just email this important information out, we want you involved in looking to be safer online. You'll have the chance to look around campus and spot the extra information. Starting Monday the 8th, look out! there might be some Cybersecurity Awareness waiting for you around the next corner!
However, If you do miss them walking around campus we will have all the information here(as it comes out, no cheating), and we will also email you short messages through the coming weeks.
We've reached the end of our Cyber Security Awareness Month and we thank you for participating with us. Staying secure online is not the duty of some select few but all of us need to stay safe. We all have many contacts and connections and they all can be affected by us being compromised. It is not a matter of being paranoid online but safe in our browsing and posting. Online as well as with most things in life, follow a simple three step process. STOP. THINK. CONNECT. Stop before clicking on that link, before answering that odd question. Think, about where that link is going, about what is being asked. Connect, only if everything checks out. Through the past few weeks we've given you just a sample of things to think about but we urge you to be proactive in your own online safety and of those around you. Remember, don't hesitate to contact us at IT for more information or for help in staying protected.
Scroll down to review the topics discussed on this year's Cyber Security Awareness Month
Social: All that Information
Social engineering, a fancy name for the right questions and conversation to get information about you. This subtle way of obtaining access to your accounts rely on what you yourself provide online. Would you be surprised to know that there is a high chance that most answers to your secret questions are out there on comments or your profile on social media? That along with clever conversations by someone looking to gain access to your accounts can lead to all this information being put in the hands of a bad person by yourself! We urge you to go to your social media pages, look around, and check. Did you put in your profile that you love cheesecake, and did you by chance use "What's your favorite food?" as a secret question somewhere? Well, someone can already change your password and lock you out of an account. Be careful what you post and how you secure your online presence.
Email: Something Phishy
Have you ever received a scam email? Phishing is a more direct way of trying to scam you and you should always watch out for them. These emails often come in as if you already have a relationship with the sender (which might itself be masquerading as a known contact). Maybe they are asking for some information that you may be able to provide and telling you to go to a site and login to provide it. These sites may look like the real thing but are there to gather your credentials. There are other things to look for such as slight spelling or grammar errors. Maybe what they are asking itself is not usually something you would get an email about either. All in all, if you receive an email asking to do something like that, contact the person or institution (bank, school, etc) through an officially listed phone or in person and confirm they are asking for this information.
Apps: Beware of the Permissions
Countless apps are installed in our phones but, do we know what these apps are asking for or do we blindly tap Install? More and more we are hearing about data breaches happening because of apps taking advantage of overreaching permissions granted to them at installation. When installing an application and it asks you to grant it permissions, stop and think why it is asking for them. It makes sense for that messaging app to have access to your contacts. If that funny car horn app is asking to check on your contacts, pictures, messages, and call history, there's something wrong with it.
Software: Keep it up to date!
It is a fact of life that we will always be bothered by that update reminder jumping at us every couple of days. However, this computer version of the Check Engine light is its way of telling you it needs some help to keep things clean and smooth for you. Many of the updates that your computer requests are in fact fixes for security problems it may have. Ignoring these is like leaving your door open on purpose after someone tells you there is a thief trying out doors to find an open one and get in. Take the extra time and keep your computer happy and updated. It will run better and keep you safer.
Websites: Always use HTTPS
More and more we are visiting websites that require us to login and enter personal or financial information in order to take full advantage of their services. This is not necessarily a bad thing but it does require us to be careful where we put our information. When visiting a website, especially when we know it will require giving them our information, it is important that we notice the website is secure. One of the ways to do that is to check if the website is using the HTTPS protocol (at the beginning of the website address). If it just uses HTTP or if it does but your browser warns you that the site is still not secure, do yourself a favor and avoid entering any important information in it because guess what? It is not secure!
Files: Scan Everything
We download a lot of files on a daily basis. We plug in all sorts of external and thumb drives to our computers on a daily basis. But, do we ever stop and think where those files came from or what they can do to our computers? Malware and spyware, among other more nefarious bugs, usually hide alongside seemingly innocent or useful programs and files we download off the internet. Then we can be carrying those along in thumb and external drives and sharing them around. That's why it is important to always take a couple seconds to run a scan on any file you download or any drive you plug in that you are not familiar with. Catch 'em all before they do any damage.
Files: Back them up!
A bad program crash, a power outage, an accidental deletion, a lost drive, or the accidental drop of said drive. We've all experienced something that has made important files we always thought would be available no longer there. That is why it is important that we back up what we do not want to lose. Be it in multiple external drives, to the cloud, or shares and homespaces, there are options to safeguard those important files. That cute picture of your first niece? The files for that project you have been working on for weeks? That spreadsheet with all the information you need to finish a report? Back them up! Trust us, knowing that your files are safe from harm makes a huge difference.
Logout! Have you been Hasselhoff'd
Once upon a time here at Ringling, when a person would leave their computer logged in and stepped away, someone would come around and change their background to a tiled David Hasselhoff picture. Objectively funny admittedly, but it hides a bad problem. What happens if you do this and someone with bad intentions happens to notice? What happens if you leave your browser open and perhaps your bank account logged in? Or your hard worked on files right there for the taking? Pretty bad situation. So please remember to always lock your computer or simply log off if you are stepping away.
Multifactor: Another Me?
Let's say one of your passwords was unfortunately compromised. Chances are you won't know that until something bad happens to your account. That's where multi factor authentication works wonders! This will let you enter a generated code sent to you so that only you can log in. Some sites will even let you know that someone tried to access it unsuccessfully without the code. At that point your account is still safe and you can go and change that password. All is good! Not all sites or programs have this feature but if there is the opportunity, take it!
Passwords: None of these is like the other!
Now that we use sentences or phrases for our passwords, why use the same old boring one for everything? Using different passwords for different things makes it harder for someone that may have guessed one of your password to have access to everything else that you log into. Can’t possibly remember all of them? Fair enough, we’d recommend using a free password manager such as LastPass and keep them there under a single GOOD lock and key, instead of sticky notes all over your desk with all your passwords… Please don’t. So, with those useful phrases as our passwords, why not say something about what you will log into as part of your password? Be creative!
Password: Are you strong enough?
IC@nRememberTh1sP@$$2, We’re sure you can actually read that password and possibly remember it quite well. Best part? It would be considered a strong password with all those little details that most want you to have. The trick is to use sentences or phrases and just sprinkle characters and numbers where they make sense to you. Doing this prevents bad people from making a computer go through a dictionary just to guess your password, and they do that all the time! Making a phrase reduces that threat significantly since a computer will have more trouble trying to Cr@ckTh1sP@$$. Try it and you won’t have password problems anymore! Just don’t use those particular ones; You wouldn't want everyone reading this to know your password.