Prioritizing Cybersecurity in a Hybrid Workplace

fatmeOctober 29, 2021March 29, 2023

Devices such as cell phones, laptops, tablets are increasingly relied on whether from home, campus, and workplaces. The interconnectivity of those devices, especially from home locations, was heightened during the pandemic lockdown. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to increase by a staggering 70% by 2025. With the rise in virtual work and learning, it’s critical that you remain vigilant in practicing smart cyber hygiene while online. Here are some useful tips:      

Smart Devices need Smart Security

Make cybersecurity a priority when purchasing a new cell phone, laptop, or tablet device. When setting up your new device, be sure to set your privacy and security settings, bearing in mind that you can limit with whom you are sharing information. Once your device is set up, remember to keep tabs on securing the information and where it is stored. Make sure that you manage location services actively to avoid unwittingly exposing your location.

Put Cybersecurity First

Make cybersecurity a priority when you're connected and online. Some precautions with all of your online accounts include performing regular software updates, downloading and installing software from trusted sources, using Two Factor Authentication (like we have at GW), and avoid being phished by ensuring that you know senders of an email before opening attachments.

Make passwords and passphrases long and strong

Generic and easy-to-remember passwords are easy to hack. Create secure and strong passwords, and be sure to combine capital and lowercase letters with numbers and symbols. At a minimum, change your passwords every 6-months. If you need help remembering and storing your passwords, use a trusted password manager.

Avoid connecting to public Wifi

As smaller and more capable devices enable us to be mobile, we are all tempted to change scenery and change our physical location like a coffee shop or another type of public space. When you are away from trusted networks (your home or GWireless, for example), be wary of free, no password required, and even corporate hotspots. These connections may be fraudulent and easily accessible by bad actors.

Use caution with publicly shared computers

Avoid using publicly shared computers as often as possible. If you do use these, be careful and thoughtful in the information you share while online. If you are using your own devices, use known network hotspots, consider using your cellular connection (phone tethering), and avoid performing sensitive activities like accessing banking online.

Turn off WiFi and Bluetooth when unneeded

The uncomfortable truth is, when your WiFi and Bluetooth are on, they usually are set up to broadcast availability/presence and effectively invite other devices to connect. While not always practical, to stay as safe as possible, switch them off if you do not need them. It’s a simple step that can help alleviate tracking concerns and incidents. You can also secure your WiFi and Bluetooth connections through your device settings.

Staying safe online is an active 24/7 process that requires constant oversight 365 days a year. These helpful steps are how we in GW IT do our part to help you in doing your part to remain cyber smart.

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at http://go.gwu.edu/GWiz.

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.

Why You Should Consider a Cyber Career

fatmeOctober 22, 2021March 29, 2023

Cybersecurity is one of the hottest employment sectors today. With increasing laws and regulations around online activity, privacy, and cyber attacks, both business and education sectors are adding to their cybersecurity positions. Additionally, many undergraduate, graduate, and law schools now offer degree programs in cybersecurity. Are you interested in joining this exciting new workforce? Here are a few reasons why a career in cybersecurity might be right for you.

Hot Job Market
To say that the cybersecurity jobs market is hot would be a huge understatement. According to the U.S. Bureau of Labor Statistics, the job market for information security analysts will grow by 32 percent by 2028, making it one of the fastest-growing job sectors. According to a Cybersecurity Ventures study, there will be 3.5 million unfilled cybersecurity positions in 2021. This implies that cybersecurity experts are among the most in-demand worldwide and will continue to be so for many years to come.

Infinite Room for Personal and Professional Growth
Beyond just the ability to get a cybersecurity job, thanks to an ever-growing set of career tracks, cybersecurity offers various options for professionals to find a position that fits nicely with their own interests. Cybersecurity professionals work in everything from compliance to stress testing cyber defenses and software, so there are virtually limitless ways to apply their skills and look to grow them.

