Observed every October, the annual Cyber Security Awareness Month is committed to encouraging personal accountability, securing behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry providing resources to stay safe and secure online.
This October we are focusing on risky behaviors and will provide some tips on how to identify them and things you can do.
Passwords - Are they strong?
Continuing with risky behaviors. Passwords are still important to be strong even with a second-factor authentication, which adds an additional layer of security to your login process. Why is it still important? Because if your password is in the hands of bad guys it puts them one step closer to gaining access. The bad guys will try additional tricks to get you to approve their login attempts even with your second factor.
Please watch a funny video about Passwords (Jimmy Kimmel Live Jan 2015). What do you think, is still true today? (spoiler alert the answer is yes)
Jimmy Kimmel Live - What's Your Password (2015).mp4
Creating a strong password is an essential step to protecting yourself online and at Suffolk. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. Creating a strong password is easier than you think. Follow these simple tips to shake up your password protocol:
(The second factor, sometimes called multifactor or two factor, is where you have a password along with a second factor like your phone, text, or mobile app.)
SIMPLE TIPS to a better Password
Don’t make passwords easy to guess. Do not include personal information in your passwords such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
Use a long passphrase. Consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a part of the sentence, four random words, or even the title of the last book you read. Then add in some punctuation and capitalization.
Avoid using common words in your password. Substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”
Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
Keep your passwords on the down low. Don’t tell anyone your passwords and watch for attackers trying to trick you into revealing your passwords through email or calls. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.
Unique account, unique password. Having different passwords for various accounts helps prevent cybercriminals from gaining access to these accounts and protects you in the event of a breach. It’s important to mix things up—find easy-to-remember ways to customize your standard password for different sites.
Utilize a password manager to remember all your long passwords. The most secure way to store all of your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account that you have – protecting your online information, including credit card numbers and their three-digit Card Verification Value (CVV) codes, answers to security questions, and more.
For more information on Passwords please visit https://wikis.suffolk.edu/display/ITSEC/Strong+Password
Phishing - It Wasn't Me?
Even when it is not October (or Halloween) bad guys try to get you to fall for their tricks. They may not be wearing a costume but they are pretending to be something they aren't. Sometimes they pretend to be your bank or even a member of Suffolk. Sending you a request through email, social media, or even text messages.
Check out this video with a twist on Shaggy's song "It wasn't me" (Emirates NBD 2019)
The bad guys, scammers, use a variety of ever-changing stories to lure you in:
Promise free prizes, gift cards, or coupons
Promise to help you pay off your student loans
Send fake messages that say they have some information about your account or a transaction.
Say they’ve noticed some suspicious activity on your account
Claim there’s a problem with your payment information
Send a fake invoice and tell you to contact them if you didn’t authorize the purchase
Send a fake package delivery notification
They may even be so bold as to ask you to give some personal information — like how much money you make, how much you owe, or your bank account, credit card, or Social Security number — to claim your gift or pursue the offer.
Some phishing attempts send links that may take you to a spoofed website that looks real but isn’t. If you log in, the scammers can then steal your username and password.
Some recent examples have been seen here at the University.
A phishing message that appears to be from someone you know (email or text): "I am on vacation and need your help", "I am out of the office and need your help".
Then they follow up by saying it is urgent: "Are you available?", "Text/Call this number", "Click this link".
What comes next is a call to action: "Can you purchase gift cards, I will pay you back", "I will send you a check, you send me the difference and keep the rest", "log in to this site to restore your access"
This is when you will have to decide if you will just do what they ask or take a CLOSER LOOK. Will you give away your personal information? Will you purchase a gift card? What should you do... Pause and if it appears phishy it probably is. Just delete the message. If in doubt forward it to the Service Desk. If it is someone from Suffolk or another business that you know and you think it is real. Use their official contact information to reach back to them. If the message came in through text, send them an email or pick up the phone and call their official number from their official website.
Want to see if you can spot a phish?
Visit the google phishing quiz site.
https://phishingquiz.withgoogle.com/
Observed every October, the annual Cyber Security Awareness Month is committed to encouraging personal accountability, securing behaviors, and maintaining digital privacy in the cybersecurity landscape. This initiative was created as a joint effort between government and industry providing resources to stay safe and secure online.