There's no place like Home Page
Tips For Developing Good Cyber Security Habits
October is cyber security awareness month and the purpose of having a month dedicated to cyber security is to raise awareness to some of the risks of using technology. We can all be cyber smart by taking some simple actions to secure our digital lives.
Every time you use the Internet, via a cell phone, table, or computer, or accessing a web sites, using a wireless network connection, or reading your email to making online purchases. Each time you use any of these technologies you face choices related to your online security.
Your security depends on making secure/smart online decisions. Each of us are responsible for our own cybersecurity posture. It’s just the same as taking your keys out of your car and locking the door when you go shopping, or at night locking the doors to your house before you go to sleep. It all starts by understanding what your cyber security risks are and creating some good security habits.
What is cyber security?
It is the art and science of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. Good cybersecurity habits include making sure that your online presence, your smart devices, your information in cyber space stays safe and out of the hands of the wrong people.
Poor cyber security habits can lead to your personal information and often those you connect with, more vulnerable to security risks. If you do not patch your cellphone or computer, it can be vulnerable in many different ways. A malicious attacker can hack into your systems and change your files or steal your personal information.
What are some common threats?
Phishing. Phishing attacks use emails and malicious websites that appear to be trusted organizations, such as charity organizations or online stores, to obtain user personal information.
Since phishing is such a common method of attacker gaining access to personal and private information, I would like to take a few minutes and dive a little deeper into this threat.
Phishing attacks use email or malicious websites to infect your computer with malware and viruses to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerabilities for criminals to use to attack. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts. If you receive a call like this hang up and call your financial institution, they will never contact you and ask for this information.
96% of social engineering attacks are delivered by email, and the last half of 2020 saw almost twice as many phishing attacks as the same time in 2019.
Spoofing attacks use email addresses, sender names, phone numbers, or website URLs that are disguised as a trusted source. Cybercriminals attempt to deceive users by changing one letter, symbol, or number within the name. This tactic is used to convince users that they are interacting with a familiar source. Cybercriminals want you to believe these spoofed communications are real to lead you to download malicious software, send money, or disclose personal, financial, or other sensitive information.
How are some of the ways cyber criminals lure you in?
The following messages from the Federal Trade Commission’s OnGuardOnline are examples of what attackers may email or text when phishing for sensitive information:
- “We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below, and confirm your identity.”
- “During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”
- “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”
It is always best practice to call and report these emails and text messages to your local bank.
Malware. A computer can be damaged or the information it contains harmed by malicious code (also known as malware). A malicious program can be a virus, a worm, or a Trojan horse. Hackers, intruders, and attackers, all of whom are in it to make money off these software flaws. Despite their benign intentions and curiosity, their actions are usually contrary to the intended uses of the systems they exploit.
Identity Theft and Scams. Identity theft and scams are crimes of opportunity, and even those who never use computers can be victims. There are several ways criminals can access your information, including stealing your wallet, overhearing your phone call, dumpster diving (looking in your trash) or picking up a receipt that contains your account number. While you cannot guarantee that you will not be a victim of identity theft, you can lower your risk by doing the following:
Protect your online presence.
Use and maintain anti-virus software and a firewall. Use an antivirus program and a firewall to protect your computer from viruses and Trojan horses that could steal or modify your data.
When software notifies you of an update, called a patch, be sure to update as soon as possible to prevent hackers from exploiting known issues or vulnerabilities. Also, set-up an automatic, regular spyware scanning routine to catch vulnerabilities.
Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.
According to National Institute of Standards and Technology guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts
Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly to verify they sent it to you.
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.
Parents, help children understand how to use the computer, other connected devices, and the internet safely. Have candid, age appropriate conversations with younger users to help them understand the do’s and don’ts of cybersecurity. These conversations can protect your data by setting clear boundaries and guidelines.
Double check email attachments. An email that looks as if it came from someone you know doesn’t necessarily mean it did. It is possible for viruses to alter the return address so that it looks like the message came from someone other than the sender. Before opening any attachments, verify that the message is legitimate by contacting the person who sent it. Use caution even from people you know, be wary of unsolicited attachments.
Trust your instincts. As the old saying goes, “if it is too good to be true, it probably is.” Some antivirus software might not have the latest virus protections because attackers are constantly releasing new viruses. However, always be sure to scan documents and attachments with antivirus software before opening them. Do not open suspicious emails or attachments and turn off automatically downloading attachments. But always remember: technology can only help so much, so trust your instincts!
Videography: Andrew Moore
Video Editing: Andrew Moore
Writing: Pete Boergermann
Anchor: Rhonda Pearson
Guest(s): Pete Boergermann
Produced by Vogt Media
Home Page Sponsors: C&N