Securing all the GW things!
The National Cybersecurity Alliance partnered with Consumer Reports to bring you a new animated video [opens YouTube link] about how you can take control of your data! Check out "The Tale of Privacy Peyton" below, and download Consumer Reports' Permission Slip.
Do you get a little chill thinking about the dozens of login credentials you have set up throughout the wilderness of the internet? If so, don’t worry – you aren’t alone. Identity management, sometimes called identity and access management (IAM), increases in importance every year. That’s why we celebrate Identity Management Day!
Identity management, though, is not just a concern for businesses and organizations. You can help protect your data by understanding and implementing some simple identity management practices. You have the power to own and maintain your digital identity!
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.
If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.
Think before posting about yourself and others online, especially on social media. Consider what a post reveals, who might see it and how it might affect you or others. Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.
Multi-factor authentication (MFA), or as referred to in GW as 2-Step Authentication, will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
Use password managers to generate and remember different, complex passwords for each of your accounts. While not a perfect solution, a password manager is currently the most secure way to send passwords and other login credentials to family members or coworkers. Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites.
Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available. Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.
For more tips and advice, visit www.identitymanagementday.org/
Original blog content provided by The National Cyber Security Alliance. For the original post, click here.
For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), or visit ithelp.gwu.edu
Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage. And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do?
Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.
Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager?
A password manager is a software that allows users to generate passwords, store and manage accounts’ information including user names and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users from entering their credentials to suspicious websites. To create a password manager account, you need to set a password that is often referred to as the “master” password.
Password managers are available in different formats:
Password managers will offer users the security level they are looking for to their accounts’ credentials and information if they follow best practices to secure their password manager account. Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices:
Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords.
This blogpost is offered to you by the GW Information Security and Risk Services team.
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Cloud computing is a leading edge technology that delivers high-demand computing services entirely over the internet. Operationally, cloud computing stores, manages and processes data effortlessly rather than relying on a local server or personal computer systems. Cloud computing gave birth to the term, “cloud storage.”
Cloud storage stores digital data online using a cloud service provider’s computing infrastructure. Some well-known cloud services include Box, Google Drive, Apple iCloud, Dropbox, Microsoft OneDrive, and Amazon Web Services. With many of us working hybrid schedules, cloud storage has been central to assisting students, faculty and staff work more connectively while being physically away from the university. For example, at GW, secure, encrypted cloud-based solutions such as Box and Google Drive are two of the cloud services provided to the university community for easy collaboration and data storage.
The following are some key benefits of cloud storage:
While cloud storage offers good security measures to keep your data safe and secure, you need to do your part to guarantee that no one gains unauthorized access to your data. Following are some recommended practices to help you secure your data:
Use Permissions: When a folder or file is shared, it's usually in the form of a link or permission using the recipient's email address. Consider setting different access levels for senior staff members or on a need-to-know basis. Permission-based access can make it harder for a hacker to get through each layer of permissions.
Manage File and Folder Sharing: Protect stored data by limiting shared access to the files or folders associated with that link to specific users. When utilizing Box or Google Drive, it is usually best to only share files or folders with George Washington University members unless there is a business justification to share outside of the university.
Examine Files and Folders: Review the shared folders and files regularly, and disable shared access when it's no longer required.
For more information on Storage, backup or document management, please visit our GW IT website: https://it.gwu.edu/backup-storage-document-management
This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Cybersecurity has become one of the most significant hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is an evidently constant news cycle dedicated to cybersecurity mishaps and concerns. With this continuous stream of bad news, it can be challenging for you to know how to keep secure in the face of cybersecurity and threat actors.
Everyday users have a huge role in cybersecurity threat prevention, detection, and remediation. According to a Wall Street Journal article, many hacks are successful by convincing someone inside or close to the target company to divulge network access credentials or other critical information. Therefore, GW’s first line of defense in helping to combat cyber-related issues is you.
Here are 4 essential best practices that you can adopt today to enhance your cybersecurity and create a more secure cyberspace for you and GW.
