When you’re ahead of the game, you can’t be gamed - 10 Ways to Be Cyber-Secure at Home

Being aware and prepared is one of the best ways to prevent cyber security attacks in the office or at home. When you know what you are looking for, the chances of falling for an attack are slimmer. When you’re ahead of the game, you can’t be gamed. Here are 10 ways to be cyber-secure when you are at home.

1.  Identify your perimeter - Less is more! The fewer connected devices and entry points you have, the safer your network is.
   
   
2. Update software and devices regularly - Regular updates make you less vulnerable to attack. Only download updates from the manufacturer and enable auto-updates when possible.
   
   
3. Secure your Wi-Fi network - Routers often have default credentials that people don’t know about. Disable the “remote configuration” option in your router and change both your Wi-Fi password and your router password.
   
   
4. Watch out for insecure websites - Always use HTTPS for sensitive communications. Don’t ignore browser warnings and always remember to check the website address carefully for misspellings and oddly-placed letters or numbers. When in doubt, manually enter the URL in your browser.
   
   
5. Back up your files - Backups save your information if your device breaks or is taken over by an attacker. Back up files to a removable device that can be locked away safely, such as a CD or flash drive.
   
   
6. Don’t download carelessly - Files can contain malware, and websites aren’t always what they appear to be. Always verify sender identity before downloading files and remember: If it comes from an oddly-spelled email or is hosted on a site that makes your browser generate a warning, stay away!
   
   
7. Encrypt devices to deter thieves - Encryption renders files unreadable without the correct key. Some devices offer the option to encrypt individual files or the entire device. Consider which solution suits your needs best.
   
   
8. Practice password safety - Choose long passwords containing uncommon words. Use unique passwords for sensitive accounts and a password manager to help you remember them.
   
   
9. Always use antivirus software - Antivirus needs updates, too! Set it to auto-update.
   
   
10. Keep yourself informed - New cybersecurity bugs and attacks pop up every week. Staying informed about the latest threats will help you be safe!

Remember, you can report all suspicious emails to Technology Services at  cchelpdesk@ccis.edu

Even if you know it is a phishing attack and ignore it, by reporting it you can help the Information Security Team identify and mitigate the attack for others.  

Be mindful of the information you post online or on social media.

Social Engineers can use all sorts of information you post to help them take over your identity.

The Information Security Team is growing, and dedicating itself to not only keeping our systems secure, but bring awareness and education to you to help keep you more secure in the office and at home.

Stay up to date with all that we are doing at our blog! 

What is Phishing?

We’ve all been there before. Getting into work, coffee in hand trying to keep yourself awake. You go to check your morning emails and you’ve received what seems to be an email seemingly from management stating that employees need to log in to this portal to fill out a form for work. The unaware might walk themselves straight into a classic Phishing Scam.

 

What is Phishing?

Phishing is a form of online identity theft that uses spoofed or fake emails that lead employees to unknowingly give out their personal usernames and passwords, financial info, or sensitive work data. These scams are usually disguised as a trusted company, such as the bank you use, an online retailer you frequent, or being structured as a work email. As a result, these malicious actors use the data provided to gain access to personal emails, banking information, or even your personal identity. With each passing day, phishing attempts have become more common and more complex.

 

Identifying Phishing

Phishing, in its most basic form, can be identified by an urgent request for personal information via email, or through links in emails. This can be disguised as a bank needing to confirm your login for a transaction, Amazon needing you to login to Prime to claim a reward, or a request from your workplace to verify your identity by logging into your works “software” by clicking a shady link.

 

Threats of Phishing

•  Identity Theft

o   Ruining your credit with Credit Cards

o   Crimes being made in your name

• Loss of personal accounts

o   Facebook, TikTok, Instagram, etc.

o   Potential of friends and family falling to these scams as someone portraying you

• Compromised Finances

o   Loss of bank credentials

o   Money transferred out of your account

• Theft of Company Data

o   Sensitive customer information

o   Company files

 

Tips on Prevention

• Be suspicious of any email urgently asking for you to login to your account or to hand out personal information. 
  
