Cybersecurity Tips

Cybersecurity Tips

These important cybersecurity tips are brought to you throughout the month of October by the App State ITS Office of Information Security in observance of National Cybersecurity Awareness Month.

What is Phishing?

Attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information to gain access to accounts or to infect your machine with malware & viruses are called “phishing.” Phishing attempts can happen through a variety of channels, including email, social media, or text messages, and can compromise security & lead to theft of personal & financial data. Highly targeted attacks on groups or individuals is known as “spear phishing.”

What tactics are used in phishing attempts?

Phishing messages can come from hijacked accounts of people you know, making them hard to distinguish from real messages. Additionally, cybercriminals commonly use infected documents or PDF attachments as vectors for their phishing attempts. Another common trick attackers use it trying to get victims to sign in on a fake login page where their usernames and passwords can be stolen.

How do you avoid phishing attempts?

Phishing attempts can often get through spam filters and security software that you may already have in place, so stay vigilant and trust your instincts. Keep an eye out for things like unexpected urgency or a wrong salutation. Think twice about clicking a link or opening a document that seems suspicious. Double-check that every URL where you enter your password looks legitimate. And if anything raises doubt, report the communication to phish@appstate.edu .

Protect your valuable work, music, photos & other digital information by making an electronic copy & storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.

Back up your data regularly, and make sure your anti-virus software is always up to date. Several options are available for backing up your data, including:

  • Back Up To an External Drive
  • Back Up Over the Internet
  • Use a Cloud Storage Service

Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.

Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. When in doubt, forward the message to phish@appstate.edu.

Keep all software on internet connected devices—including personal computers, smartphones & tablets—current to reduce the risk of infection from ransomware and malware.

Why is updated software important?

Running out-of-date software can put you at risk of security vulnerabilities that hackers seek out & exploit. Security experts agree that keeping your software - including Internet browsers, operating systems, plugins & document editors - up-to-date on internet-connected devices is fundamental cybersecurity practice & helps prevent malware infections that could compromise your devices & accounts.

Why is preventing malware important?

Malware can take many forms, including capturing keystrokes and passwords when they are entered, ransomware, which can encrypt files and demand payment to release them, and using devices to send out spam or participate in a distributed denial of service (DDoS) attack. If your device is infected, sharing files may also infect others.

How do you keep software up to date?

When you receive notification that a software update is available, install it as soon as possible. Knowing your programs and operating system is important. Some programs, like reputable antivirus/security software and some web browsers, including Chrome, automatically update. Mobile operating systems, apps, and other critical software may require your action to update.

Be sure to monitor your accounts, both financial and social, for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised.

Never leave your devices unattended. If you need to leave your computer, phone or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone.

Set the privacy and security settings on websites to your comfort level for information sharing. It is OK to limit how and with whom you share information.

Share With Care

Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you and others.

Information about you, such as purchase history or location, has value—just like money. Be thoughtful about who gets that information and how it is collected by apps, websites and all connected devices.

Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor.

Why should you secure your mobile devices?

Mobile phones & tablets contain a wealth of personal data, including emails, contacts, schedules, your locations, and direct access to apps. When your mobile device is lost or stolen, your data goes with it, making any information contained on the device vulnerable.

How do you secure your mobile devices?

The first layer of mobile security is locking your device with a passcode, touch ID features, or other biometric. In case your phone is ever lost or stolen, make sure you’re aware of the different offerings that exist to help you remotely locate or lock your device, or wipe data from it. Some of these features may be built in by the operating system, carrier, or available via an app. Your systems administrator might also have specific rules to follow if you lose a work device.

Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a café’s free WiFi—your data could be copied or stolen.

Why use security tools?

Many online service providers offer useful settings and tools to help you manage your online presence, keep your data secure, and get the most out of the services you use. For example, strong authentication is rarely turned on by default, but offered by many online services for users that want an extra layer of protection on their account.

How do security checkups work?

Guided security checkups help you understand the security settings available, and give you confidence you are using the strongest options available. And managing your notification settings, including alerts when your location is being used or when new information about you or a new photo is posted online, can help you manage your online presence.

Why are unique passwords important?

Password reuse for multiple accounts is one of the most common ways accounts are hijacked. When passwords are reused, having your credentials stolen for one accounts means hackers gain access to other accounts that use the same login details.

What makes for a strong password?

In addition to being unique, security experts agree that a strong password is at least 12 characters long, containing a mix of letters, numbers and symbols. Maintaining strong and unique passwords will decrease the risk of password guessing based on commonly used passwords, information about you that might be publicly available, or password cracking tools that hackers use.

How do you manage better and unique passwords?

It is really hard to remember a lot of strong and unique passwords. Thankfully, there are a lot of tools out there to help. Using a password manager only requires you to remember one master password to access your other passwords. If needed, you can write passwords down on a piece of paper and store them in a secure location away from your computer, but be careful not to store passwords right on your computer.

Realize that you are an attractive target to hackers. Don’t ever say, “It won’t happen to me.” You may not realize it, but you are a target for cyber criminals. Your computer, your mobile devices, your accounts and your information all have tremendous value to cyber criminals around the world.