Cyber Security Awareness Month

October is the annual Cyber Security Awareness month. Your immediate question may be, why do I care again? To this I say, imagine if you will, a world in which there is no internet, no smart phones, no computers, and three channels on the television.

Rod Serling saying "What you are about to watch is a nightmare"
provided by Giphy

That’s right, it would be the Twilight Zone, even though I am old enough (cough…cough…) to have lived a life like this. Many of you are not, however, and this pervasiveness of the internet shapes all our lives to an incredible degree now. That’s why this month is all about being aware of your information and how you access the broader internet world.

The first week theme of Cyber Security Awareness Month is Make Your Home a Safe Haven for online activity. I offer to you the following pieces of advice, brought to you by StaySafeOnline.org

  • Keep a Clean Machine → Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
  • Did you know? Your cell phone and tablet need to be kept up to date with the latest security software, browsers and operating system, just like your PC or laptop at home.
  •  Smart appliances and connected devices – such as thermostats, toys and home assistants – should be kept up to date with the latest security software. If not, you’re at greater risk of hackers accessing your network and information.
  • #LockDownURlogin → User names and passwords are not enough to protect key accounts like email, bank and social media. Improve account security by enabling strong authentication tools such as biometrics or unique one-time codes. #CyberAware 
  • Share with Care → Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you and others now and in the future. #CyberAware
  • Boo! Old tweets, posts and photos may come back to haunt you. Think before you post and consider how it might be perceived now and in the future. #CyberAware 
  • Back it Up → Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. 
  • Back up regularly! Having a recent copy of your files means you can retrieve them if you fall victim to #ransomware. #CyberAware 
  • Personal Information is Like Money. Value it. Protect it. → Info about you, such as your purchase history or location, has value – just like $$$. Be thoughtful about who gets that info and how it’s collected through devices, apps and websites. #CyberAware 
  • The connected devices and appliances in your home run on the data about YOU. Be mindful of how your info is being collected and stored. #CyberAware 
  •  Secure Your WiFi Router → Set a strong passphrase (at least 12 characters long) for your Wi-Fi network. Keep it positive and easy to remember like “Ilovecountrymusic!” #CyberAware
  • Have you changed your Wi-Fi router’s default name and passphrase? Set a strong passphrase (at least 12 characters long and name your network in a way that doesn’t let people know it’s in your house.)  #CyberAware

 

I want to be a real bass phisherman…

Given our recent spate of phishing emails, I thought I would take a few moments to talk about the wonderful sport of phishing.

Well, not that kind of phishing. I am referring to phishing, a concerted effort by an attacker to get some type of information from you in order to do bad things. Bad things like take your money, your identity, hack into your college accounts, take student information, and steal your puppy.

Just kidding about that last part, they probably will not steal your puppy. That being said, phishing is bad news. That’s why I am going to offer some quick tips on how to spot a phishing email.

  1. It just doesn’t look right: Too good to be true? I know that someone in Nigeria wants to send you money, but they already sent it to me. Trust your instincts.
  2. Generic salutations: Phishing emails use generic salutations like “Dear customer”. This saves the criminals time. I recently received an email directed to “Dear null”, so it appears someone had a hard time with programs (Note: geek humor)
  3. Links to official looking sites: These sites are spoofed to make them look like your bank, for example. Take a good look at the site URL. It will not be the official banking site.
  4. Unexpected specific emails: Phishers use social media sites like LinkedIn to insert specific info about you to make you more likely to take the bait. If you not recognize the sender, it is probably phishing.
  5. Scary phrases: YOUR ACCOUNT HAS BEEN HACKED!!!! PLEASE LOG IN IMMEDIATELY AND CHANGE YOUR PASSWORD!!! Do not react to this, because this is a tactic to get you to willingly give up your credentials.
  6. Poor grammar and spelling: Phishing emails are often poorly constructed, and odd grammar and spelling is a dead giveaway.
  7. Sense of urgency: Like the scary phrases, the phishers try to get you to act in an urgent manner, but saying things like “your credit card will be charged unless you contact us immediately” or other phrases similar to this.
  8. Grand Prize Winner!!!!: This is immediately a giveaway. Don’t take the bait, and also remember there could be a survey you can take with the promise of a reward afterwards. Do not take the bait.
  9. Verify your account: Phishers want you to log into something and give away your credentials. Always question why you would need to verify an account.
  10. Cybersquatting: Attackers use domains that are similar to real sites to get you to unknowingly enter your information (think g00gle.com versus google.com). Always take a look at the address to make sure you are where you want to be.

 

Remember to always check with your friendly IT staff if you have a suspicion something is wrong. Also, check out the Sophos phishing site, which gives you a lot more info about phishing as well as a handy flowchart you can use to help identify phishing emails: https://www.sophos.com/en-us/lp/anti-phishing/prevention.aspx

*All GIFS provided by Giphy