Investment in advanced cybersecurity pays for itself
Due to the shortage of cybersecurity talent in the workforce, businesses and educational institutions are constantly rolling out new avenues to make cybersecurity careers more affordable. For example, new grants and scholarships are now becoming available each day for individuals interested in cybersecurity careers, while many businesses are beginning to offer tuition reimbursement or other financial perks. This means that a degree in cybersecurity may be much more affordable than you initially thought. GW offers several academic degree programs on cybersecurity, including:

Master’s Degree Programs

Juris Doctor Programs

Juris Doctor with areas of study in National Security and U.S. Foreign Relations Law and National Security and Cybersecurity Law

Graduate Growth
In addition to the interesting “on the groundwork” that cybersecurity professionals get to take on every day, there is also a growing selection of highly tailored cybersecurity graduate programs that can further academic knowledge in cybersecurity as well. For example, graduate degrees ranging from Applied Cryptography to Network Vulnerability and Detection are now being offered nationwide colleges and universities. Additionally, as part of this deep-dive, cybersecurity professionals will also get the opportunity to network with other students from various backgrounds allowing them to open up further opportunities for future positions or businesses. GW also houses research centers on cybersecurity and provides certificate programs in the following areas:

CyberCorps Scholarship Program
GW’s CyberCorps scholarship program facilitates efforts to identify and encourage bright students who are graduating to expand their horizons beyond community college to GW or beyond an undergraduate degree to a graduate degree related to cybersecurity and information assurance at GW.

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu or https://it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at https://go.gwu.edu/GWiz.

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.

Three Fundamentals for Shoring Up Phishing Defenses

fatmeOctober 15, 2021October 15, 2021

Phishing -- one of the oldest pain points in cybersecurity. Also known as pre-texting, phishing continues to wreak havoc quietly and is as significant a threat as ever.

Despite often being overlooked, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.

With that in mind, here are a few quick best practices and tips to help you recognize and deal with phishing threats.

Know the Red Flags: Emails

Phishers are masters of making their content and interactions appealing. From content design, layout to language, it can be difficult to discern whether the content is genuine or a potential threat, which is why it is so important to know the red flags.

Awkward and unusual formatting
Overly explicit call-outs to click a hyperlink or open an attachment
Strange requests concerning an account, system, or application changes with no prior awareness
Requests for personally identifiable information or your login and password
Subject lines that create a sense of urgency

These are all hallmarks that the content you received could potentially be a phishing attempt and indicate that it should be handled with caution. Most organizations will communicate multiple times and well in advance of any application transitions, and they will provide websites and other supporting materials and contact information for more details.

All suspicious emails can be sent to GW IT Security at abuse@gwu.edu, and questions about the content or requests in an email can be verified with the GW IT Support Center at 202-994-4948.

Verify the Source

Phishing can occur in a variety of ways. In addition to email, phishers ply their craft through phone calls, text messages, sometimes regular mail. Often, phishers will try to impersonate someone you may already know -- such as a colleague, service provider, relative, or friend to trick you into believing their message is trustworthy.

Don’t fall for it. If you sense that something about an email, phone call, or text message may be out of place or unusual, try to confirm whether the content is authentic and safe. If not, immediately break off communication and flag the incident through the proper channels (at GW, this is forwarding the message to abuse@gwu.edu).

Vishing and Other Phishing Offshoots

Greater awareness about phishing has spawned more diverse phishing efforts beyond traditional email. For example, voice phishing -- or vishing -- has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization -- such as a healthcare provider or insurer -- and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information, whether via email, phone, or chat, especially if the communication is unexpected. If anything seems suspicious, hang up or end the communication immediately.

If you think you may have been a victim of a phishing attack at GW, contact the IT Support Center by phone at 202-994-4948. IT Support Center staff can assist in locking your accounts and guiding you through a password reset, if needed. If you feel you might have been phished on a personal account, contact your provider immediately through a verified number and request that your accounts be reset/locked because your access may be compromised.

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit our website at https://it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at https://go.gwu.edu/GWiz.

Original blog content provided by The National Cyber Security Alliance, modified and posted with permission.

