To: Campus Community
From: Orlando Leon, Chief Information Officer
Date: Monday, October 8, 2018
Subject: National Cybersecurity Awareness Month October 2018
Greetings Campus Community,
October is National Cybersecurity Awareness Month, an annual initiative to raise awareness about the importance of cybersecurity. Each week Technology Services will share tips and practices designed to improve your cybersecurity knowledge. Our goal is to promote deliberate, mindful behavior that serves to protect our information assets.
Keeping safe while using the web is a shared responsibility and has never been more important. It has become much more than just an IT issue; almost everyone in our society is potentially at risk.
We invite you to join us in our quest to improve our cybersecurity knowledge by taking a moment to read each weekly tip featured in the Campus News.
This week’s focus is on how to improve and practice basic cybersecurity hygiene. One of the biggest threats we face comes not from hackers trying to steal our data, but from our own complacency and insufficient cybersecurity hygiene. Take a look………..
What is Cybersecurity Hygiene?
Cybersecurity hygiene is the practice and steps we can take to protect our devices and improve online security. Cybersecurity hygiene is about training ourselves to think proactivity about our cybersecurity to resist cybersecurity threats and online security issues.
You can improve your cybersecurity hygiene by reviewing the following scenarios we encounter on a daily basis.
Cybersecurity Tips
Passwords: Passwords are strings of characters used to access online services (e.g. your email or social networks profile). However, they also help to prevent other people from accessing your personal accounts.
Good Cybersecurity Hygiene: A good practice is to change passwords on a regular basis and not to use the same password. Having different passwords for each service and saving them in an encrypted file is a good practice for securing your accounts. Furthermore, it is important to have strong passwords and use two-factor authentication if it available.
E-Mail: One day when looking at your email inbox, you find you have received an email from a friend you have not heard from for at least one year. When you open the email the text says ‘Hi, please click here there is surprise for you’.
Good Cybersecurity Hygiene: A good practice is not to click on links in email. A good strategy is to call your friend to confirm it is not a “phishing” email. “Phishing” email tries to trick you into providing sensitive information directly or via visiting a website the attacker controls. Some examples also include an urgent request for money or gift cards from someone pretending to be someone you know. Never answer an email that appears to be phishing.
Social Engineering: Social engineering is a complex form of social deception focused on information gathering, frauds, or gaining access to your account. Social engineering, commonly done via fake messages (email, SMS, phone calls) aims to fool us into giving up our personal information, such as our account name and password.
Good Cybersecurity Hygiene: A good practice is to never provide personal information to any messages or phone calls that appear to be fake.
Mobile Apps: You consider yourself an ‘experienced’ user of mobile technologies. You have your own smartphone with which you navigate the Internet and use several apps to get updates for local services, weather, etc., and to find additional services. Often you receive prompts for installing new apps on your device.
Good Cybersecurity Hygiene: A good practice to ensure your device and data remain secure and safe, when you install a new app is to scrutinize permission requests when using or installing smartphone apps. Never install any app onto your device unless it is from a trusted source and you fully understand how your data will be used by the app.
Viruses: You have noticed your computer is acting erratically and normal tasks like opening a document/application, are taking a little bit longer to perform, or perhaps your computer is running warmer than usual, or the battery life is shorter than usual. So you called a friend of yours who is a computer technician and they determine your computer has been infected by a virus. A virus is software that has a malicious intent to harm your device and therefore you.
Good Cybersecurity Hygiene: A good practice is to have relevant protection, in this case, an antivirus software or malware protection installed. The protection software also needs to be constantly updated. Antivirus updates offer you the latest protection against new forms of malicious software.
Obsolete Programs: On your personal laptop you have been using some of the same computer programs for years. One of your friends, who is an expert in security, noticed one of your programs has long been discontinued by the manufacturer.
Good Cybersecurity Hygiene: A good cybersecurity practice is to update or remove discontinued programs since old and discontinued software exposes your computer to serious security threats due to the software lacking updates.
Patching: One day you were listening to the evening news where a journalist was interviewing a computer industry expert talking about the importance of regularly updating and patching device operating systems for security reasons. However you were distracted and could not understand why they was insisting on patching.
Good Cybersecurity Hygiene: A good cybersecurity practice is to patch or update your device’s operating system. Patching is usually a way to fix bugs and security problems for your device. Keeping your device’s operating systems updated is a good strategy to help secure your device and data. This especially applies to your iPhone or Android phone!
E-Mail (again): You receive an e-mail from your bank telling you there is a problem with your account. The e-mail provides instructions and a link so you can log in to your account and fix the problem.
Good Cybersecurity Hygiene: Do not click on links in email or call using information from the email. A good strategy is to call your bank directly to confirm it is not a “phishing” email or separately in another browser window type in the URL of your bank. Phishing (fake) emails are often used to trick users into disclosing sensitive information by having you provide the data directly or via visiting a fake website. Never answer a message that appears to be phishing. Use the phone number on your bank account statement (or website) or the number on back of your credit card, rather than the number listed in the email.
|