Skip to content

Tag: cybersecurity

Published on

Information Sharing Through GW Box

GW IT Risk and Assurance provides information and resources through workshops and webinars as well as posts to our blog site.  Below the team highlights resources added to our newly created GW Box awareness repository.  Unfortunately, content hosted on GW Box is only accessible by those with GW Box access.  We hope to add more content sharing options for the wider community soon.

The following items were posted this week:

Cybersecurity Awareness - Quick Guides, Presentations, Documents and Resources (Shared Folder - Requires GW Box Account) 

    • Every effort is made to share content aligned with copyright holders' intended use of the content as handouts and guides for distribution.  Please let us know if we have something incorrectly posted by email infosec@gwu.edu.

Look for update announcements for these other focus areas coming soon!

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

 

 

Published on

Securing Home Networks – Overview and Supporting Materials

GW IT Risk and Assurance provides various information and resources through workshops and webinars as well as posts to our blog site.  The team has compiled an overview of home network configuration focus areas and recommended changes.  This summary aligns to the Cybersecurity@Home Cyber Talk presentation.  Additional information is available on our in-depth Cybersecurity@Home page

Increasing Scope and Complexity of Home Networks

Image depicting expansion of home networks from computer devices to internet of things devices
Increased Scope of Home Network Vulnerabilities

Internet Connectivity Creates Potential Global Access to Home Networks through Gateways or Routers

  • Home network front door to the globe
  • Threat – devices are targeted directly; potentially providing attackers access to in-home devices, data, network activity

Wireless Services Expose Home Network Outdoors

  • Most home networks have WiFi services enabled
  • Threat – attackers and even pranksters can attack your network wirelessly from near your home

Securing Gateways / Routers

https://www.tomsguide.com/us/home-router-security,news-19245.html
Tom's Guide - Router Security
  • Change administrative credentials from default username and password
  • Set strong connection password (different from admin)
    • Enable WPA2  encryption or ideally WPA3 standard, if available, avoid WEP.
  • Change network name, or SSID, default names provide attackers information
    • Don’t use identifying information (names, street or apartment numbers)
  • Investigate / Set Parental Controls – applied to all or select devices
  • Configure Guest Network
    • Separate guest access from primary home network; could be used for some smart-home or IoT devices
  • Use 5GHz band  Wi-Fi not 2.4GHz band (all devices must support 5GHz)
    • 5GHz band signal travels less distance than the 2.4GHz band
  • Disable Wi-Fi Protected Setup, if possible
    • this capability can expedite initial setup, disable when not connecting devices.
  • Disable remote administration of firewall and router devices if not required.

Internet of Things (IoT) Safeguards for Home Network Security

Excerpted - 20 Expert-Approved Tips for In-Home IoT Security Forbes online 2024

Selecting IoT Solutions

  • Research Known Vulnerabilities – Google Before Purchasing
  • Learn Device [Security] Capabilities During [Before Purchase and] Setup
  • Buy Encrypted, Secure Versions Of Devices
  • Review Security Standards Prior To Purchase
  • Question Overly Complex or Intrusive Devices

Securing IoT Solutions

  • Change Default Passwords and Enable Multifactor Authentication
  • Establish Separate Passwords and Networks
  • Review And Limit Data and Service Access
  • Disable Features You Don’t Use – Does everything need connectivity?

Maintaining Secure IoT Solutions

  • Monitor Network Traffic
  • Ensure Awareness Of All Home Connected Devices
  • Update Firmware Regularly
  • Use a personal VPN on connected computers – consider a VPN for Home Network

Securing Home Networks – Parental Controls

There have been parental controls for television content for many years.  Similar in context to television parental controls, both devices and your home network have settings for parental controls.  This post addresses resources available from service providers and vendors.

