Folks,
October marks National Cyber Security Awareness
Month
( https://staysafeonline.org/ncsam/ ). As
such, this edition of TechTalk will focus on cyber
security; protecting your identity and access to
critical resources.
Are you at risk? Absolutely. Phishing schemes,
used to steal your personal information, as well as
malware, used to take control of your computer,
are on the rise. Both are more sophisticated, more
targeted, and much more damaging than ever.
The Anti-Phishing Working Group
( www.apwg. org )reports over 229,000 phishing campaigns
in March 2016, along with a significant rise in
Ransomware (malware that encrypts your data
and holds it for ransom).
Consider how pervasive technology and
connectivity are today. I have 67 applications on
my iPhone. They are easy to install and allow me
to connect with my friends and family, as well as
pay my bills and access different online services.
Unfortunately, these devices and applications also
provide opportunities for malware to take control
of my accounts and access information.
While IT has put systems in place to protect
campus resources, there is no way to completely
shield you from attacks. For example, IT has
turned away 67,000,000 attempts to send
spam and dubious email to campus in just the
last month. Yet, we still have reports of phishing
campaigns successfully deceiving faculty, staff
and students. You are your last line of defense.
Below I’ve compiled a few best practices that may
help keep your identity and personal information
safe.
1. Remember, IT will NEVER ask for your
username and password.
2. Be cautious and skeptical of any email asking
for your personal information or asking you to
login to validate your account information. It
is better to be safe, even if the message looks
legit. Contact the source through other known
channels, such as phone, or email directly.
3. Think twice before allowing browsers to store
your login information. While it provides for
quicker access, it could put you at risk. Even
more so if you use the same username and
password for multiple sites.
4. Consider using stronger and separate
passwords for financial services and sites
which manage critical resources. You
might consider using a Password Manager
application such as Lastpass or Keepass to
help track your different passwords.
5. Keep your computer current. Older versions
of software will be more vulnerable to cyber-
attacks.
6. Know the signs of a phishing message.
• Demanding immediate action, with dire
consequences.
• Requesting personal or login information.
• Awkward wording and/or poor grammar.
• Odd web links (URLs). Phishing sites may
rely on similar URLs, such as
www.ebay- secure.comor
www.upgrade-target.comto
fool users. Also, check for the @ symbol
in the URL, and don’t follow these links.
• Hover over a link to see where it may
really go. Anyone can create a link that
says
http://www.target.com/but sends
you elsewhere.
CYBER SECURITY INTRO
Stay up on the latest security information included
in each TechTalk issue. If you have any questions or
concerns, contact the IT Help Desk for assistance.
- Floyd Davenport, IT AVP
4