Securing all the GW things!
The National Cybersecurity Alliance partnered with Consumer Reports to bring you a new animated video [opens YouTube link] about how you can take control of your data! Check out "The Tale of Privacy Peyton" below, and download Consumer Reports' Permission Slip.
Do you get a little chill thinking about the dozens of login credentials you have set up throughout the wilderness of the internet? If so, don’t worry – you aren’t alone. Identity management, sometimes called identity and access management (IAM), increases in importance every year. That’s why we celebrate Identity Management Day!
Identity management, though, is not just a concern for businesses and organizations. You can help protect your data by understanding and implementing some simple identity management practices. You have the power to own and maintain your digital identity!
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level. Check the settings on old accounts and delete any apps or accounts you no longer use.
If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware. Report phishing to your organization’s IT department or your email provider.
Think before posting about yourself and others online, especially on social media. Consider what a post reveals, who might see it and how it might affect you or others. Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.
Multi-factor authentication (MFA), or as referred to in GW as 2-Step Authentication, will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device.
Use password managers to generate and remember different, complex passwords for each of your accounts. While not a perfect solution, a password manager is currently the most secure way to send passwords and other login credentials to family members or coworkers. Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites.
Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available. Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.
For more tips and advice, visit www.identitymanagementday.org/
Original blog content provided by The National Cyber Security Alliance. For the original post, click here.
For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), or visit ithelp.gwu.edu
Between all of your online accounts, whether personal or work accounts, you probably have many unique — and complex — passwords to manage. And since you know better than to write them down in a notebook, have them on sticky notes hidden under your mouse pad, or stored digitally on your desktop, what are you supposed to do?
Passwords are one of the most vulnerable cyber defenses used to protect our online accounts, as passwords are the only barrier between online accounts and cybercriminals who have a desire to access to our data and systems. Utilizing a password manager is a security best practice that cyber professionals are recommending for us.
Along with other security tips, password managers minimize the risk of mis-managing our passwords. The question that arises here, are password managers secure, and what is our responsibility here to manage the password manager?
A password manager is a software that allows users to generate passwords, store and manage accounts’ information including user names and passwords all in one location. Password managers offer other features such as complex password suggestions, identifying weak or repeated passwords used, and alerting its users from entering their credentials to suspicious websites. To create a password manager account, you need to set a password that is often referred to as the “master” password.
Password managers are available in different formats:
Password managers will offer users the security level they are looking for to their accounts’ credentials and information if they follow best practices to secure their password manager account. Whether you use, or planning to get, an online, or an offline password manager, you need to follow the following practices:
Remember, if password managers are managed appropriately, they will offer you the level of security you are looking for to your online accounts’ passwords.
This blogpost is offered to you by the GW Information Security and Risk Services team.
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Cybersecurity has become one of the most significant hot topics inside and outside technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is an evidently constant news cycle dedicated to cybersecurity mishaps and concerns. With this continuous stream of bad news, it can be challenging for you to know how to keep secure in the face of cybersecurity and threat actors.
Everyday users have a huge role in cybersecurity threat prevention, detection, and remediation. According to a Wall Street Journal article, many hacks are successful by convincing someone inside or close to the target company to divulge network access credentials or other critical information. Therefore, GW’s first line of defense in helping to combat cyber-related issues is you.
Here are 4 essential best practices that you can adopt today to enhance your cybersecurity and create a more secure cyberspace for you and GW.
Phishing is when a threat actor poses as a legitimate party such as a bank, delivery service or other organization in an attempt to get individuals to click harmful links. Phishing remains one of the most popular tactics used today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. While phishing has gotten more sophisticated, the phishing signs remain the same. Look for typos, poor graphics, and other suspicious characteristics (incorrect logo or email address) as these can be red flags indicating that the content is a phish. In addition, if you think you have spotted a phishing attempt while logged into the GW network, report the incident to GW IT immediately. To report an incident please contact the GW Information Technology Support Center at 202-994-GWIT (4948) or email abuse@gwu.edu .
Password cracking is another tactic that cybercriminals use to access sensitive personal information. To guard against password cracking, having unique, long and complex passwords is one of the best ways to boost your cybersecurity immediately. It is highly recommended not to repeat passwords across your accounts because once a hacker cracks one account, they can easily do the same across all of your accounts.
Passwords can be tough to remember. That’s why it’s smart to use a password manager to help you secure your various passwords in one place. Password managers are easy to use and can automatically plug-in your stored password when you visit a site. Along with other security tips, password managers minimize the risk of mis-managing account passwords.
Mobile hotspots and public Wi-Fi networks are typically not password-protected, so it’s easier for threat actors to gain unauthorized access to devices. Students, faculty, and staff should take full advantage of the university Wi-Fi networks when on campus. They are password-protected and only allow internet access across the university premises, operating as a secure online bubble for every user to work in peace.
Whenever you're logged into your devices (computer, laptop, phone, etc.), you’re also open to potential unauthorized access by hackers and other threat actors. The easiest way to prevent unauthorized access to your device is to lock it whenever you leave it unattended. All you have to do to get back on your device is enter the correct password, and you can pick up where you left off. If you wouldn't leave your house with the front door wide open, you should not leave your devices unlocked, especially when they are unattended.
