With family members using the internet to engage in social media, adjust the home thermostat or shop for the latest connected toy, it is vital to make certain that the entire household – including children – learn to use the internet safely and responsibly and that networks and mobile devices are secure. Week 1 will underscore basic cybersecurity essentials the entire family can deploy to protect their homes against cyber threats. CSIAC has a substantial repository of information available to its users. We will highlight a few topics we feel are critical to protecting yourself and point you to both CSIAC and external resources we feel can assist you.
Probably one of the most important steps to online safety is good password practices. Passwords are a part of our everyday lives and are the main form of online account security. Here are some simple tips to make a secure password.
- Make your password several words. Use at least 12 characters and make sure that you will remember the password. Writing the password on a piece of paper under your keyboard is NOT secure.
- For every account, create a different password. Even if a criminal is able to crack one of your passwords, they should not be able to get into all your accounts.
- Use a reputable password manager. Password managers can randomly generate unique passwords for every account and store them securely for you.
For more tips you can watch CSIAC’s Cyber Awareness series videos on passwords here:
Malware continues to threaten our digital devices on a daily basis. However, did you know that your simple everyday practices and tendencies could actually be part of the reason why your organization is compromised? This video explores modern malware behavior as well as practical techniques for avoiding infection:
What is it?
Phishing is a method of obtaining sensitive information, such usernames and passwords, social security numbers, and banking information, for malicious reasons by disguising an electronic communication as coming from a trustworthy person or organization. The malicious person “fishes” for a victim to perform an action by “baiting” the victim with what appears like legitimate and trustworthy email or instant message. The victim is often directed to enter their information into a fake website that looks identical to a legitimate one. Communications purporting to be from social media websites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.
How can I protect myself and my company?
The best way to protect yourself, your company, and your family is to make sure everyone is aware of what phishing attempts look like. Generally, phishing attempts implement social engineering and fear tactics in order to get you to become a victim. Also if the offer seems too good to be true, it probably is. You should always thoroughly examine any email asking for confidential information, especially of a financial nature. Many phishing scams have obvious signs of fraud such as poor spelling or grammar.
Lastly, if you are unsure about a message, try calling the sender or visiting their website without clicking on links or attachments in the message by searching for them online or typing their website directly into your browser. Never reply to the phishing attempt, as you would be confirming to the criminal that your email address is valid and you are reading your messages.
Here are three videos that will help you learn more about phishing and be able to recognize a phishing attempt before you are caught on the hook:
What should I do if I’m targeted by or fall victim to a phishing attempt?
If you believe an email or instant message on your work computer is a phishing attempt, you should notify your Facility Security Officer (FSO) and/or your IT people. You may not be the only one to receive the phishing attempt and sharing with others, may stop them from falling victim. Also many email service providers provide a form to report spam and phishing attempts.
If you have become a victim and disclosed your username or password, immediately go to the real website or call the organization directly to change that information. Acting quickly may stop the criminals before they have a chance to hijack your account.
The CSIAC has compiled many resources on the topic of Phishing view them here: https://www.csiac.org/tag/phishing/
A Safe Digital Haven in 6 Simple Steps:
Help make your home a safe digital haven by protecting networks, devices and your online life with 6 simple steps from The National Cyber Security Alliance:
- Keep a clean machine
- Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats. Remember, mobile phones and tablets need updating too! Check out this resource from STOP. THINK. CONNECT. https://www.stopthinkconnect.org/campaigns/keep-a-clean-machine-campaign
- Lock down your login
- Usernames and passwords are not enough to protect key accounts like email, bank and social media. Improve account security by enabling strong authentication tools such as biometrics or unique one-time codes. LockDownYourLogin.org has 6 simple steps that will help you gain peace of mind and more control over your online security.
- Share with care
- Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and in the future.
- Back it up
- Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.
- Personal information is like money. Value it. Protect it.
- Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.
- Secure your WiFi Router
- Set a strong passphrase (at least 12 characters long) for your Wi-Fi network. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). Name your network in a way that doesn’t let people know it’s your house.
To learn more about cybersecurity watch CSIAC’s Cyber Awareness video series: https://www.csiac.org/series/cyber-awareness-videos/
CSIAC releases a new Cyber Awareness Training video on a monthly basis. Subscribe to receive an email notification when new videos are released.