DMV Internet Service Providers (ISPs) – Parental Control Resources

Internet Service Providers (ISPs) are core to internet connectivity and network security at home.  The following information focuses on Parental Control solutions available from the primary internet service providers in the DC, Maryland, and Virginia area.  The following resources are specific to implementing Parental Controls on ISP provided gateways (also known as routers).   

Note – some ISPs provide additional software to subscribers. For example, Cox provides a Cox Security Suite that offers additional controls.  ISPs may also provide device security software such as antivirus or antimalware.

More information available on the CyberSecurity@Home page and through our Webinar offerings.

unofficial GW hippo mascot holding a lockThis content is presented by the GW IT Cybersecurity Risk and Assurance team. #SecuringGW is a shared responsibility, if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu.

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

 

 

Published on

For GW Data Privacy Month a series of webinars, focused on privacy and information security best practices are being collaboratively presented by GW Information Security, GW Data Governance and the GW Privacy Office.  These sessions support the university’s commitment to protecting the privacy and security of institutional data and our community members personal information.

Additional Information available on the Risk and Assurance Blog Events Calendar.

Direct Actions to Secure Our Data

Account compromises impact individuals, families, organizations, and employers.  Your actions will assist in securing our data.  The following tips from the National Cybersecurity Alliance can assist you in keeping your personal information and GW data safe. 

The Core 4

As with most things in life, an ounce of cybersecurity prevention is worth a pound of cure. Follow our "Core 4" to show hackers you mean business.

1. Passwords / Password Managers

Use long, complex, and unique passwords. Every password should be at least 12 characters long and include letters, numbers, and symbols (like % or $). Ideally, your passwords should be random strings of characters, not recognizable words. Very importantly, each account should be protected by its own unique password. To create and store all these passwords, use a password manager!

2. Multi Factor Authentication

Switch on multi-factor authentication. Multi-factor authentication (MFA), sometimes called 2-factor authentication, adds a whole other level of security beyond your password. MFA will use biometrics, security keys, text messages, or an app to make sure you are you, even if a hacker gets access to your password. Enable MFA for any account that allows it!

3. Recognize and Report Phishing

Think before you click. Learn how to identity phishing messages, which will often try to inspire panic or urgency. Take a few seconds to read through the message and who sent it. With a little knowledge, you can spot most phishing attempts within moments.

4. Automatic Updates

Turn on automatic updates. The best way to get the latest, strongest security is to install software updates as soon as they are available - and the best way to know when they are available is to turn on automatic updates! Set it, forget it, and you won't regret it!

Source: National Cybersecurity Alliance https://staysafeonline.org/online-safety-privacy-basics/hacked-accounts

unofficial GW hippo mascot holding a lockThis post is presented by the GW IT Cybersecurity Risk and Assurance team.

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

 

Published on

Cybersecurity is a shared responsibility for everyone. You can help #secureoutworld through direct action. Account compromises impacts individuals, families, organizations, and employers. The following tips can assist you in keeping your information and GW data safe.

The Core 4

As with most things in life, an ounce of cybersecurity prevention is worth a pound of cure. Follow our "Core 4" to show hackers you mean business.

1. Passwords / Password Managers

Use long, complex, and unique passwords. Every password should be at least 12 characters long and include letters, numbers, and symbols (like % or $). Ideally, your passwords should be random strings of characters, not recognizable words. Very importantly, each account should be protected by its own unique password. To create and store all these passwords, use a password manager!

2. Multi Factor Authentication

Switch on multi-factor authentication. Multi-factor authentication (MFA), sometimes called 2-factor authentication, adds a whole other level of security beyond your password. MFA will use biometrics, security keys, text messages, or an app to make sure you are you, even if a hacker gets access to your password. Enable MFA for any account that allows it!

3. Recognize and Report Phishing

Think before you click. Learn how to identity phishing messages, which will often try to inspire panic or urgency. Take a few seconds to read through the message and who sent it. With a little knowledge, you can spot most phishing attempts within moments.

