National Cyber Security Awareness Month (NCSAM)
October is National Cyber Security Awareness Month (NCSAM). This month is all about being aware; being aware of the data you have, how it is protected, and how an attacker may come after it. Below are simple tips to help you secure yourself:
KNOW YOUR DATA
Protecting sensitive data is becoming more and more difficult now that it can be stored in so many places, such as a computer, the cloud or USB drives. Taking the time to create a strategy will help you to know where your sensitive data is stored and to ensure that it is protected.
It's not easy to tell what data can be sensitive. Here are some examples of sensitive information:
- Social Security Numbers
- Credit Card Numbers
- Passport Numbers
- Driver’s License Number
- Combination of full name and other information (i.e. above)
You can also read about identifying and storing sensitive information at the University of Idaho by visiting https://www.uidaho.edu/apm/30/11 and http://www.uidaho.edu/infrastructure/its/standards/data-classifications.
It is important to protect the data that is stored on computers, email and social media accounts because it is valuable. Just as it would be dangerous to leave the front door unlocked at night, it is dangerous to leave these accounts unprotected by using weak passwords that can be easily guessed or using the same password across many accounts.
Passwords are often the first line of defense in cyber security. Setting strong passwords and using good password practices are essential to being secure in today’s climate. If you use any combination of known information such as birth date and child's name, it can be cracked in a matter of minutes. To illustrate, a good password cracker can reach 2 billion passwords a second in good conditions.
Setting a new password is not always straightforward. Here are some tips to help you develop a strong password:
- Longer passwords are the stronger and can help make it something easy to remember
- Information about you is easy to get, avoid birthdays, nicknames, pets, or hobbies
- Don’t recycle even parts of a passwords, any sort of patterns makes it easy to crack
- Default credentials are insecure and should never be used
- Sharing passwords is always dangerous, even if you trust the person
You can also read about passwords at the University of Idaho by visiting http://www.uidaho.edu/apm/30/15 and http://www.uidaho.edu/infrastructure/its/departments/security/password-guidelines.
Strong passwords are not a perfect solution for keeping hackers out. Mistakes happen and passwords can be exposed. Using multi-factor authentication wherever possible helps keep hackers out of your accounts.
Phishing is one of the most common and most effective cyber-attacks seen today. Using social engineering techniques such as imitating a known sender and using specific language to create a sense of urgency, attackers can simply ask for information directly. Remember, phishing messages do not always come as an email, although that is the most commonly used method. Phishing can come from phone calls, IMs, texts, and other sources as well.
Phishing can be especially difficult to identify. Here are some tips to help catch phishing attempts:
- Phish often create a sense of urgency to attempt to get you to act before you think
- Phish sometimes make offers that seem too good to pass up
- Phish will often ask for information that is inappropriate for that method of communication such as your social security number
- The best defense is skepticism. If anything seems odd, question it
You can also read about how to report phishing at the University of Idaho by visiting http://www.uidaho.edu/infrastructure/its/departments/security/phishing-scams.
Preventing phish starts with detecting actual phishing attempts. Reporting phish to firstname.lastname@example.org helps to fine tune the email filters, and take other actions to respond to phishing campaigns. Even if you are unsure if a message is a phish, you can send it to email@example.com for verification.
Patching is one of the most effective ways of keeping your devices more secure. Updates contain security fixes that patch holes which could allow attackers to view sensitive data, or run malicious code on your computer. In recent years everything from cars, thermostats, and security cameras have been attacked by hackers now that more and more devices are connected to the internet. Be sure to install security updates for all your technology.
While most people get around to installing updates for their computers, tablets and smartphones, here are some other devices that also get security updates:
- Internet routers and modems
- Smart TVs
- Car media software
- Internet-connected security cameras
- Internet-connected Thermostats
You can also read about patching requirements at the University of Idaho by visiting https://www.uidaho.edu/apm/30/11 and http://www.uidaho.edu/infrastructure/its/standards/data-classifications.
Updates containing security patches will sometime be for "0-day exploits". These are newly discovered vulnerabilities that are actively being used in the real world to attack machines. 2015 had a record 54 0-day exploits; more than twice that of any year for the past decade!