Missouri Cyber Security Blog

Common IT Wisdom That Keeps You Secure

03.20.17

Day in and day out, employees hear the same things from their IT staff about cybersecurity and safety. Though they may sound like a broken record, there are very important reasons and rationale behind these practices and advice. Keeping safe and secure while connected isn’t just about how your system is set up – it is also very much about how you end up using it. Below, we discuss some common IT staff wisdom and provide some background information and the rationale as to why it definitely merits your attention.

 

Make sure you lock your screen when you are away from your desk.

Screen locking policies exist for a reason. Even if you are leaving for just a few minutes at a time, be sure to lock your screen. Though physical intruders are rare during daytime and in conventionally secured offices, intrusions do occasionally happen. Screen locks also thwart opportunistic insider attacks from other employees that may seek to obtain information or access information beyond what they should normally have. If you don’t adhere to a screen locking policy, an attacker can simply walk up and start manipulating or stealing your information without having to even work at getting in to your system. And remember, you are ultimately responsible for everything done under your login!

 

Don’t write down your passwords or user credentials. 

The same concept applies here as in establishing a screen lock on your system. On the rare occasion a physical attacker gains access to your desk area, they will immediately look for written passwords and authentication material. Post-it notes, index cards, etc. aren’t secure from attackers even if you think they might be out of sight under your keyboard! From looking at your written password, they can get right into your sensitive protected office systems and start stealing data or compromising assets. This risk isn’t only from a completely unknown outsider, but could be coming from contractors or internal staff with malicious intent.

 

Don’t re-use your office computer password for other systems and services.

One of the most risky things you can do is use the same password across multiple accounts or systems. Cyber threat actors are constantly stealing login credentials from numerous systems that may be more insecure, like online shopping sites for example. Many times, these credentials are leaked online for other cyber criminals to also exploit. They then are able to take these stolen credentials and use them to try to access more secure systems, like online banking, or your office systems. If you unfortunately follow this practice of re-using your work password elsewhere, you leave yourself and your organization open to this type of compromise.

 

Don’t install unauthorized software on any office systems.

The installation of unauthorized software can negatively affect your workplace’s security posture. This software can include everything from stand-alone programs to plug-ins for your web browser. Not only can this pose a stability issue leading to slower or unreliable system performance, but the installation of unmanaged software can pose a direct security threat either because it may be malicious software itself, or because this is introducing software that is not part of the patch management system in your environment. If this new unauthorized software ends up making you vulnerable to cyber-attacks in the future, but IT isn’t aware of it or implementing regular patches or fixes, you leave that avenue open for attackers who easily leverage these known vulnerabilities to compromise systems and potentially steal information.

 

Don’t check your personal email while on office systems. 

By checking your personal email on your office computer, you are extending the risk profile of your workplace to include your own personal activities. Attacks that target you as an individual, are now naturally extended to the entire enterprise. Your office email account is carefully managed and secured by policies and the vigilance of your IT team to minimize the risk from suspicious emails, links, and attachments. Once you open your own email account on your office computer, you bypass many of these defenses and render them less effective. If you open that suspicious attachment in your personal email on your office computer, you can infect your system (and eventually many other systems) with malicious software like ransomware that may prevent you or your colleagues from performing their duties.

 

If you follow these few common pieces of IT wisdom, you will lead a much more secure and productive life in the workplace. Remember, if you are working handling your organization’s information, you play a big part in its protection and safety. Let’s all work to make it as difficult as possible for attackers to affect our operations in the workplace.

category: Awareness

Comments Off on Common IT Wisdom That Keeps You Secure


Safe Browsing at Home

11.01.16

Staying safe online is a group activity – it is important to talk to everyone in your family about being safe online so all of them can recognize the danger and browse the Internet safely. Children and older citizens are particularly at risk because they might not be able to recognize phishing attacks, malware, and other scams.

Here are a few things you can do to keep your family safe:

  1. Secure you Wi-Fi

Keep a password on your home Wi-Fi network. This will help prevent unwanted access to devices on your network, which could compromise your personal information. Check your wireless router’s instruction manual for instructions on how to change your network’s password.

  1. Talk to your family about Social Networking

Many social networks do not allow users under the age of 13 to create an account. When you and your family do sign up for social media, be careful with what personal information you make available to the public.

  1. Create strong passwords

A strong password should be at least 8 characters long and contain a mix of upper and lower case letters, numbers and special characters. It should be easy to remember, but difficult to guess, and should be changed on a regular basis. For more info on passwords visit <link to page about passwords.>

  1. Learn to avoid scams

Scams take on a huge range of variation and methods depending on the desired outcome by the scammer. Some target your money directly, while others want your personal information. For more information, check out our page on scams. <Link to page about scams>

  1. Keep computers up to date

Technology companies regularly release updates for their applications and operating system to improve security by closing holes and exploits used by hackers. Many applications will notify you when these updates are available, and they can be updated with a simple click.

