Fortify each online account or device. Enable the strongest authentication tools available. This might include biometrics, security keys, or unique one-time codes sent to your mobile device. Usernames and passwords are not enough to protect key accounts such as e-mail, banking, and social media.
Keep a clean machine. Make sure all software on Internet-connected devices — including PCs, laptops, smartphones, and tablets — are updated regularly to reduce the risk of malware infection.
Personal information is like money. Value it. Protect it. Information about you, such as purchase history or location, has value — just like money. Be thoughtful about who receives that information and how it’s collected by apps or websites.
When in doubt, throw it out. Cybercriminals often use links to try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
Share with care. Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it could be perceived now and in the future.
Own your online presence. Set the privacy and security settings on websites to your comfort level for information sharing. It’s okay to limit how and with whom you share information.
A password is often all that stands between you and sensitive data. It’s also often all that stands between a cybercriminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.
Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
Good: While SRSU only requires passwords of 8 characters or more, a good password is 10 or more characters in length (an odd number of characters is even better), with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let (Don’t use this for your password). Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes its exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or other registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cybercriminals.
We all need help from time to time, remembering passwords for all the accounts we use. #SRSUOIT recommends Lastpass to help you manage and remember all your passwords.
Follow us on Twitter @SRSUOIT
Like us on Facebook SRSUOIT
This article courtesy of Educause with some edits by SRSU staff
Who Else Is Online? Social media sites are not well-monitored playgrounds with protectors watching over you to ensure your safety. When you use social media, do you think about who might be using it besides your friends and connections? Following are some of the other users you may encounter.
Identity thieves. Cybercriminals need only a few pieces of information to gain access to your financial resources. Phone numbers, addresses, names, and other personal information can be harvested easily from social networking sites and used for identity theft. Cybercrime attacks have moved to social media, because that’s where cybercriminals get their greatest return on investment.
Online predators. Are your friends interested in seeing your class schedule online? Well, sex offenders or other criminals could be as well. Knowing your schedule and your whereabouts can make it very easy for someone to victimize you, whether it’s breaking in while you’re gone or attacking you while you’re out.
Employers. Most employers investigate applicants and current employees through social networking sites and/or search engines. What you post online could put you in a negative light to prospective or current employers, especially if your profile picture features you doing something questionable or “less than clever.” Think before you post a compromising picture or inflammatory status. (And stay out of online political and religious discussions!)
How Do I Protect My Information? Although there are no guaranteed ways to keep your online information secure, following are some tips to help keep your private information private.
Don’t post personal or private information online! The easiest way to keep your information private is to NOT post it. Don’t post your full birthdate, address, or phone numbers online. Don’t hesitate to ask friends to remove embarrassing or sensitive information about you from their posts, either. You can NEVER assume the information you post online is private.
Use privacy settings. Most social networking sites provide settings that let you restrict public access to your profile, such as allowing only your friends to view it. (Of course, this works only if you allow people you actually know to see your postings — if you have 10,000 “friends,” your privacy won’t be very well protected.)
Review privacy settings regularly. It’s important to review your privacy settings for each social networking site; they change over time, and you may find that you’ve unknowingly exposed information you intended to keep private.
Be wary of others. Many social networking sites do not have a rigorous process to verify the identity of their users. Always be cautious when dealing with unfamiliar people online. Also, you might receive a friend request from someone masquerading as a friend. Here’s a cool hint — if you use Google Chrome, right-click on the photo in a LinkedIn profile and choose Google image search. If you find that there are multiple accounts using the same image, all but one is probably spurious.
Search for yourself. Do you know what information is readily available about you online? Find out what other people can easily access by doing a search. Also, set up an automatic search alert to notify you when your name appears online. (You may want to set alerts for your nicknames, phone numbers, and addresses as well; you may very well be surprised at what you find.)
Understand the role of hashtags. Hashtags (#) are a popular way to provide clever commentary or to tag specific pictures. Many people restrict access to their Instagram accounts so that only their friends can see their pictures. However, when someone applies a hashtag to a picture that is otherwise private, anyone who searches for that hashtag can see it.
My Information Won’t Be Available Forever, Will It? Well, maybe not forever, but it will remain online for a lot longer than you think.
Before posting anything online, remember the maxim “what happens on the web, stays on the web.” Information on the Internet is public and available for anyone to see, and security is never perfect. With browser caching and server backups, there is a good chance that what you post will circulate on the web for years to come. So: be safe and think twice about anything you post online.
Share only the information you are comfortable sharing. Don’t supply information that’s not required. Remember: You have to play a role in protecting your information and staying safe online. No one will do it for you.
