CSU Blog
Cybersecurity Tips For Online Safety
- June 4, 2018
- Posted by: Pete
- Category: cybercrime Financial Safety General Identity Theft personal safety Technology
Every day there seems to be news about another major company becoming the latest victim of a cyberattack. Small or large, for profit or non-profit, government or private – hackers and cybercriminals do not discriminate. So how can individuals and businesses protect themselves?
First, and most difficult to protect against are social engineering attacks.
Social engineering attacks are the most insidious; you must educate and train yourself, your students or your employees on what phishing attack emails may look like. They include official-looking logos, a sense of urgency, the need to wire funds or check account or package tracking information that must be confirmed immediately. By hovering over the links in the message and noting the URL that appears, many of these phishing attacks can be thwarted. When in doubt, look up the company’s phone number or customer support email on your own and do not rely on the contact information in the email to ascertain validity. Unfortunately, more and more web sites are hacked including larger, more reputable company sites with full-time IT staff, and still sites can have code installed on them that the site owner is unaware of. Simply visiting a compromised site can allow malware to get into your systems.
Conducting a sort of “game” with those you are trying to keep safe and secure is a fun way to illustrate just how creative people can get and it can also get them to begin to “think” like a hacker or cybercriminal. One exercise is to have your students or employees try to spot fake vs. valid emails and to make a game out of it. Divide participants into teams, and then have them mark which emails are valid and which are not. The winning team gets a prize (lunch, leave class or work early, PTO time, etc.)
Passwords are one of the easiest places to gain entry into a system. Stress the need for passwords that are LONGER and not necessarily complex. Any password that is 12 characters or longer is basically uncrackable; it would simply take too much time for a computer/hacker to crack it. Teach people to use easy to use phrases as passwords. Something like turning “vacation time in aruba” into “Vaca710n71m31nAruba!” which makes an easy-to-remember phrase into a super strong 20 character password.
Drill into your head and the heads of students or employees the need to be vigilant and not complacent. Just because their computer (or your company) hasn’t been hacked before, doesn’t mean it cannot happen. A recent survey by the National Small Business Association (http://www.nbsa.biz) found that 50% of businesss they surveyed had reported being victims of cyberattacks, and 3 out of 4 were small businesses with less than 250 employees. The average cost of a cyberattack is around $21,000, and within 6 months, 60% of those attacked go out of business. Let your students and employees know that if they want security, they need to help contribute!
There is an obvious need for a robust and centrally managed anti-virus solution on all your systems and servers. In addition, your router’s firewall must be hardened by an expert who knows exactly what the best practices are. Having a solution that combines the two is a great option for any college, business or even small home network.
Remember, just because you aren’t some huge Fortune 500 company or major university doesn’t mean you can afford to be complacent or cut corners when it comes to online safety and security. Your safety and security starts with YOU, so get educated about the threats that exist and put measures into place to ensure that you are doing everything possible to keep the cybercriminals out!