October is National Cyber Security Awareness Month (NCSAM), and ITS is sharing information on cyber security topics all month long. Using technology safely and securely doesn’t need to be overwhelming or confusing. Regardless of what tech you’re using or how you’re using it, here are some simple practices to keep you and your devices secure.
Passphrases: The old eight-character password is outdated and vulnerable. Instead, create a long and unique passphrase using a series of words strung together. Length is the key component, not numbers or symbols. Make sure each site has a unique passphrase, so that if one is compromised, your other accounts remain safe. Can’t remember them all? Use a password manager. Most also include features like auto-fill, update reminders, and multi-factor authentication.
Updates: Make sure your computers, devices, and apps are running their latest versions. Attackers are constantly working to exploit bugs in consumer and enterprise software. By installing updates promptly and restarting the devices after those updates, you make it much harder to be attacked. To stay current, enable automatic updating whenever possible. This rule applies to almost any connected technology, including smart TVs, security cameras and doorbells, home routers and modems, game consoles, even your car.
Backups and recovery: Despite following most security advice, you may still find yourself the victim of an attack. When that happens, often the only way to restore documents is through data backups. Back up tax returns, receipts, health documents, and other important information regularly, preferably to cloud storage.
You: Technology alone cannot fully protect you; you are your best defense. Attackers know that the easiest way to get what they want is to target you rather than your devices. If they want your password, financial information, or identity, they’ll usually try to trick you into voluntarily giving it away, often through a sense of urgency. The best way to thwart their efforts is by slowing down. Carefully review emails for red flags, like an unfamiliar email address, or unexpected request, or just a gut feeling. Improper grammar and typos are no longer accurate indications.
ITS will continue to simulate phishing attacks in October and will assign training to individuals who are routinely susceptible to attacks. For more information on how to report phishing emails, see Reporting a Phishing Message (How-to).
—Peter Lundstedt, ITS