Get Familiar with the Cyber Basics

fatmeSeptember 27, 2021March 29, 2023

Cyberattacks are becoming more sophisticated, with more evolved bad actors cropping up each day. This year has already seen more than a fair share of attacks and breaches. Some high-profile attacks include SolarWinds, Kaseya breaches, as well as attacks on the Colonial Pipeline and other critical infrastructure. At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. Luckily, there are several steps that we can take daily to mitigate risks and stay one step ahead of malefactors. Here are a few quick tips:

Use strong passphrases/password manager

Everyone has many passwords to keep track of, including personal, work, and school accounts. A great solution to managing all of these accounts and complex passphrases and passwords is a password manager. Using long, complex, and unique passphrases/passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is by using a password manager. There are several password managers, including those built into modern web browsers. Choose a password manager that you will use and look for solutions that have been reviewed and where customer feedback is positive. Several resources are available for reviewing password managers including:

CNET - Best password manager to use for 2021
Techradar - Best password manager of 2021
CyberNews - Best password managers in 2021

Perform software updates

When a device prompts you that it’s time for a software update, it may be tempting to simply click postpone and ignore the message. However, having the latest security software, web browser, and operating system on your devices is one of the best defenses against online threats. So, don’t wait - update.

Do your research

Common sense is a crucial part of maintaining good online hygiene. One intuitive step you can take to stay safe online is to research before downloading anything new to your device, such as apps. Before downloading any new application to your device, make sure that it is valid by checking who created the app, what the user reviews say, and if there are any articles published online about the app's privacy and security features.

Email attachments are also one of the most popular ways for malware to infect your device. If you don't know who sent you an email, do not open the attachments. It could be malicious even if it appears to be an Excel file, a PDF, a picture, or something else.

Check your settings

Solid cyber security implementation is becoming increasingly essential for privacy protection. Be diligent in double-checking your privacy and security settings and knowing who can access your documents. Web applications such as Chrome and Safari have built-in settings to improve your browsing experience and safeguard your information while on the internet. Some of these settings include privacy and cookies settings.

This extends from Google docs to Zoom calls and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend. Be sure to restrict who can share their screen or files with the rest of the attendees.

Several resources are available for checking your settings:

Google Chrome - Choose your privacy settings
Safari - Change Privacy preferences on Mac
FireFox - Protect Your Privacy

---

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GW IT knowledge base.

---

Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.

Beware New Email Scam Targeting the GW Community

kramerd2May 5, 2020May 23, 2022

GW Information Technology (GW IT) is investigating reports of scam emails regarding GW benefits information with a link to a fake GWeb (Banweb) site that instructs recipients to login using their GWID and PIN. Logins to the fake site may allow hackers to harvest user credentials. Impacted users have been notified.

As a cautionary measure, GW Information Security recommends that recipients who may have logged into the fake site should change their PIN and verify all the information on their profile, especially bank accounts for direct deposit, addresses, and security questions are correct.

To change your PIN, follow these steps:

Log into the GWeb Information System using the appropriate button on the GWeb page.
Once you are logged into the main GWeb menu page, click on the Personal Information Menu tab at the top of the page and select Change PIN.
You will be prompted to enter your old PIN number and then enter and re-enter your new PIN.

GW IT continues to take proactive measures to keep our campus community safe. GW students, faculty and staff should ignore such requests for information and report any suspicious electronic communication to abuse@gwu.edu.

Protect your information!

Always be wary of messages requesting account verification, confirmation or upgrade, payment or personal information such as your passwords, GWID, Social Security number or credit card information.

Universities are frequently targeted by malicious actors who will attempt to acquire personal information about you and other members of the university community through email and over the phone. Please be aware that these attempts often seem legitimate.

Ask questions, trust your instincts, and if things seem off, don’t be afraid to take a message and follow-up later. Attackers will frequently use a sense of urgency to prompt the victim into making a risky decision.

Questions? Concerns? Please contact GW Information Technology at 202-994-GWIT (4948), ithelp@gwu.edu or IT.GWU.EDU.

Zoom Vulnerability

kramerd2April 2, 2020May 23, 2022

Reports have surfaced of a vulnerability within the chat function of Zoom for Windows that may permit unauthorized access to online classes and video conferences, which may allow hackers to send a malicious link through Zoom chat.