  1. Back up your computer

Keeping an up-to-date backup of your computers can be very important, particularly if you use your computer as a source of income, but even if your computer is strictly personal, the loss of family pictures and videos, financial documents, and other important files can be devastating. There are many methods for backing up your computer such as physical drives that you connect to, as well as cloud backups.

  1. Shop Safely

Shopping online is convenient, but it’s also an opportunity for scammers to steal your money. Prevent this by only shopping from outlets that you can verify are legitimate businesses and making sure to shop using an encrypted (https://) connection (link to https blog post).

category: Awareness

Comments Off on Safe Browsing at Home


How to Create and Keep Strong Passwords

10.07.16

A strong password is a key to secure your information and sometimes the information of others or your place of employment. Creating a secure password is vital to staying safe while online, and just as important as creating a strong password, you must maintain that password. No password will keep you secure if others can guess it or steal it.

Tips for creating a secure password:

  • Use a combination of capital letters, lower case letters, numbers, and symbols.
  • Make passwords at least 8 characters long.
  • Don’t use words that can be found in the dictionary.
  • Use different passwords for each site.
  • Don’t use your name or names associated with you such as friends, family, pets, or the name of a business.

How to keep a password safe after creating it:

  • Never write down your password.
  • Never share your password with someone else.
  • Never let anyone see you enter your passwords.
  • Always log out of your device when not using it.
  • Change your password periodically.
  • Never enter passwords on public computers or unsecured Wi-Fi.

category: Awareness

Comments Off on How to Create and Keep Strong Passwords


Learn to avoid scams

09.30.16

Technology offers many benefits for connecting with people all over the world. Unfortunately, it also offers more opportunity for criminals to scam unsuspecting victims. Scams can take many forms; some are blatant while others are more subtle, and you can protect yourself by learning to recognize popular scams (link). Regardless of the method, here are some ways to protect yourself from almost any scam.

  1. Know who you’re dealing with

Scammers will often impersonate someone with authority, such as speaking on behalf of bank or a government agency. Always check the email addresses, and if you’re unsure, call a reliable number for that agency such as one found on a bank statement.

  1. Be wary of anyone demanding money

If you get an email demanding money for any reason, such as a debt you were unaware of, and especially if the email is making threats such as legal action for not paying, it is probably a scam. If you’re unsure, do some research on the sender – a quick online search may turn up someone else may who was contacted by the same person.

  1. Don’t share your personal information

You should never give out any personal information to unsolicited sources. This includes financial information, social security numbers, passwords, and access to email and social media accounts.

  1. Delete suspicious email

Never respond to, or click on, links in suspicious emails. If anything seems strange about an email from a source you usually work with, such as a bank or close friend, contact them from a reliable number on the company’s website, instead of using a number from the email.

  1. Take time to check your paperwork

Once a month, set aside a day to review important paperwork in detail. Check bank and credit card statements, any bills or monthly payments, as well as any debt statements such as car and house loans or medical bills. If you find any irregularities in these, contact the sender immediately.

category: Awareness

Comments Off on Learn to avoid scams


Keeping your Wi-Fi secure

09.15.16

Your wifi network is your wireless portal to everything online, but what many may not know is that, if left unsecure, it can offer an access point for criminals to gain access to every computer and mobile device that is connected to that network, which means that any sensitive information stored on those devices is accessible to them. You can use these tips to help keep your network more secure.

  1. Use a Password

Creating a strong password is key to keeping your network secure. It helps protect your files and personal information from hackers. Without a password, your network will be completely open to anybody within Wi-Fi range. For help creating a secure password, go to cybersecurity.mo.gov/tools/password_gen/.

  1. Turn off remote access features

By default, your Wi-Fi router typically has features that allow you to access devices and file storage from a remote location, without being connected to the router’s signal. Unless you know how to set up and secure this type of connection, it should be kept turned off.

  1. Keep your router updated

Periodically, your router’s manufacturer will release updates to improve the security and functionality of your router. Without these updates, your router can become vulnerable to an increasing number of hackers and malicious software, so make sure your router’s software stays updated.

  1. Change your Router Settings

Most Wi-Fi routers have a default Network Name, the fact that it is default means that the name of your network is openly known to anyone. Consult your router’s manual on how to change this. In addition, you should change the admin credentials for your router, these are also typically set to known defaults and if not changed, anybody can log into your network as an administrator.

  1. Turn off your network when not in use

Your router will be in operation most of the time, streaming movies and TV, playing games, checking email, and various other activities throughout the day. Even at night, your computers and other devices are doing security and functionality updates. However, if you are going to be away from home for an extended period of time, such as on a vacation or business trip, turning off your router will make it impossible to anyone to access your network.

category: Awareness

Comments Off on Keeping your Wi-Fi secure