Cybersecurity Basics

Cybersecurity is every one's responsibility! Check out these Cybersecurity basics to keep yourself and those around you cybersafe and cybersmart!

Table of Contents

General guidelines for online security and privacy

  • Review your security and privacy settings periodically on all accounts- especially social media accounts. Options and defaults may change after app updates.
  • Don’t post or give strangers information that can be used for identity theft including social security numbers, date of birth, mother's maiden name or the like.
  • Read privacy policies. Check for data collected, data ownership, and uses of data.
  • Configure your web browser and sites used to not track cookies.
  • Be aware and on the lookout for social engineering (Link: Carnegie Mellon University).
  • Check short URLs at https://www.virustotal.com/ before clicking.
  • Check for email compromise at https://haveibeenpwned.com/

Passwords

  • Create unique, complicated passphrases that utilize a combination for upper and lowercase letters, numbers and special characters.
  • The longer your password the better.
  • Don’t use the same password on multiple accounts.
  • Use a password safe to manage your passwords.

Multifactor Authentication (MFA)

CSUMB required multifactor authentication, but some accounts don't require it yet. Here are some things to know about MFA:

  • Multifactor authentication (MFA), sometimes referred to as two-step verification, is an extra layer of security providing proof that you are who you say you are when trying to log into an account. (Link: Knowledge Base article)
  • Enable MFA on your social media, Amazon and any other accounts where it's an option. 
  • Don’t use for security questions that contain common or easy to find information: This includes favorite colors or food, names of pets, children or other family members.
  • Consider the fact that texts are not encrypted when choosing your multifactor authentication method.
  • Authentication apps like Okta Verify and Google Authenticator are the way to go especially when traveling because they use both LTE and Wi-Fi technology.
  • Use Better Multifactor Authentication Methods on non-CSUMB accounts. (Link: Knowledge Base article)

Software & App Updates

Not patching security fixes onto your devices leaves you vulnerable to hackers.

  • Enable auto-update to get important security fixes installed as soon as possible. . 
  • Regularly update / patch software that does not have an auto-update option.
  • Install and update anti-virus software. As a CSUMB staff, faculty or student you get Sophos antivirus for free.
  • Back-up documents and data regularly- it just takes one time of not backing up for you to lose important files.

Phishing and other scams

  • Phishing is the fraudulent practice of sending emails or other messages (like text or instant messenger) pretending to be from reputable companies in order to get you to reveal personal information, such as passwords and credit card numbers.
  • The five types of phishing:
    • Phishing which takes place over email. These tend to be general and hope to catch a wide number of people in their web of deceit.
    • Spear-phishing also takes place over email and uses social engineering to trick a specific person rather than hoping someone in a large group of people falls for it. The attackers usually already know some information about the target by scouring websites for things like organizational charts, company directories and the like. The phishing attempt is then tailored to incorporate that information in order to appear more legitimate. These attacks are typically more successful because they are more believable.
    • Whaling is a type of spear-phishing where the targets are high ranking stakeholders in companies or institutions. People like presidents, provosts, and deans might be a target in a university setting. C-level or higher exectives in companies are also targets. Phishers pick these individuals because they have more to lose.
    • Smishing is phishing over SMS Text or messenger services.
    • Vishing is phishing over phone- usually with a script or pre-recorded message. With the advent of AI, this is gaining popularity as voices are easy to clone. 
  • Learn how to spot phishing. (Link: Knowledge Base article).
  • Learn how to report phishing. (Link: Knowledge Base article)
  • Become familiar with common scams and how to to report them. (Link: Federal Bureau of Investigation):

Wireless and Internet access

  • Don't use public Wi-Fi - your information may not be encrypted and easily discoverable.
  • Enable WPA2 on your home wireless router.
  • Change default router passwords.
  • Enable the built-in firewall.
  • Use web-filtering DNS at home https://www.opendns.com/home-internet-security/
  • Use the Eduroam WI-Fi when visiting other institutions.

Additional Information