Week 2 (Oct 12 - 16): Securing Devices at Home and Work and The Many Forms of Malware
Do Your Part. #BeCyberSmart Cyber Secure Your Home Office
Internet-connected devices are helping businesses increase efficiency, reduce costs, conserve energy and a whole host of other benefits. However, with all of these benefits come risks to privacy and security.
Remember that every new internet-connected device you use is another entry point for a cyber criminal.
NCSA recommends businesses connect with caution, and take steps to secure these devices.
TAKE-ACTION TIPS
DO YOUR HOMEWORK
Before purchasing a new smart device, do your research. Check out user reviews on the product, look it up to see if there have been any security/privacy concerns, and understand what security features the device has, or doesn’t have.
CHANGE DEFAULT USERNAMES AND PASSWORDS
Many IoT devices come with default passwords. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
PUT YOUR IOT DEVICES ON A GUEST NETWORK
Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices, such as laptops.
CONFIGURE YOUR PRIVACY AND SECURITY SETTINGS
The moment you turn on a new “smart” device, configure its privacy and security settings. Most devices default to the least secure settings--so take a moment to configure those settings to your comfort level. Disable any features you don’t need.
UPDATE SOFTWARE
When the manufacturer issues a software update, patch it immediately. Updates include important changes that improve the performance and security of your devices.
THINK ABOUT WHERE YOU PUT THEM
Particularly for listening devices or ones with cameras, think strategically about where you place them in your home office. Do you really want an IoT device with listening or camera capabilities in the same room you have sensitive/confidential conversations with colleagues? Designate your home office as a “safe” room from IoT devices.
CREATE A PROCESS
Don’t allow devices to be purchased or connected to your corporate network without first having been vetted by your trusted security professional.
Beware of Malware
What is it?
Any software intended to…
Damage
Disable
Or give someone unauthorized access to your computer or other internet-connected device
Why should you care?
Most cybercrime begins with some sort of malware. You, your family, and your personal information is almost certainly at risk if malware finds its way onto your computer or device.
What can I do?
Be Aware - A false sense of security is often the source of weak systems. Knowing what is out there and how to protect your system is a necessity.
Secure Your Network - Firewalls are your first line of defense against cyberattacks. Your home office connects to the internet via different applications such as email, and media streaming. Your firewall should monitor threats coming from different connections.
Invest in Security - A simple installation of antivirus is not enough. Your home office computer’s assets should be protected by multiple layers of security. Antivirus, anti-malware, and anti-ransomware suites are some of the tools you should have. These applications can also evaluate the weakness of your security system. Most are free for personal use.
Keep Everything Up to Date - Make sure that you have regularly scheduled updates. Malware rapidly evolves and your security applications need patches and updates to detect any attacks from new forms of threats. Similarly, run a regular update of your system drivers, operating systems and applications.
Protect Your Hardware - While the internet poses immense threats, your hardware is not safe either. Stolen laptops and even thumb drives with company information may just be the vulnerability the bad guys are waiting for. Strong security in your business premises is a necessity, protecting not only physical assets but your data as well.
Read and Understand Loyola's Security Policies - More often than not, it’s people who are the greatest security threats. An employee who accidentally clicks the wrong link may cost the university. Integrate security policies in your daily work. Educate yourself about the threats and how to prevent them. Mandatory Information Security training is available to help you strengthen your knowledge against cybersecurity attacks.
Use Strong Passwords and Multi Factor Authentication - Anything you access on Loyola's servers or the internet, from emails to bank accounts, should be protected by a strong password. If available, you should enable multi factor authentication. Typically, a strong password should be a sentence that is at least 12 characters long. Focus on sentences that are easy to remember and/or pleasant to think about – on many sites, you can even use spaces!
Back Up Your Personal Files - If you store your Loyola data on the network. (and you should) Your Loyola data is backed up for you. Backing up your personal files will save you the pain of starting from scratch. Regularly updated backups can help you get things running again in case of ransomware or a hardware failure.
Call if You Have an Issue - If you believe that you have been hacked, call the ITS service desk. They can guide you to the Information Security Office for assistance.
