Skip to content

Category: security hygiene

Published on

Do you get a little chill thinking about the dozens of login credentials you have set up throughout the wilderness of the internet? If so, don’t worry – you aren’t alone. Identity management, sometimes called identity and access management (IAM), increases in importance every year. That’s why we celebrate Identity Management Day!   

Identity management, though, is not just a concern for businesses and organizations. You can help protect your data by understanding and implementing some simple identity management practices. You have the power to own and maintain your digital identity!  

CONFIGURE YOUR SECURITY SETTINGS  

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.  

DON’T TAKE THE BAIT  

If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.  

SHARE WITH CARE  

Think before posting about yourself and others online, especially on social media. Consider what a post reveals, who might see it and how it might affect you or others. Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.  

SHIELD YOUR PASSWORD WITH MFA   

Multi-factor authentication (MFA), or as referred to in GW as 2-Step Authentication, will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.  

USE A PASSWORD MANAGER  

Use password managers to generate and remember different, complex passwords for each of your accounts. While not a perfect solution, a password manager is currently the most secure way to send passwords and other login credentials to family members or coworkers. Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites.  

TURN ON AUTOMATIC UPDATES  

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available. Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.  

For more tips and advice, visit www.identitymanagementday.org/  

Original blog content provided by The National Cyber Security Alliance. For the original post, click here. 

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), or visit ithelp.gwu.edu 

Published on

Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage.  And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do? 

Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.  

Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager? 

What is a Password Manager?

A password manager is a software that allows users to generate passwords, store and manage accounts’ information including user names and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users from entering their credentials to suspicious websites. To create a password manager account, you need to set a password that is often referred to as the “master” password. 

Password managers are available in different formats: 

  • An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices. 
  • Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.  

Are Password Managers Secure? 

Password managers will offer users the security level they are looking for to their accounts’ credentials and information if they follow best practices to secure their password manager account.  Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices: 

  • Do your research and get a trusted password manager software that has a high reputation in the industry. 
  • Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password. 
  • Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.  
  • Keep your password manager software along with web browsers you use up-to-date. 
  • Audit the list of devices that are approved to access your password manager. 
  • For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data. 

Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords. 

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Cybersecurity has become one of the most significant hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is an evidently constant news cycle dedicated to cybersecurity mishaps and concerns. With this continuous stream of bad news, it can be challenging for you to know how to keep secure in the face of cybersecurity and threat actors. 

Everyday users have a huge role in cybersecurity threat prevention, detection, and remediation. According to a Wall Street Journal article, many hacks are successful by convincing someone inside or close to the target company to divulge network access credentials or other critical information. Therefore, GW’s first line of defense in helping to combat cyber-related issues is you. 

Here are 4 essential best practices that you can adopt today to enhance your cybersecurity and create a more secure cyberspace for you and GW.  

Watch out for Phishing Attempts

Phishing is when a threat actor poses as a legitimate party such as a bank, delivery service or other organization in an attempt to get individuals to click harmful links. Phishing remains one of the most popular tactics used  today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. While phishing has gotten more sophisticated, the phishing signs remain the same. Look for typos, poor graphics, and other suspicious characteristics (incorrect logo or email address) as these can be red flags indicating that the content is a phish. In addition, if you think you have spotted a phishing attempt while logged into the GW network, report the incident to GW IT immediately. To report an incident please contact the GW Information Technology Support Center at 202-994-GWIT (4948) or email abuse@gwu.edu

Update your Password

Password cracking is another tactic that cybercriminals use to access sensitive personal information.  To guard against password cracking, having unique, long and complex passwords is one of the best ways to boost your cybersecurity immediately.  It is highly recommended not to repeat passwords across your accounts because once a hacker cracks one account, they can easily do the same across all of your accounts. 

Passwords can be tough to remember. That’s why it’s smart to use a password manager to help you secure your various passwords in one place. Password managers are easy to use and can automatically plug-in your stored password when you visit a site. Along with other security tips, password managers minimize the risk of mis-managing account passwords.

Take Advantage of Secure Wi-Fi 

Mobile hotspots and public Wi-Fi networks are typically not password-protected,  so it’s easier for threat actors  to gain unauthorized access to devices. Students, faculty, and staff should take full advantage of the university Wi-Fi networks when on campus. They are password-protected and only allow internet access across the university premises, operating as a secure online bubble for every user to work in peace.  

