Does it have to be all so technical?

The Tip

Strong security isn’t just about complicated rules around passwords and anti-virus software and malware and managing access. Many important habits for safeguarding your important personal and work information build down to common sense and physical security and generally cautious behaviour. This week, we’ll take a step back and look at a few important and easy, non-technical tips.

The Detail

  • When you get up from your desk, lock your screen. It’s easy – (ctrl-alt-delete).
  • Keep an eye on your devices and never leave them alone near strangers.
  • Don’t discuss any sensitive information in public areas or anywhere where someone might be able to eavesdrop.
  • Look for privacy in places like coffee shops or libraries. Sit where no one can look over your shoulder (shoulder-surfing is a big concern).
  • Keep your screen dim or get a privacy shield to make it harder for people to see what’s on your screen.
  • Get a good case for your phone or tablet. A good case will protect your device (and data) should it suffer a drop or something being spilled on it.
  • Be sure to use a passcode on your phone and tablet.

What To Do When Breached

The Tip

The odds are really against us when it comes to data/account breaches. It’s not really a question of if, so much as a question of when. How would we know that our account has been breached and what should we do about it?

The Detail

The first thing we should do is check to see if any of our accounts have been involved in known breaches. You’d be surprised at the major companies that have been compromised. Then we should sign up for a notification service for any future breaches that come to light.

If you have suffered a breach, follow these basic tips;

  • Keep calm and login immediately to anywhere you’ve used the compromised username/password. Change the password, being sure to use a strong and unique password.
  • If multi-factor authentication is available at the service, enable it right away. This is an easy way to greatly enhance your security.
  • Don’t recycle your passwords. If you were using the same password for more than one account, you need to login to each of those services and change it. It is critical for security to use unique passwords on all accounts. Start with the email account associated with this password and change it there first. Then work your way through any other service where you have used the same password, and start using unique passwords on all accounts.
  • If you’re worried about remembering all those robust new passwords, or even having trouble making them up, this is a good time to start using a password wallet.

Cybersecurity Month Ends

The final theme for cybersecurity month was How cyber security is driving the jobs of the future. There is a good read there with thoughts on education and career opportunities for the immediate future.

Passwords Matter

The Tip

Passwords are our first line of defence in cybersecurity. So why do so many of us have bad password habits? Who knows. It just seems to be human nature. Readily available hacker scripts can guess most bad passwords in seconds, just by shear brute force. A couple of basics can greatly enhance your cybersecurity.

The Detail

Here are some things to consider in choosing and using passwords;

Special Bonus Tip

The theme for week 4 of Cybersecurity month is Our critical eye and the internet. According to Media SmartsDigital Literacy is more than technological know-how; it includes a wide variety of ethical, social and reflective practices that are embedded in work, learning, leisure and daily life.

Your data is valuable!

The Tip

Everything from personal information, personal photos, work correspondence, to your banking information and social media activity is valuable. If it’s valuable to you, it’s valuable to cybercriminals. In fact, some of it is valuable to cybercriminals without you even realizing it.

The Detail

Here are some things to consider in protecting your personal data;

  • Cleaning up old devices… do you know where all the old computers and phones and tablets you’ve had in the past are now? You may have traded them in and forgotten about them, but if you didn’t erase them first, they can come back to haunt you. Many criminal groups buy up old computer hardware and scan them looking for whatever they might find. Always do a factory reset on mobile devices and reformat hard drives on desktops before trading them in. A basic reformat will stop rookie cybercriminals only. For real protection, you should write over any existing data with zeros. Consult the manual for your disk utilities on how to do this low-level erase/reformat.
  • Social media… always be careful when adding new friends to your social network. Many social media networks are suffering from waves of fake friend requests. These are all attempts to find out more about you. Even if you are very selective in your connections, be cautious about over-sharing and privacy.
  • Surveys and games… you’ve seen them, the games and surveys and Facebook posts asking about your favourite foods and first pet and the street you grew up on, and so on. At first glance these seem harmless and fun, but it’s no coincidence that most of these questions are similar to the common security questions you might use for retrieving a lost password. Keep these details to yourself, or answer them with fake answers if you must play along.
  • Offline trouble… you don’t need to be online to be taken advantage of. Be careful of strangers ‘shoulder-surfing’ when you’re using a computer in a public space. Be careful of what you throw into the recycling box (consider a shredder). Be careful of who’s in ear-range if you’re giving credit information over the phone. Be careful when using your pin. These old-school privacy theft techniques can still be successful for cybercriminals.

Special Bonus Tip

Watch for the “Ask Us and Win” desk this week in UTS… you could have a coffee on us!

 

Smartphone Smarts

The Tip

As the smartphone market has matured and become a part of everyday life for most of us, the proliferation of bad actors in the app market has kept pace.