The malicious link looks slightly different from a URL, but is similar enough to cause confusion for users. When the link is clicked, the user’s credentials (UserID and password) may be leaked online. Leaked passwords can be easily cracked with widely available tools. In addition, hackers could gain access to the user's computer, execute unwanted software, send malicious messages, etc.

While there have been no known impacts to GW accounts, please follow these recommendations for video meetings and online instruction:

Use Webex instead of Zoom. Webex is GW’s supported secure video meeting collaboration tool, and is available to all students, faculty and staff. Visit the telecommuting page to learn more.
For online instruction, use Blackboard, GW’s online learning platform. Blackboard allows faculty to share materials with students, as well as facilitate synchronous (Blackboard Collaborate) and asynchronous communications (including discussion boards and integrations with VoiceThread and Echo360). Visit the tools for instructional continuity page to learn more.
Use meeting passwords for all meetings, verify all participants, and lock entry. To learn how to host secure Webex meetings and lock entry, visit Webex Secure Meetings.
Do not share or click on any links from unknown users.
Avoid links that start with a double back slash (e.g. \\ for example, \\com).

Remember to protect your information!

GW Information Technology (GW IT) continues to take proactive measures to keep our campus community safe. Please be aware that phishing attempts often seem legitimate. It is important for faculty, staff, and students to be extremely vigilant and take steps to secure logins, passwords, and data.

GW’s Office of Ethics, Compliance and Privacy has developed guidance on best practices for data protection when telecommuting, as well as data protection while using virtual meeting, event and collaboration platforms. Visit COVID-19 data protection guidance to learn more.

Remember to report any suspicious electronic communication or request to abuse@gwu.edu.

Questions? Concerns? Please contact GW Information Technology at 202-994-GWIT (4948), ithelp@gwu.edu or IT.GWU.EDU.

Holiday Season, Not Identity Theft Season

waseemzDecember 9, 2019March 20, 2020

15 Tips for Online Safe Shopping

Written by Kim Porter for NortonLifeLock

Online shopping is easy to love. What’s more fun than finding what you need and—after a few clicks and a short wait—having it show up at your door

Except when it doesn’t. In 2016, the FBI’s Internet Crime Complaint Center received nearly 300,000 online-theft complaints, and victims lost a total of $1.3 billion. It’s safe to say fake companies and identity thieves can turn the joy of buying into a hassle.

What to do? Don’t click that buy button until you check out these tips to help you do safe online shopping.

Shop where you trust

Shopping IRL (in real life) offers this advantage: You’ll usually know the business and the inventory exist. But on the web, some businesses are fabricated by people who just want your credit card information and other personal details. Consider doing online business only with retailers you trust and have shopped with before.

Size up the business

Break out your detective skills when you want to buy something from a new merchant. Does the company interact with a social media following? What do its customer reviews say? Does it have a history of scam reports or complaints at the Better Business Bureau? Take it one step further by contacting the business. If there’s no email address, phone number or address for a brick-and-mortar location, that could be a red flag that it’s a fake company.

Beware rock-bottom prices

If a website offers something that looks too good to be true—like rock-bottom prices or an endless supply of free smartphones—then it probably is. Use similar websites to compare prices and pictures of the merchandise. Perpetually low prices could be a red flag that the business doesn’t have those items in stock. The website may exist only to get your personal information.

Avoid public Wi-Fi

Wi-Fi networks use public airwaves. With a little tech know-how and the freely available Wi-Fi password at your favorite coffee shop, someone can intercept what you’re looking at on the web. That can include emails, browsing history or passwords. Shopping online usually means giving out information that an identity thief would love to grab, including your name and credit card information. Bottom line: It’s never a good idea to shop online or log in to any website while you’re connected to public Wi-Fi.

Use a VPN

If you must shop online on public Wi-Fi, use a VPN (virtual private network). A VPN creates an encrypted connection between your computer and the VPN server. Think of it as a tunnel your Internet traffic goes through while you browse the web. Hackers lurking nearby can’t intercept it, even if they have the password for the Wi-Fi network you’re using. A VPN means you’ll likely have a safe way to shop online while you’re on public Wi-Fi.