Lock your Device

Whenever you're logged into your devices (computer, laptop, phone, etc.),  you’re also open to potential unauthorized access by hackers and other threat actors.  The easiest way to prevent unauthorized access to your device is to lock it whenever you leave it unattended. All you have to do to get back on your device is enter the correct password, and you can pick up where you left off. If you wouldn't leave your house with the front door wide open, you should not leave your devices unlocked, especially when they are unattended.  

This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security  

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.  

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission. 

Published on

Your digital identity and information are incredibly valuable to cybercriminals, whether it comes from your social media profiles, search engine history, or email accounts. If your account is compromised, cybercriminals may obtain personal information to commit identity theft, steal money, or conduct phishing attacks on others. According to the Verizon 2021 Data Breach Investigations Report, 61% of all breaches involve credentials, whether they be stolen via social engineering or hacked using brute force. In recent years, increased occurrences of identity theft and data breaches have been attributed to several factors, including a rise in the number of remote workers and the adoption of cloud technologies. 

Here are a few best practices that can, if followed, reduce the opportunity for a cybercriminal to steal your identity and associated information: 

Think Before You Click

Attackers often send fraudulent emails and text messages, referred to as phishing, to trick individuals into providing information such as usernames and passwords or downloading malware. If you receive an enticing offer via email or text, don't click without thinking. Go directly to the company's website to verify its legitimacy. If you're not sure who an email is from—even if the details appear correct—or if the email looks to be "phishy," do not respond and do not click on any links or open any files in the email as it may contain malware.

Report suspicious emails or ask GW Information Security questions you may have by emailing abuse@gwu.edu.

Share With Care

Cybercriminals can use publicly available personal information for various purposes, such as impersonating a user and guessing usernames and passwords. Think before posting about yourself and others online. Take into account what a post reveals, who could view it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your personal information you share. 

Practice Good Password Hygiene

Never use the same password for your social media accounts, financial institutions, work accounts, or any other site that collects personally identifiable information (PII). Best practices for password hygiene include choosing long passwords, selecting a unique password for each account, resisting the temptation to select passwords that are simple to remember or guess, and never emailing or sharing passwords with others.

Use Two-Step Authentication (2SA)

Two-Step Authentication (2SA) is a security measure that requires users to go over two steps to verify their digital identity (something you know and something you own). With 2SA, a user is granted access to their account after entering the correct username and password credentials (Something you know) and completing the second authentication process using an authenticator app, SMS text, or phone call to authenticate a piece of information (Something you own). 

For GW accounts, 2SA is enabled on  GW Box, Google Apps (GW email, calendar, Drive), GWeb, and various other applications. Visit our website at  https://it.gwu.edu/two-step-authentication and learn more.

Download a Password Manager

Remembering passphrases and complex password combinations can be difficult for people to do. Password managers are encrypted digital tools that store passwords and online credentials in a centralized location secured by a single, strong master password. Additionally, password managers can also be used for generating unique passwords for each of your accounts. GW utilizes LastPass for managing passwords within certain departments and units. 

Some of the blog content is provided by https://staysafeonline.org/identity-management-day/identity-management-tips-advice/, modified to align with the University’s mission and common terminologies.

Visit the GW Information Security site at it.gwu.edu/gw-information-security

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit GW IT site at it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at go.gwu.edu/GWiz

Published on

The George Washington University (GW) offers Information Technology Resources (IT Resources) to facilitate virtual learning and teleworking. Complying with the University guidelines is essential to performing academic and work-related activities securely while preserving the confidentiality, integrity, and availability of the University information. 

Higher education institutions are facing increased cyber threats, from cyberattacks such as phishing and ransomware to hijacking video conferencing sessions. Higher education institutions are a prime target for cyber attackers that are seeking to acquire and steal university information, such as research, personally identifiable information (PII), or to disrupt operations for financial or political gains. As a GW community member, it is essential to safeguard GW’s digital environment by understanding modern cyber threats and taking a role in minimizing risks associated with the unintentional misuse of the University IT Resources. This includes reporting events and incidents that could put university information and IT Resources at risk of exposure, theft, or misuse.  