Phishing is when a threat actor poses as a legitimate party such as a bank, delivery service or other organization in an attempt to get individuals to click harmful links. Phishing remains one of the most popular tactics used today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. While phishing has gotten more sophisticated, the phishing signs remain the same. Look for typos, poor graphics, and other suspicious characteristics (incorrect logo or email address) as these can be red flags indicating that the content is a phish. In addition, if you think you have spotted a phishing attempt while logged into the GW network, report the incident to GW IT immediately. To report an incident please contact the GW Information Technology Support Center at 202-994-GWIT (4948) or email abuse@gwu.edu .
Password cracking is another tactic that cybercriminals use to access sensitive personal information. To guard against password cracking, having unique, long and complex passwords is one of the best ways to boost your cybersecurity immediately. It is highly recommended not to repeat passwords across your accounts because once a hacker cracks one account, they can easily do the same across all of your accounts.
Passwords can be tough to remember. That’s why it’s smart to use a password manager to help you secure your various passwords in one place. Password managers are easy to use and can automatically plug-in your stored password when you visit a site. Along with other security tips, password managers minimize the risk of mis-managing account passwords.
Mobile hotspots and public Wi-Fi networks are typically not password-protected, so it’s easier for threat actors to gain unauthorized access to devices. Students, faculty, and staff should take full advantage of the university Wi-Fi networks when on campus. They are password-protected and only allow internet access across the university premises, operating as a secure online bubble for every user to work in peace.
Whenever you're logged into your devices (computer, laptop, phone, etc.), you’re also open to potential unauthorized access by hackers and other threat actors. The easiest way to prevent unauthorized access to your device is to lock it whenever you leave it unattended. All you have to do to get back on your device is enter the correct password, and you can pick up where you left off. If you wouldn't leave your house with the front door wide open, you should not leave your devices unlocked, especially when they are unattended.
This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.
The George Washington University (GW) offers Information Technology Resources (IT Resources) to facilitate virtual learning and teleworking. Complying with the University guidelines is essential to performing academic and work-related activities securely while preserving the confidentiality, integrity, and availability of the University information.
Higher education institutions are facing increased cyber threats, from cyberattacks such as phishing and ransomware to hijacking video conferencing sessions. Higher education institutions are a prime target for cyber attackers that are seeking to acquire and steal university information, such as research, personally identifiable information (PII), or to disrupt operations for financial or political gains. As a GW community member, it is essential to safeguard GW’s digital environment by understanding modern cyber threats and taking a role in minimizing risks associated with the unintentional misuse of the University IT Resources. This includes reporting events and incidents that could put university information and IT Resources at risk of exposure, theft, or misuse.
This advisory guide is intended to support the GW community when using university-approved video conferencing software and related collaboration tools. Recommendations are included to reduce the likelihood of unintentional exposure of university and personal information beyond intended recipients.
Please visit the individual collaboration web pages for specific platform best practices.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at http://go.gwu.edu/GWiz.
Some of the blog content is provided by The Cybersecurity and Infrastructure Security, modified to align with the University’s mission and common terminologies.
Devices such as cell phones, laptops, tablets are increasingly relied on whether from home, campus, and workplaces. The interconnectivity of those devices, especially from home locations, was heightened during the pandemic lockdown. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to increase by a staggering 70% by 2025. With the rise in virtual work and learning, it’s critical that you remain vigilant in practicing smart cyber hygiene while online. Here are some useful tips:
Smart Devices need Smart Security
Make cybersecurity a priority when purchasing a new cell phone, laptop, or tablet device. When setting up your new device, be sure to set your privacy and security settings, bearing in mind that you can limit with whom you are sharing information. Once your device is set up, remember to keep tabs on securing the information and where it is stored. Make sure that you manage location services actively to avoid unwittingly exposing your location.
Put Cybersecurity First
Make cybersecurity a priority when you're connected and online. Some precautions with all of your online accounts include performing regular software updates, downloading and installing software from trusted sources, using Two Factor Authentication (like we have at GW), and avoid being phished by ensuring that you know senders of an email before opening attachments.