  
• Never give out your username, password, credit card information, or social security number to anyone over email. Technology Services will never ask for this information over email and make sure to not provide it to a company requesting it over an email. You can always provide it to them in person or over a phone call.
  
  
• Don’t follow any links in an email unless you are for sure an email is legitimate.
  
  
• If you are in a work setting, or if you are ever unsure, get in touch with Technology Services' Information Security Team for confirmation

Where's My Laptop?

 

Having a laptop can make many aspects of work easier. You can take it to meetings, sit down somewhere for a change of scenery, or even just declutter your workspace with a smaller device. However, having a portable computer like a laptop comes with risks that need to be addressed.

A laptop has a 1 in 10 chance of being stolen over its lifetime according to the Kensington tech company. The research technology firm Gartner found that every 53 seconds a laptop is stolen. Over half of stolen laptops result in some form of data breach by accessing sensitive information through the stolen device. A data breach can result in individuals having their personal information stolen; lead to legal/financial issues; or damage the trust the community has in Columbia College keeping their information secure. These issues and more could potentially come from the theft of one laptop. So how can you prevent laptop theft? 

The best way to prevent laptop theft is to keep your computer with you! Unattended laptops are the ones that become targets for those who want to steal. Your laptop should not be left in your car, unattended in a public area, or in an unsecured area like an unlocked office. Don’t ask strangers to keep an eye on your laptop if you have to step away. If you have to leave the area in a public space, take your laptop with you!

While keeping your laptop with you is the best way to protect it, no one carries their computer with them 24/7. Your laptop should be left in a secure area while you are away. It is best to keep the laptop out of sight in a drawer or cabinet with a lock so that anyone passing by won’t see that there is an unattended laptop. There are also laptop locks that connect the laptop physically to an object and require a code to remove the device. The room your laptop is stored in should also be secured by locking the office door or keeping it somewhere where others have limited access.

If you are only stepping away from the computer for a period of time, it is important to either lock the laptop or sign out completely so that others cannot access your laptop. It is still best to secure the laptop and room just in case someone with ill intent comes by. Do not keep your passwords or security information written down anywhere that others can access it. This includes workstations, journals/planners, and other unsecured locations.

If your laptop does get stolen, or it looks like someone accessed your device without your information, contact the Technology Service Center immediately so that steps can be taken to maintain the data security of Columbia College.

Banking Trojan

 

A banking trojan Is a malicious program designed to steal financial information or money from on-line banking apps or other financial platforms.  There are many ways a smartphone/laptop/computer can be infected with a banking trojan.  Some of these vectors include:

• Malicious Adobe Flash Player update
• Amazon gift card offer scam
• IRS email phishing scam
• Malicious java script file
• Malicious Macro-enabled Word documents
• Malicious Pdf files with weblinks
• Malicious Google Doc
• Malicious WhatsApp Updater
• SMS messages with a link to download a malicious program

Almost every day it seems as though there is a new banking trojan that has been released.  Some of the names are:

• Trickbot
• Emotet
• ZeuS
• QakBot
• IceID
• Bizarro
• And many more

Tips to Stay Secure

• Only install applications from the vendor (Google/Apple)
• Keep apps and OS updated
• Consider whether you should give a certain app the permissions it requests
• Use an anti-malware program
• Stay aware and vigilant of the various threat vectors

Mobile/Laptop/Tablet Security

Most folks carry at least one mobile device - ie. a smart phone.  Besides a smart phone, many may also have a laptop and/or tablet.  There are several different types of threats for these devices.

Threats

• Loss, theft, misplacement – Since devices are small, they can easily be lost or stolen. 
   
• Unauthorized device and data access – If a device is on, unattended, and the screen is left unlocked, a malicious individual could make changes to the device or access data on the device.
  
  
• Malware – Any electronic device with an operating system such as Windows, OSX, IOS, Android, is vulnerable to malware.  Anti-malware software can be installed on a device to make sure it isn’t infected by malware.
  
  
• Electronic eavesdropping – Malware has the ability to turn on mobile device microphones and/or cameras.  If you have a mobile device in your pocket or near to you, this could be used to listen in on your conversations.
  