Do Your Part. #BeCyberSmart Cyber Secure Your Home Office
Internet-connected devices are helping businesses increase efficiency, reduce costs, conserve energy and a whole host of other benefits. However, with all of these benefits come risks to privacy and security.
Remember that every new internet-connected device you use is another entry point for a cyber criminal.
NCSA recommends businesses connect with caution, and take steps to secure these devices.
TAKE-ACTION TIPS
DO YOUR HOMEWORK
Before purchasing a new smart device, do your research. Check out user reviews on the product, look it up to see if there have been any security/privacy concerns, and understand what security features the device has, or doesn’t have.
CHANGE DEFAULT USERNAMES AND PASSWORDS
Many IoT devices come with default passwords. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
PUT YOUR IOT DEVICES ON A GUEST NETWORK
Why? Because if a smart device’s security is compromised, it won’t grant an attacker access to your primary devices, such as laptops.
CONFIGURE YOUR PRIVACY AND SECURITY SETTINGS
The moment you turn on a new “smart” device, configure its privacy and security settings. Most devices default to the least secure settings--so take a moment to configure those settings to your comfort level. Disable any features you don’t need.
UPDATE SOFTWARE
When the manufacturer issues a software update, patch it immediately. Updates include important changes that improve the performance and security of your devices.
THINK ABOUT WHERE YOU PUT THEM
Particularly for listening devices or ones with cameras, think strategically about where you place them in your home office. Do you really want an IoT device with listening or camera capabilities in the same room you have sensitive/confidential conversations with colleagues? Designate your home office as a “safe” room from IoT devices.
CREATE A PROCESS
Don’t allow devices to be purchased or connected to your corporate network without first having been vetted by your trusted security professional.
Beware of Malware
What is it?
Any software intended to…
Damage
Disable
Or give someone unauthorized access to your computer or other internet-connected device
Why should you care?
Most cybercrime begins with some sort of malware. You, your family, and your personal information is almost certainly at risk if malware finds its way onto your computer or device.
What can I do?
Be Aware - A false sense of security is often the source of weak systems. Knowing what is out there and how to protect your system is a necessity.
Secure Your Network - Firewalls are your first line of defense against cyberattacks. Your home office connects to the internet via different applications such as email, and media streaming. Your firewall should monitor threats coming from different connections.
Invest in Security - A simple installation of antivirus is not enough. Your home office computer’s assets should be protected by multiple layers of security. Antivirus, anti-malware, and anti-ransomware suites are some of the tools you should have. These applications can also evaluate the weakness of your security system. Most are free for personal use.
Keep Everything Up to Date - Make sure that you have regularly scheduled updates. Malware rapidly evolves and your security applications need patches and updates to detect any attacks from new forms of threats. Similarly, run a regular update of your system drivers, operating systems and applications.
Protect Your Hardware - While the internet poses immense threats, your hardware is not safe either. Stolen laptops and even thumb drives with company information may just be the vulnerability the bad guys are waiting for. Strong security in your business premises is a necessity, protecting not only physical assets but your data as well.
Read and Understand Loyola's Security Policies - More often than not, it’s people who are the greatest security threats. An employee who accidentally clicks the wrong link may cost the university. Integrate security policies in your daily work. Educate yourself about the threats and how to prevent them. Mandatory Information Security training is available to help you strengthen your knowledge against cybersecurity attacks.
Use Strong Passwords and Multi Factor Authentication - Anything you access on Loyola's servers or the internet, from emails to bank accounts, should be protected by a strong password. If available, you should enable multi factor authentication. Typically, a strong password should be a sentence that is at least 12 characters long. Focus on sentences that are easy to remember and/or pleasant to think about – on many sites, you can even use spaces!
Back Up Your Personal Files - If you store your Loyola data on the network. (and you should) Your Loyola data is backed up for you. Backing up your personal files will save you the pain of starting from scratch. Regularly updated backups can help you get things running again in case of ransomware or a hardware failure.
Call if You Have an Issue - If you believe that you have been hacked, call the ITS service desk. They can guide you to the Information Security Office for assistance.