Office of Information Technology

Security Awareness

Protecting your devices, safeguarding your data and identity

SANS

TOP FIVE STEPS TO STAYING SECURE


Regardless of what technology you are using or where you are using it, here are five fundamental
steps you should take to protect yourself. Learn more at www.securingthehuman.org/ouch.

1. YOU The most important part to staying secure is you. Cyber attackers have learned that the easiest way to get something is to simply ask for it. As a result, common sense is your best defense. If an email, message or phone call seems odd, suspicious or too good to be true, it may be an attack

2. UPDATING Ensure your computer, mobile device and apps are updated and always running the latest version of their software. Whenever possible, enable automatic updating.

3. ENCRYPTION Ensure your computer, mobile device and apps are updated and always running the latest version of their software. Whenever possible, enable automatic updating.

4. BACKUPS Make sure you do regular backups of any important information. Often, the only way you can recover from a computer or device that has been hacked, lost or stolen is to recover from your backups

5. PASSWORDS are the keys to your kingdom, guard them well.

  • Always use long, strong passwords; the more characters you have, the better. Even better, use two-step verification whenever it is possible.
  • Use a unique password for every device and account. Can’t remember all of your passwords? Use a password manager for securely storing and retrieving your passwords.
  • Never share your passwords with anyone, including your coworkers or your supervisor.

Source: Security Awareness Newsletter Online: (2014) OUCH!Security Awareness. Retrieved Oct 1, 2014 from http://www.securingthehuman.org/resources/newsletters/ouch/2014

In the News

Protecting Data

Protecting Devices

Securing Mobile Devices

Securing your mobile devices and smartphones is just as important or perhaps even more important as securing your computer. If you have a smartphone, you now carry a fully functional computer in your pocket. It is important to safeguard your smartphone and other mobile devices. Your smartphone contains a wealth of personal information such as pictures, passwords, email, phone numbers and contacts that you would not want to be stolen or compromised. A lost or stolen or unsecured smartphone could expose personal data and lead to identity theft and fraud.

Below is a short list of some basic Smartphone safety tips to help protect your smartphone.

  • Password-protect your device.
  • Keep your operating system updated.
  • Enable strong password protection on your device and include a timeout requiring authentication after a period of inactivity.
  • Download applications from reliable resources such as Apple Store and Google Play.
  • Be cautious with public Wi-Fi, only connect to secure networks you know. Avoid unidentified Wi-Fi hotspots.
  • Disable Bluetooth and Near Field Communication (NFC) capabilities when not in use.
  • Be sure to review your mobile device manual to learn about the specific features of the device.
  • Back-up your device on a regular basis.
  • Install a locator app.
  • Be sure to wipe your mobile device using the built it “factory reset” function to delete your data before returning , reselling or discarding your smartphone.

Securing Desktops and Laptops

Keeping your computer healthy, safe, secure, free from viruses and worms has become more difficult as computers are complex and interconnected through the Internet and other networks.

Below is a short list of some basic safety tips to help secure protect your computer.

  • Keep your firewall turned on.
    Do not buy security software in response to unexpected pop-up messages or emails. Click here, to view a list of security software from reputable companies.
    Use strong passwords
    Set your operating system to update automatically.
    Use the most current version of your browser.
    Do not install plugins or add-ons into your browser unless you need them to run a particular application.
    Keep all essential browser plugins and add-ons update to date.
    Back up your files.
    Do not download unfamiliar software from the Internet. If you must, run a virus scan on the download before installing the application.
    Log off or lock your computer when leaving the device unattended.
    Do not open attachments from unknown sources.
    Do not use free public or unencrypted (unsecure) Wifi.

For additional information on staying safe and secure visit the following websites:

Securing a Wireless Network

Many homes now have wireless networks installed that provide Internet access to a host of electronic devices (i.e. computers, laptops, gaming devices, smartphones, tablets and TVs). A majority these home networks were not properly secured and configured. Unless you take steps secure your router, you are vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cybercrimes. Do not rely on the default factory setting of your wireless router to be secure.

Below is a list of simple tips for keeping your wireless network secure. Be sure to review the manual of your wireless network for detailed information on changing the setting.

  • Change the default name (SSID – Service Set identifier) of your router.
  • Change the default password.
  • Change the security level to WAP or WAP2 if available.
  • Best Practices for Keeping Your Home Network Secure

Additional information on wireless networks:

Best Practices for Keeping Your Home Network Secure
The Top Wireless Routers for Your Family
CNET – Home Networking Explained

Identity Protection

Place a fraud alert to protect against identity theft

Tip

By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.