Use a strong password

If someone has the password to your account, they can log in, change the shipping address, and order things while you get stuck with the bill. Help keep your account safe by locking it with a strong password. Here are some tips on how:

Use a complex set of lowercase and uppercase numbers, letters, and symbols.
Avoid words that come from a dictionary.
Don’t use personal information that others can find or guess, such as birthdates, your kids’ names or your favorite color.
And don’t use the same password—however strong—on multiple accounts. A data breach at one company could give criminals access to your other, shared-password accounts.

Check out the webpage security

You’ve probably seen that small lock icon in the corner of your URL field. That lock signals you that the web page you’re on has privacy protection installed. It’s called a “secure sockets layer.” Plus, the URL will start with “https,” for “hyper text transfer protocol secure.” These websites mask and transfer data you share, typically on pages that ask for passwords or financial info. If you don’t see that lock or the “s” after “http,” then the webpage isn’t secure. Because there is no privacy protection attached to these pages, we suggest you exercise caution before providing your credit card information over these sites.

Watch out for email scams

Sometimes something in your email in-box can stir your consumer cravings. For instance, it might be tempting to open an email that promises a “special offer.” But that offer could be special in a bad way. Clicking on emails from unknown senders and unrecognizable sellers could infect your computer with viruses and malware. It’s better to play it safe. Delete them, don’t click on any links, and don’t open any attachments from individuals or businesses you are unfamiliar with.

Don’t give out more information than you need to

Here’s a rule of thumb: No shopping website will ever need your Social Security number. If you’re asked for very personal details, call the customer service line and ask whether you can supply some other identifying information. Or just walk away.

Pay with a credit card

When using a credit card, you’ll usually get the best liability protection—online and offline. Here’s why.

If someone racks up unauthorized charges on your credit card, federal regulations say you won’t have to pay while the card company investigates. Most major credit cards offer $0 liability for fraudulent purchases.

Meanwhile, your liability for unauthorized charges on your debit card is capped at $50, if you report it within two business days. But if someone uses your account and you don't report the theft, after 60 days you may not be reimbursed at all.

Try a virtual credit card

Some banks offer nifty tools that act like an online version of your card: a virtual credit card. The issuer will randomly generate a number that’s linked to your account, and you can use it anywhere online and choose when the number expires. It might be best to generate a new number every time you buy something online, or when you shop with a new retailer. Anyone who tries to use that number will be out of luck.

Check your statements regularly

Check your statements for fraudulent charges at least once a week, or set up account alerts. When you receive a text or email about a charge, you can check the message and likely easily recall whether you made the charge.

Mind the details

After you make the purchase, keep these items in a safe place: the receipt, order confirmation number and postal tracking number. If you have a problem with the order, this information will help the merchant resolve the problem.

Take action if you don’t get your stuff

Call the merchant and provide the details noted in Tip 13. If the merchant turns out to be fake, or they’re just plain unhelpful, then your credit card provider can help you sort out the problem. Often, they can remove the charge from your statement.

Report the company

If you suspect the business is bogus, notify your credit card company about the charge and close your account. File a complaint with the U.S. Federal Trade Commission. Tip: The FTC offers an identity theft recovery plan, should you need it.

The National Cybersecurity Awareness Month Story

waseemzOctober 4, 2019March 9, 2020

National Cybersecurity Awareness Month (NCSAM) is a month that helps raise awareness and highlight the importance of cybersecurity. Cybersecurity and Information Security overlaps with almost everything we do and every technology we use. NCSAM was started in 2004 by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security (DHS). The creation of NCSAM was to help Americans be secure online. The month raises awareness for security and emphasizes both companies and individuals on how to protect themselves.

Over the years, NCSA and the DHS have put on joint events around many states for NCSAM. In the past events with panels of information security professionals have been done as well as talks and presentations. They have even done some summits around the states and webinars for all to join. This year they have panels, and presentations all around the country, including Washington, D.C. These events have had growing popularity each year and have had some high ranking and nationally recognized officials make appearances at these events.