4. Automatic Updates

Turn on automatic updates. The best way to get the latest, strongest security is to install software updates as soon as they are available - and the best way to know when they are available is to turn on automatic updates! Set it, forget it, and you won't regret it!

Checkout the Events Calendar for details on webinars related to the Core 4 and other cybersecurity topics.

Source: National Cybersecurity Alliance https://staysafeonline.org/online-safety-privacy-basics/hacked-accounts

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse[@]gwu.edu. 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp[@]gwu.edu, or visit ithelp.gwu.edu

Published on

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

The good news is we can avoid the phish hook and keep our accounts secure with these tips!

Stay Safe with Three Simple Tips

1. Recognize

Look for these common signs:

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
  • Requests to send personal and financial information
  • Untrusted shortened URLs
  • Incorrect email addresses or links, like amazan.com

A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.

2. Resist

If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

3. Delete

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

If a message looks suspicious, it's probably phishing. 

However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly:

  • Visit a verified website for the company and use this contact information. To find verified websites, search for the site in your web browser or type the address yourself if you’re sure you know it.
  • Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.

GW faculty, students, and staff can forward suspected phishing emails to abuse[@]gwu.edu.  This account is monitored by the GW IT Security team.  They investigate phishing reports to ensure that others at GW do not have the phishing message in their inbox.

Additional Tips available on the Secure-Our-World-Phishing-Tip-Sheet  as well as in the following video published by CISA.

Recognize and Report Phishing (Audio Description)

Posting content obtained from https://www.cisa.gov/secure-our-world/recognize-and-report-phishing

Published on
Before spilling your digital secrets to ChatGPT or other AI tools, remember it's more sieve than vault!  The amount of stolen ChatGPT accounts is just unbelievable. Why? Because criminals know people copy/paste sensitive data into ChatGPT conversations. Here are a few tips to keep you safe when using any AI tools:
  1. Beware of fake AI apps and browser extensions that may be malware or phishing scams
  2. Never enter sensitive information or PII while using AI tools
  3. Treat AI tools like a knowledgeable but overconfident friend, and use them cautiously
Want even more tips on how to stay safe using AI? Continue reading or watch this 1-minute video: (material by Wizer-training.com)
  • Never enter sensitive information of personally identifiable information (PII) while using AI tools.
  • Remove mentions of GW, faculty, staff and student names from content put in AI tools.
  • Ensure that AI-generated information is validated through other sources prior to using.
  • Understand potential bias in AI-generated content.
  • Thoroughly review AI-generated code before using.
  • Treat AI tools like a knowledgeable but overconfident friend and use them cautiously.

    • Content provided by wizer-training.com

Published on

The National Cybersecurity Alliance partnered with Consumer Reports to bring you a new animated video [opens YouTube link] about how you can take control of your data! Check out "The Tale of Privacy Peyton" below, and download Consumer Reports' Permission Slip.

Image of for Tale of Privacy Peyton Video

Published on

Do you get a little chill thinking about the dozens of login credentials you have set up throughout the wilderness of the internet? If so, don’t worry – you aren’t alone. Identity management, sometimes called identity and access management (IAM), increases in importance every year. That’s why we celebrate Identity Management Day!   

Identity management, though, is not just a concern for businesses and organizations. You can help protect your data by understanding and implementing some simple identity management practices. You have the power to own and maintain your digital identity!  

CONFIGURE YOUR SECURITY SETTINGS  

Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.  

DON’T TAKE THE BAIT  

If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.  

SHARE WITH CARE  

Think before posting about yourself and others online, especially on social media. Consider what a post reveals, who might see it and how it might affect you or others. Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.  

SHIELD YOUR PASSWORD WITH MFA   

Multi-factor authentication (MFA), or as referred to in GW as 2-Step Authentication, will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.  

USE A PASSWORD MANAGER  

Use password managers to generate and remember different, complex passwords for each of your accounts. While not a perfect solution, a password manager is currently the most secure way to send passwords and other login credentials to family members or coworkers. Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites.  