We all like to travel with our mobile devices (smartphones, laptops, or tablets) — whether it’s to the coffee shop around the corner or to a café in Paris. These devices make it easy for us to stay connected while on the go, but they can also store a lot of information — including contacts, photos, videos, location, and other personal and financial data — about ourselves and our friends and family. Following are some ways to protect yourself and others.
Before you go:
If possible, do not take your work or personal devices with you on international trips. If you do, remove or encrypt any confidential data.
For international travel, consider using temporary devices, such as an inexpensive laptop and a prepaid cell phone purchased specifically for travel. (For business travel, your employer may have specific policies about device use and traveling abroad.)
Install a device finder or manager on your mobile device in case it is lost or stolen. Make sure
it has remote wipe capabilities and that you know how to do a remote wipe.
Ensure that any device with an operating system and software is fully patched and up-to-date with security software.
Makes copies of your travel documents and any credit cards you’re taking with you. Leave the copies with a trusted friend, in case the items are lost or stolen.
Keep prying eyes out! Use strong passwords, passcodes, or smart-phone touch ID to lock and protect your devices.
Avoid posting social media announcements about your travel plans; such announcements make you an easy target for thieves. Wait until you’re home to post your photos or share details about your trip.
While you’re there:
Physically protect yourself, your devices, and any identification documents (especially your passport).
Don’t use an ATM unless you have no other option; instead, work with a teller inside the bank. If you must use an ATM, only do so during daylight hours and ask a friend to watch your back. Also check the ATM for any skimming devices, and use your hand to cover the number pad as you enter your PIN.
It’s hard to resist sharing photos or telling friends and family about your adventures, but it’s best to wait to post about your trip on social media until you return home.
Never use the computers available in public areas, hotel business centers, or cyber cafés since they may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to e-mail or any sensitive accounts.
Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected.
Disable Wi-Fi and Bluetooth when not in use. Some stores and other locations search for devices with Wi-Fi or Bluetooth enabled to track your movements when you’re within range.
Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.
When you return:
Change any and all passwords you may have used abroad.
Run full antivirus scans on your devices.
If you used a credit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
If you downloaded any apps specifically for your trip and no longer need them, be sure to delete those apps and the associated data.
Post all of your photos on social media and enjoy reliving the experience!
With an increasing amount of sensitive data being stored on mobile devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your mobile device is lost or stolen or misplaced.
Don’t leave your device alone, even for a minute! If you’re not using it, lock your device in a cabinet or drawer, use a security cable, or take it with you. It’s not enough to simply ask the stranger next to you in a library or coffee shop to watch your laptop for a few minutes.
Differentiate your device. It’s less likely that someone will steal your device and say they thought it belonged to them if your device looks unique. Sometimes these markings make the laptop harder to resell, so they’re less likely to be stolen. Use a permanent marking, engraving, or tamper-resistant commercial asset tracking tag.
Delete sensitive information. Don’t keep any restricted data on your laptop. We recommend searching your computer for restricted data and deleting it. Restricted data includes your Social Security number, credit card numbers, network IDs, passwords, and other personally identifiable information. You’d be surprised how easy it is to forget that this information is on your computer!
Back it up. Set a reminder to backup your data on a regular basis! Keep an external copy of important files stored on your laptop in a safe location in case it is lost or stolen. Your photos, papers, research, and other files are irreplaceable, and losing them may be worse than losing your device.
Encrypt information. Protect your personal data with the built-in disc encryption feature included with your computer’s operating system (e.g., BitLocker or FileVault).
Record the serial number. Jot down the serial number of your device and store it in a safe place. This information can be useful for verifying your device if it’s found.
Install software. Install and use tracking and recovery software included with most devices (e.g., the “Find iDevice” feature in iOS) or invest in commercial products like LoJack or Prey. Some software includes remote-wipe capabilities. This feature allows you to log on to an online account and delete all of the information on your laptop. There are both paid and free versions of this type of software, and each provides different levels of features. Search online to find the best combination of cost and functions to meet your needs.
If you have question, please contact the Helpdesk at 432-837-8888.
You and your information are everywhere. When you’re online you leave a trail of “digital exhaust” in the form of cookies, GPS data, social network posts, and e-mail exchanges, among others. It is critical to learn how to protect yourself and guard your privacy. Here are some ideas that can help protect you, your information, as well as the data you are entrusted with from SR.
Use long and complex passwords or passphrase. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
Take care what you share. Periodically check the privacy settings for your social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet, usually stays on the Internet.
Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going “incognito” and using the browser’s private mode.
Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.
If you have questions about how to follow any of these guidelines, contact the Helpdesk at 432-837-8888.
By the way, never use your laptop as a coffee mug coaster as in the picture. Not a good idea. 🙂
Planning a summer vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you or someone you know, these five tips will help you protect yourself and guard your privacy.