Each year there are different themes. The themes are meant to emphasize a particular change in behavior that would help everyone be safer online. This year the theme is, “Own It, Secure It, Protect It”. The goal for this year's theme is to draw attention to careers in information security and to encourage accountability. Each week of the month will focus on a different area of the theme. The “own it” part of the theme is to have people take ownership of their data. Most people don’t realize how much private information is going out on the web. “Secure it”, is for having strong passphrases and avoiding scams and phishing. “Protect it” is being proactive with your information after it is out there. Being active in knowing where and who has your data, and how to keep it protected.

Here at GWU, we are involved with NCSAM by spreading awareness through the university and by hosting our own events. We have events like meet and greets with the Information Security team, Cybersecurity Jeopardy, webinars, and presentations throughout the month of October. If you want to attend any events or have a chance at winning some of our excellent prizes this year, check out the event calendar here, http://go.gwu.edu/ncsam2019.

Understanding and Increasing Your Security Awareness

waseemzSeptember 24, 2019March 9, 2020

95% of all successful cyberattacks start with human error according to the IBM Cybersecurity Intelligence Index. That would make it pretty important to periodically evaluate and increase your own awareness of Information Security hygiene and awareness.

Information security is one of the fastest-changing fields in the world. New technologies emerge every day that change the way people attack and defend systems and networks. While professionals in information security are required to be in a constant state of learning to keep up with the field as a whole, those without day to day dealings tend to be the primary targets and the least informed. Being aware and informed enables everyone to protect themselves. Staying informed is simple, there are a wide range of awareness organizations and individuals dedicated to reaching outside of the information security community and enabling everyday users to secure themselves, their data, and thereby their organizations.

Awareness Companies

Security awareness training should be a high priority for any organization. To facilitate effective awareness training, a number of companies focus on providing awareness training as a professional service, often using computer based training. Companies such as Habitu8, SANS, KnowBe4, and Security Ninja focus on providing awareness training packages to organizations who want to inform and educate their employees. These packages are frequently integrated into something called a learning management system (LMS). An LMS is something like Blackboard. Other free resources are also available and essential to reaching people both inside and outside the Information Security community. Free websites often feature webinars, talks, and videos. You can ask your organization or awareness training coordinator what resources are available to educate yourself. (At GW, you can email infosec@gwu.edu for more resources or to request training for your student organization or department.)

Free training resources
Reading and news: https://www.sans.org/security-resources/
Test your knowledge and learn: https://www.khanacademy.org/partner-content/nova/cybersecurity/cyber/e/cybersecurity-101-quiz

On the Web

While organized and mandatory awareness training can be effective, it isn’t the only way to reduce risk and stay up to date on cybersecurity. There are an abundance of websites, blogs, and other informational pages freely available to all. Cybersecurity is often in the news as well, it is worth noting that it comes up more and more often.

One website run by Troy Hunt, Have I Been Pwned not only allows users to check if their email has been associated with a data breach, but also stay up to date on data breaches happening around the world. Hunt’s website provides information on hundreds of breaches that may impact you or your family and can often provide the early warning you need to change your passwords before your accounts are stolen. In addition to providing a breach checking service, the site also offers a way for users to check their password against the ever growing list of compromised passwords that Hunt maintains, and if you are unsure of how to choose a secure password look no further than the same page for guidance.

Credit monitoring services like Credit Karma and Equifax also offer services the track your exposure to identity fraud or a credit data breach.

Many information security websites can be so technical that they drive less informed readers away, but don’t let that discourage you. Brian Krebs an investigative journalist runs a site called Krebs on Security where he writes about the most recent information security news. Krebs provides in depth coverage of ongoing stories that far surpass traditional news media coverage. He achieves this without alienating less technical readers with overly complicated and technical language and articles. Krebs on Security provides a good way for the average user to stay up to date on relevant topics in the information security space.