TURN ON AUTOMATIC UPDATES  

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available. Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.  

For more tips and advice, visit www.identitymanagementday.org/  

Original blog content provided by The National Cyber Security Alliance. For the original post, click here. 

For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), or visit ithelp.gwu.edu 

Published on

Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage.  And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do? 

Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.  

Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager? 

What is a Password Manager?

A password manager is a software that allows users to generate passwords, store and manage accounts’ information including user names and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users from entering their credentials to suspicious websites. To create a password manager account, you need to set a password that is often referred to as the “master” password. 

Password managers are available in different formats: 

  • An online service hosted by a third party and accessed through a website portal. This type is useful if you need access to the password manager from multiple devices. 
  • Software installed locally on a workstation that can operate either completely offline or connected to the internet to synchronize your information to a cloud database and get software updates.  

Are Password Managers Secure? 

Password managers will offer users the security level they are looking for to their accounts’ credentials and information if they follow best practices to secure their password manager account.  Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices: 

  • Do your research and get a trusted password manager software that has a high reputation in the industry. 
  • Use a strong master password for your password manager account and never forget it. Some password manager vendors would never retrieve your account if you can’t remember your master password. 
  • Enable two-factor-authentication (2FA) to your password manager account for an extra layer of security.  
  • Keep your password manager software along with web browsers you use up-to-date. 
  • Audit the list of devices that are approved to access your password manager. 
  • For work-related accounts, always use password managers that are approved by your organization. Follow your organization’s policies, standards and procedures when processing, storing or sharing work-related data. 

Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords. 

This blogpost is offered to you by the GW Information Security and Risk Services team. 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu

Published on

Cloud computing is a leading edge technology that delivers high-demand computing services entirely over the internet. Operationally, cloud computing stores, manages and processes data effortlessly rather than relying on a local server or personal computer systems. Cloud computing gave birth to the term, “cloud storage.” 

Cloud storage stores digital data online using a cloud service provider’s computing infrastructure. Some well-known cloud services include Box, Google Drive, Apple iCloud, Dropbox, Microsoft OneDrive, and Amazon Web Services. With many of us working hybrid schedules, cloud storage has been central to assisting students, faculty and staff work more connectively while being physically away from the university. For example, at GW, secure, encrypted cloud-based solutions such as Box and Google Drive are two of the cloud services provided to the university community for easy collaboration and data storage. 

The following are some key benefits of cloud storage: 

  • Adequate security, which requires authentication and password.
  • Your files are secure, and you are less likely to lose data due to device failure.
  • Facilitates collaborative team projects as you can easily share files and folders.
  • Easy access to lesson plans and notes to share across several devices.
  • An excellent way to back up your computer without copying your data to a hard disk or flash drive. 

While cloud storage offers good security measures to keep your data safe and secure, you need to do your part to guarantee that no one gains unauthorized access to your data. Following are some recommended practices to help you secure your data: 

Use Permissions: When a folder or file is shared, it's usually in the form of a link or permission using the recipient's email address. Consider setting different access levels for senior staff members or on a need-to-know basis. Permission-based access can make it harder for a hacker to get through each layer of permissions. 

Manage File and Folder Sharing: Protect stored data by limiting shared access to the files or folders associated with that link to specific users. When utilizing Box or Google Drive, it is usually best to only share files or folders with George Washington University members unless there is a business justification to share outside of the university. 

Examine Files and Folders: Review the shared folders and files regularly, and disable shared access when it's no longer required.

For more information on Storage, backup or document management, please visit our GW IT website: https://it.gwu.edu/backup-storage-document-management    

This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security 

#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu 

IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.   

Viewing Message: 1 of 1.
 Notice

This site uses cookies to offer you a better browsing experience. Visit GW’s Website Privacy Notice to learn more about how GW uses cookies.