The Detail

We’ve all come to depend on apps that make our lives easier. Apps give us instant access to news, weather, shopping, banking, social networks and more. With so many new and useful apps arriving all the time, it’s easy to get caught up in the excitement, throw caution to the wind, and start downloading without giving much thought to it. It is easy by design. It’s important to take a minute though and do a little due diligence, especially if using an Android device. It’s important to verify that the app is coming from a trusted source. More and more apps are being discovered with malware and other vulnerabilities that not only put our privacy at risk, but can also damage your device.

Here are some things to consider when downloading apps and using your device;

  • Always keep your operating system and your apps up-to-date
  • Be sure of the source, go through the official app store for your operating system and avoid apps from other sources
  • Read the reviews
  • Read and understand the privacy policy to be sure of what information you will be giving up
  • Delete old apps you no longer use

Be aware of the law. Canada’s anti-spam legislation (CASL) prohibits the installation of software without consent, including apps on phones. It also requires software developers and distributors to clearly identify themselves and describe the program. If the software collects personal information or performs other functions listed in CASL, they are required to describe those functions in a form separate from the licence agreement.

Special Bonus Tip

The theme for this week of Cybersecurity month is Buy Secure. That means not only practicing safe habits when Shopping Online but also being aware on the importance of buying devices and apps from reputable sources.

 

Our internet; Our cyber security

The Tip

Cybersecurity month, week one. The internet is something we all share, and we all share a responsibility for keeping it safe. Thankfully there are simple ways we can all contribute to our collective Human Firewall.

The Detail

Get Cyber Safe is a website sponsored by the government of Canada and is a great place to learn more about keeping you and your family safe online. They also publish content on TwitterFacebookInstagram, and LinkedInGet Cyber Safe is part of the newly-created Canadian Centre for Cyber Security. Although the Cyber Centre is focused on government systems and critical infrastructure, and building a stronger cyber security communities with private and public sector partners, they also play a role in helping Canadians keep our personal cyber footprint safe at home, at work, and in our community.

It is up to all of us to implement changes in our daily habits, so we are all more aware and cyber secure. Learn more about how all of our digitally connected devices can be kept safeTalk to your kidsabout being safe digital citizens. Learn more about shopping securely and knowing when to not share things on social media. Cybersecurity is a team event. Talk to your friends and share good tips and habits.

Special Bonus Tip

We should all know by now that using the same password on multiple sites is a big security no-no! We might think our username:password is safe with the big companies, but this is absolutely not true. Did you know there is a service where you can check to see if your information has been in a known compromise?

Summer is Over

The Tip

Well, it was a nice summer break from blogging Cybersecurity, but the new school year is well underway and it’s time to start thinking Cybersecurity again. This week is not so much a tip as it is a greeting and notice of good things to come.

The Detail

October marks the beginning of Cybersecurity Awareness Month. Throughout the month, institutions around the world will be working to bring more awareness and provide resources to deal with increasingly important issues around Cybersecurity. Throughout October, Nipissing will bring several topics to light. The government of Canada also has a terrific website for Cybersecurity Awareness Month. I’ll be featuring content from there over the next few weeks.

In the meantime, it’s always a good idea to be thinking about password habits. Why not revisit this first issue of the Nipissing Cybersecurity Newsletter from November of last year, where we discuss ‘Passwords vs Passphrases’?

Special Bonus Tip

If you only do one thing to greatly enhance your e-mail security, enable multi-factor authentication now. It’s easy to do, and easy to use. Talk to UTS today or consult your favourite search engine.

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

Summer Vacation

Just a quick note to let you know that the Cybersecurity blog will be taking a summer break. We hope to be publishing again sometime in the fall of 2018.

The Physical Side of Security Awareness

The Tip
Today’s tip comes from “The Security Awareness Company”, a partner in training with KnowBe4.com. By now, we are all aware of the security threats we face online such as viruses, phishing, shady websites and more. But what about physical security? The overlap between our physical and cyber lives is more apparent than most realize.

The Detail

Computers don’t hack other computers; people hack people using computers. Likewise, in our physical lives, humans are the key component to information security. Although the following is somewhat generic for a business environment, much of it still applies to us.

  • Keep It Clean. A messy desk is a security risk! It’s easy to lose important documents, devices or keycards in a messy work environment. Organization is key to our collective security.
  • Proper Disposal. Always follow policy when disposing of sensitive documents or outdated hardware! Dumpster divers are happy to dig for anything that might give them access to sensitive information.
  • Where’s Your Badge? Any person with proper credentials needs to ensure that any person without proper credentials is restricted from controlled areas. If you notice someone that doesn’t belong, even if it’s the delivery person you see every day, politely escort them to the approved area if you feel safe to do so and report the incident immediately!
  • Look Over Your Shoulder. If you’re in a public setting, like a coffee shop or restaurant, and you’re accessing sensitive information, you should A) be sure you’re using a VPN if it’s public wifi or use your phone’s cell data instead of the public wifi (if you’re using a tablet or laptop, you can Hotspot from your cell phone’s data instead of using the public wifi) and B) ensure no one can see your screen so you don’t fall victim to shoulder surfing. The best policy is to not access anything sensitive in public, but if you must, be mindful of who is near you and consider a privacy filter for your screen so no one else can read it.
  • Lock It Up! Even if it only takes you five minutes to grab a cup a coffee before returning to your desk, it’s important to lock your station. There’s a reason why our computers are password protected. Leaving them open for even a few moments is a major security failure. The same is true for doors that require security clearance.