This advisory guide is intended to support the GW community when using university-approved video conferencing software and related collaboration tools. Recommendations are included to reduce the likelihood of unintentional exposure of university and personal information beyond intended recipients. 

Recommendations for GW End-Users: 

  1. Only Use “Approved Platforms” to host events, and meetings.
    • Do not host school business via unapproved tools. Use only tools that have been provided or approved by GW. 
    • Carefully review meeting invitations. Think before you click and be wary of links sent by unfamiliar addresses 
  2. Secure your meeting for attendees.
    • Only make meetings “public” when necessary for the planned audience. 
    • Have a plan to terminate a meeting if needed.
    • Require a meeting password and use features such as a waiting room to secure private meetings.  
    • Provide a link to the meeting directly to your students and share passwords in a separate email.  
  3. Secure University Information.
    • Manage screensharing, recording, and file sharing options prior and during your hosted meeting. 
    • Protect non-public information, especially when screensharing and displaying GW information. 
    • Follow GW IT's guidelines for web conferencing storage.
    • Report suspicious activities or unusual events you notice during a meeting. 
  4. Secure Yourself and our GW Community.
    • Don’t unintentionally reveal information. Check your visual and audio surroundings to safeguard your personal information. 
    • Check and update your home network. Change default settings and use complex passwords for your Wi-Fi network. 
    • Always use GW VPN when accessing GW non-public information and IT Resources.  

Please visit the individual collaboration web pages for specific platform best practices.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at http://go.gwu.edu/GWiz.  

Some of the blog content is provided by The Cybersecurity and Infrastructure Security, modified to align with the University’s mission and common terminologies. 

Published on

Written by Patrick Hansen

Grinch Taking Money Image


Keeping an eye out for scams is a year-round job for anyone who uses the internet. But for scammers, the holiday season is the time to strike, while everyone is distracted by time off, gifts, and plans with family. From fake websites, gift cards, to even fake charities, it is important to stay on guard during the last part of the year.

Holiday Phishing

(If you need a refresher on phishing read this piece.)

Criminals love the amount of shopping and shipping that goes on during the last quarter of the year. They pretend to be Amazon, UPS, FedEx, Apple, and almost every other household brand name there is. A lot of phishing attacks come by email, declaring a problem with your order, shipping, payment, etc. In the past few years, SMS phishing has also shot up with intent just as malicious. Always remember, the real companies you interact with, won’t email or text you asking for personal information, and DON’T CLICK LINKS. If you are ever unsure about an email or text, look up the number for customer support and call.

Gift Cards

A gift card is a very sought after item for criminals because of the anonymous nature of purchases once it is gifted. Once it’s gone, it’s gone, and you won’t be able to get it back. Online, criminals will always try to get you to pay for a gift card and send them the information. Another thing to look out for is gift cards that have been tampered with. When buying a gift card from the store, make sure that the credit card number on the gift card is still covered. Criminals have ways to monitor when the card with that specific serial number is loaded with money so they can try to spend it before you can.

Fake This, Fake That

Online shopping can be extremely convenient, but there are things to watch out for. Some scammers will put up websites and buy domains that look very similar to real brand websites in appearance and URL. Always try to verify the website you are on in some way. If you are ever paying for something online, the “s” in “https” is a must. Sadly criminals will also set up fake charities designed to pull at your heartstrings. A quick Google search of the charity should provide enough information and others to verify it is real.

The holiday season is prime time for cyber thieves to attempt scams and steal your money and information. Always remember to double-check the random Amazon email, the random UPS text, gift cards, and everything else that is common for this time of year. Never give out your information and if there is any doubt, just contact the company itself. It is important to be aware of these attacks and be on guard year-round, but especially around the holidays, so you can enjoy them with cheer.

Published on

Devices such as cell phones, laptops, tablets are increasingly relied on whether from home, campus, and workplaces. The interconnectivity of those devices, especially from home locations, was heightened during the pandemic lockdown. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to increase by a staggering 70% by 2025. With the rise in virtual work and learning, it’s critical that you remain vigilant in practicing smart cyber hygiene while online. Here are some useful tips:        

Smart Devices need Smart Security 

Make cybersecurity a priority when purchasing a new cell phone, laptop, or tablet device. When setting up your new device, be sure to set your privacy and security settings, bearing in mind that you can limit with whom you are sharing information. Once your device is set up, remember to keep tabs on securing the information and where it is stored. Make sure that you manage location services actively to avoid unwittingly exposing your location. 

