Cyber Hygiene: Safety Basics

Malicious Email

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business. It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

• Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.
• Search for the company online – but not with information provided in the email.

Spam

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

• Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
• Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
• Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 
  

  ---

Phishing

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Tips for Avoiding Being a Victim

• Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Before sending or entering sensitive information online, check the security of the website.
• Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Check out the Anti-Phishing Working Group (APWG) to learn about known phishing attacks and/or report phishing.
• Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.

What to Do if You Are a Victim

• Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
• Watch for any unauthorized charges to your account.
• Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.

Use Unique Passwords

Password reuse for multiple accounts is one of the most commons ways accounts are hijacked. When passwords are reused, having your credentials stolen for one account means hackers can gain access to other accounts that use the same login details.

• Set strong passwords A strong password is at least 15 characters long. Think about three random nouns (for example, “Outlet keys clock”) and sprinkle in the required punctuation and upper lower case characters (for example, “outletKeysclock84” is easier to remember than this “Ir0ckleeTsp34k3r” ).
• Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
• Manage passwords to keep them safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords. ITS recommends LastPass.
• Contact ITS Support Services if you suspect that your Colby password has been compromised for any reason at [email protected] or ext. 4222.
  • to change your password go to https://www.colby.edu/info.tech/services/setpw/

Other Ways to Secure an Account

Typing a username and password to access a website isn’t the only way to identify yourself on the web services you use.

• Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as two-factor, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.

Many email services, including Gmail, offer strong authentication on an opt-in basis. Ask Colby’s ITS Support Center [email protected] or ext. 4222 to be enrolled in two-factor today.

Why is updated software important?

How do you keep software up to date?

Here are some common software update methods.

• Apple iOS – You can update your iPhone, iPad, or iPod touch to the latest version of iOS wirelessly. If you can’t see the update on your device, you can update manually using iTunes. Find out more from Apple here.
• Android Apps – For Android users, the Google Play store reviews apps before they get published to help protect you and your device from potentially harmful apps. Even after you’ve downloaded an app from Google Play, or if you download an app from another source, the Verify Apps feature will regularly scan your apps to make sure everything looks safe. To get access to the latest features and improve app security and stability, you can follow these instructions to update your Android Apps either individually, or automatically.
• Google Chrome – Google Chrome automatically updates when a new version of the browser is available on your device to make sure you’re protected by the latest security updates. These updates normally happen in the background when you close and reopen your computer’s browser. But if you haven’t closed your browser in a while, you might see a pending update. Learn more here.
• Microsoft – How to configure and use Automatic Updates in Windows Windows 10 The great news is that you don’t have to do anything to get the latest updates, as they’ll automatically download and install when they’re available. (Unless you’re on a metered connection, then updates won’t download until you get them.) Find out about Windows 10 updates here. Windows XP, 7, 8, 8,1 Use the latest version of Automatic Updates feature. Find out more from Microsoft here.

• Be organized—keep track of where your data are, both on your computer and in physical form (thumb drive, paper copy, etc.)
• Verify access permissions for the folders in which you store files with sensitive information to make sure other accounts on your computer cannot access those files – ITS Support Center can assist: [email protected] or ext. 4222
• Backup all important data
  • College-owned computer owners, ensure that central backups are being made and contact ITS if you have problems or questions contact the ITS Support Center at [email protected] or ext. 4222.
• Securely delete sensitive documents
  • Use secure file deletion that overwrites the file, making it impossible to recover the contents.

Your devices make it easy to connect to the world around you, but they can also pack a lot of info about you and your friends and family, such as your contacts, photos, videos, location and health and financial data. Follow these tips to manage your privacy in an always-on world.

• Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps.
• Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Disable WiFi and Bluetooth when not in use.
• Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your mobile device while you are connected. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services on these networks. Consider using the Colby  a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection when sending sensitive data or connecting to campus servers over untrusted network connections, such as:
  • Wireless networks (including the ‘Colby Wireless’ open network)
  • Off-campus networks (home DSL/cable networks, hotels, airports, other offices)