If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.

Here are numbers you always need to contact if your wallet, etc., has been stolen:

1. Equifax: 1-800-525-6285

2. Experian (formerly TRW): 1-888-397-3742

3. Trans Union: 1-800-680-7289

4. Social Security Administration (fraud line): 1-800-269-0271

You can get a free credit report once a year from each of the three credit reporting agencies. They have set up a web site for this:https://www.annualcreditreport.com/index.action

If your browser questions a website's security, stop, think, and verify

Tip

When visiting the “https” secure sites of banks and online shopping retailers, you may see an onscreen warning, such as “There is a problem with the •website’s security certificate” or “Secure Connection Failed.” Don’t just click to continue or to make an exception. The warning may only indicate that there is

a harmless temporary problem with the site or with the network. But it can also mean that •the site is bogus or has been compromised by hackers, and someone is listening in on your conversation with your bank or retailer.

Be smart. Contact your bank or retailer by phone to find out if they know about a problem with their website or the network. Don’t be the next victim of fraud.

Backup important files on a regular basis

Tip
Backup important files on a regular basis and store the backups in a safe place. (Preferably off site.) You can backup files to removable disk or save copies to network shares. Unfortunately, it’s not a matter of “if” you’ll lose files one way or another; it’s a matter of “when”.

Four tips to help keep your computer secure

Tip

  1. Anti-virus. A reliable, effective anti-virus program with the latest updates. Both licensed and free anti-virus software are available. Whichever you use, make sure it scans incoming and outgoing emails for malware.
  2. Anti-spyware. Reliable effective anti-spyware is a must for securing your computer. Both licensed and free anti-virus software, such as Windows Defender, are available.
  3. Two-way Personal Firewall. Two-way personal firewall software monitors network traffic to and from your computer and helps block malicious communications.
  4. Anti-Keylogger software. Anti-Keylogger software products, like AntiLogger and Keyscrambler Personal, help prevent what you type on your computer, especially sensitive information such as the usernames, passwords, and financial information you use in making online transactions, from being hijacked by Bad Guys.

Ramkumar Raghavan

Recycle electronic equipment

Tip

Before you get rid of electronics, be sure you have important files and then clear them of all data. Then look for places to donate or recycle. Most states have banned computers and components from landfills. To find recycling programs in your area, surf to your favorite search engine and type “computer recycling.” You’ll get a list of nonprofit groups, individuals, and academic institutions.

If you are a victim of identity theft, report it immediatley

Tip

Here are some things you should do.

  1. Contact the three major credit bureaus and have them place a fraud alert on your credit report.
  2. If a credit card was involved, contact the credit card company and close the account. Contact your local law enforcement agency and file a report.
  3. File a complaint with the Federal Trade Commission.
  4. Document all conversations so you know whom you spoke to and when.

Make sure your personal information is protected when you do business online

Tip

Always read the privacy statement before you fill in the blanks. You should also verify that the site is using encryption before you submit any information – look for https in the web address and for a padlock or key in the lower right corner of your browser. Don’t send your personal information (social security number, credit card number, etc.) in an email or through instant messaging.

Check for encryption or secure sites when providing confidential information online

Tip

Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or “faked” sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site’s URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window.

For more information about please visit

Security Resources

Test your phishing knowledge

 

phish·ing

ˈfiSHiNG/

noun

1. the activity of defrauding an online account holder of financial information by posing as a legitimate company. “phishing exercises in which criminals create replicas of commercial Web sites”

Phishing email messages, websites, and phone calls are designed to access your personal and financial information. Cybercriminals can do this using social engineering to “convince” you under false pretenses to install malicious software on your computer and hand over your personal information. They might email you, call you on the phone, or convince you to download something off a website.

Take a quick quiz and test your Phishing knowledge

 

Test your security knowledge

 

The greatest risk to computer security is the “user.” This means you. Every time you log onto the Internet you are potentially exposing your computer and the information stored on your system. Most people do not intentionally put their computer at risk; the problem is the lack of knowledge and understanding of the potential threats that loom in cyberspace. The more you understand the potential risks, the better your can protect your devices and safeguard your identity.

Protect yourself, take the Security Information Challenge

 

Security Awareness Games

 

OnGuardOnline.gov is the federal government’s website to help you be safe, secure and responsible online. Learn about Information security through interactive games.