This blogpost is offered to you by the GW Information Security and Risk Services team. For more information on GW IT Security, please visit our security website: https://it.gwu.edu/gw-information-security
#SecuringGW is a shared responsibility, so if you see something, say something. Report suspicious digital activities, including phishing emails, to abuse@gwu.edu.
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit ithelp.gwu.edu.
Original blog content provided by The National Cyber Security Alliance www.stayfaeonline.org, modified and posted with permission.
Your digital identity and information are incredibly valuable to cybercriminals, whether it comes from your social media profiles, search engine history, or email accounts. If your account is compromised, cybercriminals may obtain personal information to commit identity theft, steal money, or conduct phishing attacks on others. According to the Verizon 2021 Data Breach Investigations Report, 61% of all breaches involve credentials, whether they be stolen via social engineering or hacked using brute force. In recent years, increased occurrences of identity theft and data breaches have been attributed to several factors, including a rise in the number of remote workers and the adoption of cloud technologies.
Here are a few best practices that can, if followed, reduce the opportunity for a cybercriminal to steal your identity and associated information:
Attackers often send fraudulent emails and text messages, referred to as phishing, to trick individuals into providing information such as usernames and passwords or downloading malware. If you receive an enticing offer via email or text, don't click without thinking. Go directly to the company's website to verify its legitimacy. If you're not sure who an email is from—even if the details appear correct—or if the email looks to be "phishy," do not respond and do not click on any links or open any files in the email as it may contain malware.
Report suspicious emails or ask GW Information Security questions you may have by emailing abuse@gwu.edu.
Cybercriminals can use publicly available personal information for various purposes, such as impersonating a user and guessing usernames and passwords. Think before posting about yourself and others online. Take into account what a post reveals, who could view it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your personal information you share.
Never use the same password for your social media accounts, financial institutions, work accounts, or any other site that collects personally identifiable information (PII). Best practices for password hygiene include choosing long passwords, selecting a unique password for each account, resisting the temptation to select passwords that are simple to remember or guess, and never emailing or sharing passwords with others.
Two-Step Authentication (2SA) is a security measure that requires users to go over two steps to verify their digital identity (something you know and something you own). With 2SA, a user is granted access to their account after entering the correct username and password credentials (Something you know) and completing the second authentication process using an authenticator app, SMS text, or phone call to authenticate a piece of information (Something you own).
For GW accounts, 2SA is enabled on GW Box, Google Apps (GW email, calendar, Drive), GWeb, and various other applications. Visit our website at https://it.gwu.edu/two-step-authentication and learn more.
Remembering passphrases and complex password combinations can be difficult for people to do. Password managers are encrypted digital tools that store passwords and online credentials in a centralized location secured by a single, strong master password. Additionally, password managers can also be used for generating unique passwords for each of your accounts. GW utilizes LastPass for managing passwords within certain departments and units.
Some of the blog content is provided by https://staysafeonline.org/identity-management-day/identity-management-tips-advice/, modified to align with the University’s mission and common terminologies.
Visit the GW Information Security site at it.gwu.edu/gw-information-security
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit GW IT site at it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at go.gwu.edu/GWiz
GW Box is the university's enterprise file sharing service for online cloud storage and collaboration. GW also uses Gmail for email service, as such, the community has access to Google Drive as a cloud storage solution as well. Sharing and collaborating is essential to every work and study environment in the 21st century. Whether it’s for class projects or work projects, cloud storage and sharing solutions have changed and simplified how we do things. But, there are practices we should implement and guidelines we should follow in order to use the cloud responsibly. Below are the recommended Best Practices by GW IT and GW Information Security.
Social media trends are not only fun, but they also include a hint of FOMO if we don’t participate. The same can be said for the newest viral trend of “how hard did aging hit me” challenge, also know as the “10 year challenge.” There have been speculations on the origin and purpose of this trend across the internet, even in the information security Twitter community.
Kate O’Neill’s tweet is a perfect example of a growing distrust the public has of social media and the internet in general after the introduction of many AI technologies, whether they be related to ad content or predictive text.
This affects the GW community at every level; students, staff members, and faculty members alike partake in social media sharing. There is nothing that confirms that O’Neill’s tweet has truth to it. However, our goal is to highlight the need of users to be smart and to be safe online. Always be vigilant of what you post and how much detail you give out, especially when it comes to location sharing. Criminals are becoming increasingly more knowledgable about how to use technology to their advantage, as are large corporations like Facebook where we live our daily lives. The younger the clientele, the more common it is for them to live their life in the digital world. Be #securityaware.
Skeptics can agree that this trend and some others can be seen as data mining or data harvesting parading as a harmless social game. Realistically speaking, information security professionals know that technology has become so mobile that it goes where we go. So, our message to you is be mobile, but be mindful. Stay mindful of what you share and how much you share. It may sound like an older generation reprimanding you, but it is true, everything you do does not have to be a social media post.
Let us know in the comments below if you make it a habit to consider what details you post on social media or if you have generally seen it as harmless fun.
#bemobile #bemindful #securityaware
GW is committed to digital accessibility. If you experience a barrier that affects your ability to access content on this page, let us know via the Accessibility Feedback Form.