  
• Electronic location tracking – Most mobile devices have GPS built-in and this can be good if you misplace your phone you can find it with a tracking application, but it could also be bad because malicious software can use the GPS functionality to track your location.

Tips to Securing

• Maintain physical control.
  
  
• Don’t leave device in unlocked vehicle.
• If you must leave your device in a vehicle, put it in the trunk or conceal the item under the seat and lock the doors.
  
  
• Set a passcode and enable auto-lock.
  
  
• Backup data regularly.
  
  
• Apply critical patches/updates to the operating system and installed apps.
  
  
• Use up-to-date antivirus software on smartphones and tablets.
  
  
• Review the rights apps require before installing.
  
  
• Use full disk encryption on the device – Apple FileVault2 or Microsoft Windows Bitlocker.

Register & Track

• Register the device with the manufacturer.
  
  
• Always keep your registration, make, model, and serial number in a safe place at home.
  
  
• Asset tag, engrave the device, or apply distinctive paint markings (such as indelible markers) to make it easily identifiable.
  
  
• Use commercial location software such as Apple FiindMyiPhone, LoJack Security, etc.

·

Cyber Security is Like a Game of Chess

 

And Checkmate! If you are familiar with chess, this is not something that you want to hear. It means that you are in a position with your king piece that you cannot escape. It’s Game Over man! In case you didn’t know, there’s a serious game being played today involving your data and identity. On one side are cyber attackers, and on the other are those who are trying to defend your privacy and personal accounts. Cyber Security is much like a game of chess!

You might be thinking, A game? Like chess? Well let me explain!

Hacking is probably not a new term for you, in fact hacking has been around for many of years. There is an early account from 1971 were a hacker named John Draper, hacked into phone systems using a plastic toy whistle from a cereal box. Crazy, right?  

Well in the early days of the internet and the personal computer, hacking was a game for many hobbyists (There are still people today who participate in hacking championships for fun) The early hackers would test the boundaries of what they could do, and what they could get away with, however, while some treated hacking as a fun innocent game, others began to realize the potential for malicious and criminal behavior. 

Now Jump forward many years, and as cyber attackers have become more sophisticated, the security industry has grown to defend against it. With new types of attacks developing all the time, we develop new strategic defenses to block and prevent them. Security tactics now become outdated as soon as attackers find ways around them, meanwhile, attackers continue to rely more on social engineering tricks that are hard to defend against in general. 

They make a move, then we make a move, and then they make a move, and so on and so on!

For us in the Information Security Department at Columbia College, cybersecurity is a lot like a game of chess. There are many pieces to move, and our strategies needs to keep tabs on all of them. We must adjust to our adversaries’ moves, move quick against attackers and protect your king at all costs. The cybersecurity game continues, but even as the stakes are rising, the rules are changing. It’s now more complicated than ever.

So, what can you do to help keep you ahead in this always evolving cybersecurity game?

• Complete your Columbia College annual Cyber Security Training. 
• This will ensure that you are update to date on best practices when it comes to being cyber secure.
• Follow the best practices and polices outlined by Technology Services
• Use strong passwords and never share your password.
• Remember that not ever Technology Services will ask for your Columbia College password.
• Report all suspicious emails to Technology Services at  cchelpdesk@ccis.edu
• Even if you know it is a phishing attack and ignore it, by reporting it you can help the Information Security Team identify and mitigate the attack for others.  
• Be mindful of the information you post online or on social media.
• Social Engineers can use all sorts of information you post to help them take over your identity.
• Be Aware
• The Information Security Team is growing, and dedicating itself to not only keeping our systems secure, but bring awareness and education to you to help keep you more secure in the office and at home.
• Stay up to date with all that we are doing at our blog! 

Week 5 - Internet of Things (IoT) at Home

How many devices to you have connected to your Internet connection at your house?  Can you name them all?  While these devices bring a great deal of convenience, they also bring associated risk.  Here is a list of things you can do to better secure your IoT devices.

·         Know what’s connected to your network.