As social media has gained popularity, more and more professionals are turning towards it to keep informed and spread their message. It may come as a surprise to some that there is a large information security community on twitter, but it is one of the best places to keep up with the latest in security news. While some may think that only information security professionals should be following each other on twitter, everyone can benefit from the discussions, news, and events that are posted all over the #infosec twitter space. Users will frequently post links to free webinars, blogs, and conferences covering a wide range of topics that would help even the least technical user remain aware and informed. Big names on twitter such as Jake Williams (@MalwareJake), Brian Krebs (@briankrebs), Troy Hunt (@troyhunt), and Lesley Carhart (@hacks4pancakes) provide a constant stream of information security news, issues, and tips to benefit everyone. Organizational Twitter accounts like the National Cyber Alliance (@StaySafeOnline) and SANS Internet Storm Center (@sans_isc) also provide comprehensive and consistent updates to the cybersecurity student and professional. Don’t be afraid to use less traditional methods such as Twitter and social media to educate and protect yourself.

InfoSec Myths and Misconceptions

waseemzAugust 12, 2019March 9, 2020

People have a lot of pre-conceived notions about security teams and practices. While some misconceptions may be grounded in truth and others fairly outlandish, there is a lot going on behind the scenes that users may not see. From claims that we are all hackers wearing hoodies and doing nefarious deeds to the perception that we are here to get in your way, we will help you understand what is true, what is not, and why these perceptions might exist.

Myth #1: Security is just here to say no

Being at a university presents the unique challenge of providing the tools and technology necessary for students and faculty to research, learn, and achieve their goals. We must strike a difficult balance between the availability of those resources and the security of the university and our community. As security professionals, we do everything we can to enable safe and reliable access to the tools that the GW community needs to reach their goals. We are here to facilitate a safe IT environment in which all students, faculty, and staff can access the resources that they need, sometimes it sounds like, “no”, but what we are really requesting is modifications that reduce risk of exposure or breaches at GW.

Myth #2: Security only deals with technology

Many people believe that IT security only works on securing servers, reading logs, and other highly technical tasks. On the contrary, the security team has a wide range of responsibilities of which technology is only a part. The security team is continuously engaging with people and data in a multitude of ways. Often trying to help people protect themselves and the organization through a security awareness program or working directly with other teams to enhance security within their operations. They are constantly trying to improve way to protect the GW community’s data by updating policies, implementing best practices, and assessing security processes.

Myth #3: The security team is just a bunch of hackers

Just as many people think that the security team is nothing but hackers. This is far from the truth. Information security is a wide field with many specializations and it takes all sorts to be effective. While some members of the team might be highly technical penetration testers, their counterparts are security professionals focused on defensive security and protecting the GW network and assets from outside threats. Not to mention that members of the IT Security team range from awareness professionals working with people and outreach to analysts focused on identifying and reducing risk.

Myth #4: The security team takes care of security so I don’t have to

The security team works tirelessly to ensure that the GW community, information, and assets are as well protected as possible, but the team is not always the first line of defense. Security is your responsibility too. Our community is often the first line of defense when it comes to attacks from outside GW. Social engineering (aka tricking people and deceiving them) is a common tactic employed by attackers and encompasses phishing, piggy backing, and taking advantage of users in the workplace. All of this means that you, the user, needs to play a vital role in protecting the university, or, as we call it #SecuringGW. Protecting your own information is an essential puzzle piece to overall security of GW. Catching phishing emails and forwarding them to abuse at GW may seem like a small task, but it is small actions like this that alert the team and protect GW from large breaches. Being aware of people trying to enter buildings where they don’t belong, and maintaining a clean desk free of sensitive materials are all security measures that you can take to do your part in #SecuringGW.

Fact: GW Information Security – Your Trusted Advisor

The information security team strives to facilitate access to the resources that the GW Community needs in as secure a manner as possible. Security affects everyone; data loss, lack of availability, and compromised systems impede day to day business functions, which means it affects the day to day lives of everyone on campus. In order to help prevent this, the security team acts as a Trusted Advisor to everyone in the GW Community. Whether you want to implement a new system, service, or application, or begin a new project, involving the GW security team as Trusted Advisors from the start enables us to aid in proper project oversight and completion while maintaining and promoting the confidentiality, integrity, and availability of GW’s data, systems, and services.