Track that device! Install a device finder or manager on your mobile device in case it’s lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
Avoid social media announcements about your travel plans. It’s tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to “check in” to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
Traveling soon? If you’re traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.
Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for “shoulder surfers” at the ATM.
These tips can’t protect you from every possible scenario but they will provide some protections and give you ideas for others. The best advice of all … be aware.
Mobile devices have become one of the primary ways we communicate and interact with each other. The power of a computer is now at our fingertips, allowing us to bank, shop, view medical history, attend to work remotely, and communicate virtually anywhere. With all these convenient features come added risks, but here are some tips to protect your devices and your personal information.
Password-protect your devices. If you mobile device is ever lost or stolen, giving yourself more time to protect your data and remote wipe your device could be the difference between the pain of losing the device and the pain of losing much of your important information. Enabling passwords, PINs, fingerprint scans, or other forms of authentication will slow down anyone intent on getting to your personal information and give you more time to take action and remove personal or sensitive information from your device.
Backup data. Be sure to back up data on each device in case it is ever lost or stolen. If the original device is never found, you can restore the backed up data to a new one.
Verify app permissions. Don’t forget to review app specifications and privacy permissions before installing it!
Update operating systems. Security fixes or patches for mobile device operating systems are often included in these updates.
Be cautious of public Wi-Fi hot spots. Avoid financial or other sensitive transactions while connected to public Wi-Fi hot spots.
Phishing attempts are fraudulent email messages that appear to come from legitimate enterprises (e.g., your university, your Internet service provider, your bank). These messages direct you to divulge private information (e.g., passphrase, credit card, or other account updates).
These scams are designed to induce panic in the reader. They attempt to trick recipients into responding or clicking immediately, by claiming they will lose something (e.g., email, bank account). Such a claim is always indicative of a phishing scam, as responsible companies and organizations will never take these types of actions via email.
Things to know and remember when opening ANY e-mail that is asking you to provide information:
– No reputable organization, including OIT, will ever ask you for confidential information via e-mail.
– Never respond to an e-mail from a source you are not 100 percent sure of. When in doubt, call them.
– Always check the authenticity of a Web site before you provide any of your personal information.
– Never click on a link in a suspicious e-mail because it may take you to a malicious site. Open a new browser window and type in the link manually.
– Phishing e-mail will often have a sense of urgency. (“Your account will be closed if you don’t…” etc.) They may also contain strange words, misspelled words or unusual or awkward phrasing to help them avoid SPAM-filtering software.
With the recent rise in phishing activity, be suspicious of any email message that asks you to enter or verify personal information through a website or by replying to the message itself.
I love my password, but I sure hate my password! If this is you, don’t feel alone. Passwords are a tricky thing to get right. The best passwords are almost impossible to remember and the easy to remember ones are weak. Sometimes even the tricks of substituting letters and special characters that resemble letters are easy to forget or easy to guess. A lot of people find that PERFECT reasonably hard to guess password that is easy to remember and use it for EVERYTHING …forever. There has to be a better way!
Introducing….password management software (password managers). According to Wikipedia: “A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database. Some password managers store passwords on the user’s computer, whereas others store data in the cloud. While the core functionality of a password manager is to securely store large collections of passwords, many provide additional features such as form filling and password generation.”
There are a lot of password managers available and some are better than others. Feature sets abound, so how do you decide on the one that is right for you? Let’s look at a few examples:
browser based — Most current web browsers have some sort of password manager built in. When the browser offers to “remember” the password, it stores the login credentials. Browser based password managers are generally though of as low-security, high risk. Often they are not encrypted and they don’t require a master password to unlock them.
Desktop — desktop/laptop software store passwords (usually encrypted) on a computer hard drive and most often require a master password to unlock them.
Cloud — Password manager software stores and retrieves encrypted passwords from online storage.
Advantages of password managers:
Ease of having long, hard to guess passwords that are automatically used or are easy to retrieve.
Remember one master password, but use many different passwords
No more sticky notes on the monitor! (well, at least for passwords)
shared passwords (rarely a good idea, but sometimes necessary)
password escrows so that an organization might retrieve passwords that former employees may have used
So, you want to use a password manager, but which one? That is a difficult question. Many of the most popular products have some similar features, so the secret is to figure out what is important to you and find out which one(s) qualify. I will leave a bit of research for you by giving you some links from popular web sites with comparisons of password managers:
In conclusion, I think it is important to remind you that running a password manager does NOT mean you should let your guard down. Use the tools, but never make the mistake of thinking the tool will keep you safe. Tools such as a good firewall, anti-virus, anti-malware, good passwords or a good password manager are simply that…tools to help. Nothing beats common sense and being careful. A good password manager can be a great tool in your online defensive arsenal.