Make passwords and passphrases long and strong
Generic and easy-to-remember passwords are easy to hack. Create secure and strong passwords, and be sure to combine capital and lowercase letters with numbers and symbols. At a minimum, change your passwords every 6-months. If you need help remembering and storing your passwords, use a trusted password manager.
Avoid connecting to public Wifi
As smaller and more capable devices enable us to be mobile, we are all tempted to change scenery and change our physical location like a coffee shop or another type of public space. When you are away from trusted networks (your home or GWireless, for example), be wary of free, no password required, and even corporate hotspots. These connections may be fraudulent and easily accessible by bad actors.
Use caution with publicly shared computers
Avoid using publicly shared computers as often as possible. If you do use these, be careful and thoughtful in the information you share while online. If you are using your own devices, use known network hotspots, consider using your cellular connection (phone tethering), and avoid performing sensitive activities like accessing banking online.
Turn off WiFi and Bluetooth when unneeded
The uncomfortable truth is, when your WiFi and Bluetooth are on, they usually are set up to broadcast availability/presence and effectively invite other devices to connect. While not always practical, to stay as safe as possible, switch them off if you do not need them. It’s a simple step that can help alleviate tracking concerns and incidents. You can also secure your WiFi and Bluetooth connections through your device settings.
Staying safe online is an active 24/7 process that requires constant oversight 365 days a year. These helpful steps are how we in GW IT do our part to help you in doing your part to remain cyber smart.
For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at http://go.gwu.edu/GWiz.
Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.
Cybersecurity is one of the hottest employment sectors today. With increasing laws and regulations around online activity, privacy, and cyber attacks, both business and education sectors are adding to their cybersecurity positions. Additionally, many undergraduate, graduate, and law schools now offer degree programs in cybersecurity. Are you interested in joining this exciting new workforce? Here are a few reasons why a career in cybersecurity might be right for you.
Hot Job Market
To say that the cybersecurity jobs market is hot would be a huge understatement. According to the U.S. Bureau of Labor Statistics, the job market for information security analysts will grow by 32 percent by 2028, making it one of the fastest-growing job sectors. According to a Cybersecurity Ventures study, there will be 3.5 million unfilled cybersecurity positions in 2021. This implies that cybersecurity experts are among the most in-demand worldwide and will continue to be so for many years to come.
Infinite Room for Personal and Professional Growth
Beyond just the ability to get a cybersecurity job, thanks to an ever-growing set of career tracks, cybersecurity offers various options for professionals to find a position that fits nicely with their own interests. Cybersecurity professionals work in everything from compliance to stress testing cyber defenses and software, so there are virtually limitless ways to apply their skills and look to grow them.
Investment in advanced cybersecurity pays for itself
Due to the shortage of cybersecurity talent in the workforce, businesses and educational institutions are constantly rolling out new avenues to make cybersecurity careers more affordable. For example, new grants and scholarships are now becoming available each day for individuals interested in cybersecurity careers, while many businesses are beginning to offer tuition reimbursement or other financial perks. This means that a degree in cybersecurity may be much more affordable than you initially thought. GW offers several academic degree programs on cybersecurity, including:
Master’s Degree Programs
Juris Doctor Programs
Graduate Growth
In addition to the interesting “on the groundwork” that cybersecurity professionals get to take on every day, there is also a growing selection of highly tailored cybersecurity graduate programs that can further academic knowledge in cybersecurity as well. For example, graduate degrees ranging from Applied Cryptography to Network Vulnerability and Detection are now being offered nationwide colleges and universities. Additionally, as part of this deep-dive, cybersecurity professionals will also get the opportunity to network with other students from various backgrounds allowing them to open up further opportunities for future positions or businesses. GW also houses research centers on cybersecurity and provides certificate programs in the following areas:
CyberCorps Scholarship Program
GW’s CyberCorps scholarship program facilitates efforts to identify and encourage bright students who are graduating to expand their horizons beyond community college to GW or beyond an undergraduate degree to a graduate degree related to cybersecurity and information assurance at GW.
For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or https://it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at https://go.gwu.edu/GWiz.
Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.
GW is committed to digital accessibility. If you experience a barrier that affects your ability to access content on this page, let us know via the Accessibility Feedback Form.