Cyber Security Awareness Month

Posted on Tuesday, October 8th, 2019

Cyber Security Awareness MonthStudents are invited to participate in Cyber Security Awareness Month, an annual October campaign aimed at raising awareness about cyber security risks. The theme for the 2019 CSAM is “Own IT. Secure IT. Protect IT”.

Device Security

We all use a variety of computing related devices to be more productive and to enrich our daily lives. This includes tablet, notebook, laptop and desktop computers; USB and external hard drives; smartphones; gaming systems; and ‘Internet of things’ devices such as fitness bracelets, smart watches, home monitoring devices, and home smart speakers.

Criminals are constantly seeking ways to steal our devices and gain unauthorized access to sensitive work and personal information. They then resell the devices and information, open financial accounts in your name, make unauthorized online purchases and collect government benefits meant for you, among many other risks.

You can take these simple steps to protect your devices and information accessed through them:

  • Always use strong passwords and PINs and change the weak default passwords on consumer devices to strong ones;
  • Always use Bitlocker full disk encryption on Windows computers and FileVault encryption on Macintosh computers;
  • Label your device with your name and contact information, and record its serial number in case it is lost or stolen;
  • Keep your device’s operating software and applications current – update them frequently;
  • Only install well known, trusted applications;
  • Install anti-malware software on computers and smart phones;
  • Always lock or lock up your device when unintended. Laptops use a “Kensington” lock, notebooks use a smaller “Noble” lock;
  • Never leave your device in a vehicle in plain view – lock in the trunk or otherwise hide;
  • Report stolen devices with their serial numbers to the police – there is a (small) chance that you might get it back;
  • Report stolen mobile phone “IMEI” (i.e. serial number) information here: https://www.imei.info/lost-device/;
  • Use a laptop camera privacy blocker;
  • Backup your data – either to the cloud (e.g. Microsoft OneDrive) or to an encrypted backup hard drive; and

Go to getcybersafe.gc.ca for additional resources.

Protecting Your Personal Information Online

If you are not careful, your online activities and posted public information can reveal a lot of sensitive and valuable information about your professional, private and family life. This includes email addresses, likes and dislikes, family and pet names, birth dates and ages, hidden geographic information stored in digital pictures, and times when you are away from your home. Cyber criminals can use this information to crack your passwords and create highly convincing phishing emails, to steal additional information and put your devices at risk with malicious software.

You can take some simple steps to secure your online presence such as:

  • Being vigilant and thinking before you click;
  • Keeping your computer operating system software patched;
  • Using computer firewalls;
  • Using current, anti-malware software that has web surfing protection;
  • Browsing safely using the current browser versions and an “incognito” surfing mode;
  • Carefully checking all websites that you visit and applications that you download;
  • Avoiding logging into websites that do not have valid certificates (https:\\) that provide session encryption;
  • Avoiding posting and sharing sensitive, private information about yourself and your family members;
  • Using a VPN service, and
  • Connecting only to secure Wi-Fi networks only, whenever possible.

Phishing Attacks and Protection Measures

One risk of humans being technology immersed is the creation of digital footprints – the leaving of your personal information all over the Internet such as on publicly accessible social media platforms.

Cyber criminals will often use this personal information to conduct “Social Engineering” attacks such as “phishing”. They will send you an email with a malicious embedded link or attachment, the purpose of which is to capture sensitive information or place malware (including ransomware) onto your computer or mobile phone.

There are many types of phishing attacks –

  • Phishing – Cyber criminals trying to trick multiple recipients at once;
  • Spear Phishing – Carefully crafted phishing attacks, using your digital footprint information, aimed specifically at yourself;
  • Whaling – Phishing attacks directed towards large value targets such as executives;
  • Smishing – Phishing using texting (SMS), and
  • Vishing – Phishing using landline or mobile telephony.

Some of the common tactics to watch out for include:

  • Requesting sensitive information such as SIN, Date of Birth, user ID, or passwords;
  • Requesting you to click on a link (which may download malicious software on your device);
  • The message creates a sense of urgency for you to perform a specific action;
  • The message creates a feeling of fear if you do not perform a specific action;
  • An offer that appears too good to be true or requesting urgent assistance or help.

How do we protect ourselves?

  • Always check the “from” address by hovering your mouse over it. If it displays an known or unusual email address, be suspicious;
  • Do not click on any link or attachments unless you are certain it is from a trusted individual or entity;
  • Always verify who the individual or person the message came from, before acting on it;
  • Keep your antivirus software up to date;
  • Use different passwords or passphrases for different accounts.

Microsoft Safelinks

ITS recently added Microsoft “Safelinks” security to email. This provides additional protection that assesses the security of any link before delivering it to you. If you hover your mouse pointer over the original URL link, it is replaced by a Safelinks URL that starts with “HTTPS://ca01.safelinks.protection.outlook.com…”. If the link is safe, it will bring you to the original web page. If it isn’t safe, you will receive a popup warning you, and it will not let you proceed.

PINs and Passwords are Still Important!

We all use numerous PINs and passwords every day to carry out our daily activities – to access our many devices, accounts and information.

Passwords can be a serious liability. If someone gains access to your password, they can access your accounts, steal information and even steal your identity to cause further harm. This is why passwords are highly sought after by cybercriminals.

Cybercriminals use different methods to compromise weak PINs and passwords that are easy to guess (e.g. 123456 or “Algonquin123”).

You can protect yourself and your information by using very strong PINs and passwords or passphrases. For mobile phones, a random six-digit PIN is best, or use fingerprints or face recognition. Passphrases are a series of random words or sentences that are unique and known only to you. They are strong, easy to remember and simple to type. An example is “*Coffee2drinK!”

Here are a few additional tips to help you use a passphrase securely:

  • Never reuse your passwords or passphrases on any other account – if one becomes compromised, cybercriminals may use that password to hack into your other accounts;
  • Don’t use the word “Algonquin” in your password;
  • Don’t share your passphrase(s) with anyone;
  • Don’t use public computers at hotels or internet cafes because they are not trusted;
  • Whenever possible, enable two-factor authentication (also known as two step verification);
  • Lastly, if you are not using an account anymore, delete your profile or disable it.

This post will be updated weekly through October with a new cyber security message. Keep an eye on Algonquin College’s Twitter feed for more details on how to get involved in Cyber Security Awareness Month.

For more on National Cybersecurity Awareness Month, visit https://staysafeonline.org/ncsam/


Comments

Comments are closed.