Become your own human firewall and develop your home-grown culture of security 🙂

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

Safe Online Banking

The Tip

Most of us use online banking to some extent these days. It’s important to use good habits when doing so. If the following tips sound a little familiar, it’s because being safe online in any capacity, not just banking, pretty much boils down to these 5 basics.

The Detail

Banks use comprehensive safeguards to protect the integrity and security of your information and financial transactions. You need to do the same.

  • Good password habits. Use strong passwords and don’t reuse or recycle them. Bank passwords especially should be changed periodically.
  • If your bank offers two-factor authentication, use it.
  • Beware of phishing. We’ll never ask you for your password via email. Neither will your bank
  • Always use a secure connection (https) and avoid banking over public wifi.
  • Be sure to always log out when you are done and not just close your browser.

Thank you to Greg Ferguson for the inspiration for today’s tip, which he found in the “CUCCIO Fast Five: IT News” a great newsletter from the Canadian University Council of Chief Information Officers – http://www.cuccio.net/.

Become your own human firewall and develop your home-grown culture of security 🙂

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

 

 

Tips For Safe Social Media Use

The Tip
Many of us use social media tools like Facebook or Twitter or Snapchat every day. Given the popularity of these tools, the landscape has become ripe ground for cyber criminals and fraudsters. Using these tools safely isn’t really complicated, and in many ways, the following list is just a summary of several of the topics we’ve already talked about in Cybersecurity.

The Detail

The following are good general guidelines for safer use of any social media tool, and the internet in general.

  • Make use of the site’s or tool’s privacy settings, read the policies and revisit the privacy settings from time to time
  • Don’t overshare. In general don’t share personal details such as phone numbers and home address, don’t share holiday plans and photos, at least not until you’re back. Criminals scour social networks looking for empty homes to burgle.
  • Don’t accept every friend and follower request you get without taking a few minutes to verify that it’s real. Criminals use these fake accounts to harvest personal information from others. It’s estimated that 25% or more of all social media accounts are fake.
  • Be wary of links. Just like phishing emails, you can’t trust all the links you see on social media sites.
  • Be careful if linking accounts. Many sites make it easy to login with your Facebook account or Google account, by linking these together. By doing this, you are creating one easy entry point to all your social media spaces. That can be hugely convenient but if that one account is compromised they are all compromised. If you are comfortable using this approach, be sure that you are following best security practices with that base/master account.
  • Use separate email accounts for registering with different social media networks. By doing that, your main email account is protected from spam or phishing you may receive via a compromised social media site.
  • Use strong and unique passwords. We cannot emphasize the importance of this enough. Use a separate and strong password for every account you have, social media or not.

Here is some additional very good reading for Facebook users;

How to Find Out Everything Facebook Knows About You
Did you know that you can easily download and see all the information Facebook has collected from you over the years in just a few minutes?
https://thehackernews.com/2018/04/facebook-data-download.html

How to Protect Your Facebook Data
Understanding and keeping up to date with Facebook’s privacy and security settings is a regular challenge.
https://nakedsecurity.sophos.com/2018/04/16/how-to-protect-your-facebook-data-updated/

Become your own human firewall and develop your home-grown culture of security 🙂

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

Is spam clogging your inbox?

The Tip

Spam campaigns are often a primary attack vector used by cyber criminals. Less spam means being a little more secure.

The Detail

Fortunately, it’s not all doom and gloom. There are a number of simple strategies you can take to weed out a lot of it and keep your inbox safer and less cluttered.

  • unsubscribe from any unnecessary newsletters, or newsletters you have not read in some time
  • be careful where you submit your email address, be it newsletters or contests or any other site
  • consider opening an additional email account to keep your most important one safer and more private
  • consider opening an additional email account just for newsletters
  • take advantage of filters and mark spam emails as spam to help your email provider block spam more effectively
  • never click on links in spam emails (even the ones that say unsubscribe)
  • never download and open attachments in spam emails
  • disable the automatic downloading of images in your emails
  • enhance your privacy settings on social media sites so no one can see your email account
  • if you have a website, protect your email address from automatically being scanned and harvested by spammers

Become your own human firewall and develop your home-grown culture of security 🙂

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

 

Nipissing University
100 College Drive, Box 5002
North Bay, ON, Canada
P1B 8L7
Tel: 705.474.3450
Fax: 705.474.1947
TTY: 877.688.5507
Top