Put Cybersecurity First  

Make cybersecurity a priority when you're connected and online. Some precautions with all of your online accounts include performing regular software updates, downloading and installing software from trusted sources, using Two Factor Authentication (like we have at GW), and avoid being phished by ensuring that you know senders of an email before opening attachments. 

Make passwords and passphrases long and strong 

Generic and easy-to-remember passwords are easy to hack. Create secure and strong passwords, and be sure to combine capital and lowercase letters with numbers and symbols.  At a minimum, change your passwords every 6-months. If you need help remembering and storing your passwords, use a trusted password manager.   

Avoid connecting to public Wifi 

As smaller and more capable devices enable us to be mobile, we are all tempted to change scenery and change our physical location like a coffee shop or another type of public space. When you are away from trusted networks (your home or GWireless, for example), be wary of free, no password required, and even corporate hotspots. These connections may be fraudulent and easily accessible by bad actors.  

Use caution with publicly shared computers  

Avoid using publicly shared computers as often as possible. If you do use these, be careful and thoughtful in the information you share while online. If you are using your own devices, use known network hotspots, consider using your cellular connection (phone tethering), and avoid performing sensitive activities like accessing banking online. 

Turn off WiFi and Bluetooth when unneeded  

The uncomfortable truth is, when your WiFi and Bluetooth are on, they usually are set up to broadcast availability/presence and effectively invite other devices to connect.  While not always practical, to stay as safe as possible, switch them off if you do not need them. It’s a simple step that can help alleviate tracking concerns and incidents. You can also secure your WiFi and Bluetooth connections through your device settings. 

Staying safe online is an active 24/7 process that requires constant oversight 365 days a year. These helpful steps are how we in GW IT do our part to help you in doing your part to remain cyber smart. 

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.  

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at http://go.gwu.edu/GWiz

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission. 

Published on

Cyberattacks are becoming more sophisticated, with more evolved bad actors cropping up each day. This year has already seen more than a fair share of attacks and breaches. Some high-profile attacks include SolarWinds, Kaseya breaches, as well as attacks on the Colonial Pipeline and other critical infrastructure. At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. Luckily, there are several steps that we can take daily to mitigate risks and stay one step ahead of malefactors. Here are a few quick tips: 

Use strong passphrases/password manager 

Everyone has many passwords to keep track of, including personal, work, and school accounts. A great solution to managing all of these accounts and complex passphrases and passwords is a password manager. Using long, complex, and unique passphrases/passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is by using a password manager. There are several password managers, including those built into modern web browsers. Choose a password manager that you will use and look for solutions that have been reviewed and where customer feedback is positive. Several resources are available for reviewing password managers including: 

Perform software updates 

When a device prompts you that it’s time for a software update, it may be tempting to simply click postpone and ignore the message. However, having the latest security software, web browser, and operating system on your devices is one of the best defenses against online threats. So, don’t wait - update. 

Do your research 

Common sense is a crucial part of maintaining good online hygiene.  One intuitive step you can take to stay safe online is to research before downloading anything new to your device, such as apps. Before downloading any new application to your device, make sure that it is valid by checking who created the app, what the user reviews say, and if there are any articles published online about the app's privacy and security features. 

Email attachments are also one of the most popular ways for malware to infect your device. If you don't know who sent you an email, do not open the attachments. It could be malicious even if it appears to be an Excel file, a PDF, a picture, or something else. 

Check your settings 

Solid cyber security implementation is becoming increasingly essential for privacy protection. Be diligent in double-checking your privacy and security settings and knowing who can access your documents. Web applications such as Chrome and Safari have built-in settings to improve your browsing experience and safeguard your information while on the internet. Some of these settings include privacy and cookies settings. 

This extends from Google docs to Zoom calls and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend. Be sure to restrict who can share their screen or files with the rest of the attendees.  

Several resources are available for checking your settings: 

--- 

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.  

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GW IT knowledge base.

---  

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission. 

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.