·         Make sure your home wireless is encrypted using a strong password.

·         Make sure anti-virus/anti-malware software is installed on all of your computers, tablets, and smartphones. 

·         Change the default credentials and don’t use common words or passwords that are unique. 

·         Keep your smartphone secure.  Does your phone lock when not in use?  If not, consider adding a PIN, pattern, password, or face unlock.

·         Regularly update your software.

·         Use caution when using social sharing/geolocation.

·         Disable any features you don’t need.  If you don’t have any Bluetooth devices then turn off Bluetooth on your devices.

Week 5 – Prize Registration

Week 4 – Google Phishing Quiz

Nearly one-third of all data breaches in 2018 involved a phishing email.  Columbia College has an anti-spam solution which blocks tons of spam/malware/phishing emails, but even with the best solution some phishing emails may still get through.  Google’s technology incubator, Jigsaw, has released a phishing quiz which you can take to see if you can spot the phish.

Google Phishing Email Quiz (will open up in a new window)

After you have taken the phishing quiz, be sure to enter your email address to get registered to win a prize.

Week 4 - prize registration (will open up in a new window)

Week 3 - What's Wrong with My Desk?

For October Security Awareness Month, the week 3 security awareness activity is  "What's Wrong With My Desk?"  Keeping a clean desk and clear screen at work is important to protecting confidential information. Please click on the link below to see pictures of a desk and note all of the security risks.  If you find that the pictures are too small, please use the zoom feature in your PDF viewer.  Once you have a list, you can submit your answers using the second link below.

• Desk Pictures (will open up in a new window)

• Submit Answers and Register for a Prize (will open up in a new window)

Week 2 - Best Practices for Storing Columbia College Files

Where do you store your files?  Do you store files on your desktop?  What would happen if your computer’s hard drive went bad?  What would happen if your computer was infected with ransomware and you couldn’t access any of your files?  What would happen if your Columbia College laptop was lost/stolen and you had files on it needed for your job?

Do you know about the Columbia College i:\ drive?

The i:\ drive is a personal network drive which only you have access to. The i:\ drive is also backed up, so in the event your computer hard drive dies, CC laptop is stolen, computer is infected with ransomware, etc. files can be restored.

Example uses of Network Storage (my I:\) drive:

• Store documents/files
• Access files at different computers (ie. Another office, classroom, computer lab, etc)

Examples of how not to use Network Storage (my I:\) drive:

•  Do not store program installers that you have downloaded.
• Do not store personal media of large file types such as pictures, audio, or movie files.

• NOTE: the i:\ drive is only accessible on the Columbia College network.  If you are working at home using a Columbia College laptop and need to access your i:\ drive files, you will need to be connected to the Columbia College VPN in order to access your i:\ drive files.

If you do not see your network home drive mapped under My Computer, try these steps.

1. Check the magnifying button.
2. In the search box, type \\ccis.edu\homecampus\Home\youruserid
3. Hit enter
4. If this does not open your home directory, please contact the Technology Solutions Center at CCHelpDesk@ccis.edu or at 573-875-7495.

For more information, please see the Acceptable Computing Use Policy.

http://www.ccis.edu/policies/acceptable-computing-use-policy.aspx

If you currently use the i:\ drive or if you are going to start using the i:\ drive to store files after reading this security awareness tech tip, then please enter your name and email address on the Google form linked below to be registered for your chance to win a prize.

Week 2 - prize registration

October is Cyber Security Awareness Month!  

Join Technology Services and the National Cyber Security Alliance in celebrating the 16th year of National Cyber Security Awareness Month!

Cybersecurity begins with a simple message that everyone using the internet can adopt:

STOP. THINK. CONNECT.

Take security and safety precautions, understand the consequences of actions online, and enjoy the benefits of the internet!  Throughout October, Technology Services will offer interactive educational activities to help you achieve those goals—for each activity you complete, you will be entered into a drawing at the end of the month!

For Week 1 we have a list of questions for you to attempt. Please follow the link below and make sure to enter your email address at the bottom to be registered for your chance to win!

2019 October Security Awareness Questionnaire