The CISO’s Perspective / Special Edition
For this edition of the CISO’s Perspective, Ed Jalinske, UW-Madison Office of Cybersecurity Training and Awareness Lead, offers useful tips for good Cyber Citizens. We all live within our networks and systems at UW-Madison so we all share some of the burden for implementing sound security practices and maintaining appropriate levels of cybersecurity hygiene. You are part of the fabric that makes information flow freely and with the proper levels of security. We can enjoy a level of comfort that data that is available and can be trusted to drive the research we perform here. We need the assurance that information is available for teaching and learning. And, your personal information is protected if you are aware of the issues Ed writes about. Enjoy the read! —Robert Turner, UW-Madison CISO
Cyber criminals are constantly devising new and creative ways to scam you and compromise your personal and professional data. The CSO Cybersecurity Business Report estimates that worldwide cybercrime damage will hit $6 trillion annually by 2021.
Here are some steps you can take to protect yourself and become a better cybercitizen:
Keep security software current
Having the latest security software, web browser, and operating system are good defenses against viruses, malware, and other online threats
Automate software updates
Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
Protect all devices that connect to the internet
Computers are not the only point of entry for cyber criminals and online threats. Smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
Plug and scan
USBs and other external devices can be infected by viruses and malware. Use your security software to scan them when you plug them in.
Use a password manager
Password managers allow you to store all of your account credentials in one place. The only credentials you need to remember (not write down and hide) are your master username and password for your password manager. I recommend KeePass or LastPass. KeePass is open source and available for free. LastPass has a free option available for download.
Make passwords long and strong
Combine capital and lowercase letters with numbers and special characters to create a more secure password. I recommend a password with a minimum length of 12 characters. If you are creating a password and would like to see how strong it is, then please check out HowSecureIsMyPassword.net. You can enter a password in this website and it will show you how many years it would take a computer to crack your password.
Unique account, unique password
Separate passwords for every account helps to thwart cybercriminals.
Learn to spot phishing scams
If you receive an email from a sender you don’t recognize, then please look both ways before clicking. Online scammers will often use fake emails to steal information or money from you. Here’s how to spot a phishing scam:
- Check the sender’s email address. If the email domain does not match up with whom the email purports to come from, then it’s probably a scam.
- Use a search engine to look up the sender. Always verify that the sender is an actual person and legitimate.
- DO NOT CLICK on any links embedded in a suspicious email. Hover your cursor over the link. The URL will pop up and this will help you determine if the link is legitimate.
- Where applicable, run a search on the company or organization the sender purports to work for. Scammers will sometimes use fake company or organization names that sound legitimate. Running a simple Google search will help you determine if the organization exists.
- Watch for a sense of urgency, call to action, or monetary incentive in the message. These are common social engineering techniques that scammers will use to make the recipient act IMMEDIATELY.
- Watch for spelling and/or grammatical errors. Phishing scams will often contain one or both.
- Configure your email client to block automatic image downloads. Scammers will sometimes set executable code to run in the background of an image embedded in an email. This can cause damage to your data.
Following these simple steps will help protect your online information. If you would like to learn more about how to stay safe and secure online, then I recommend StopThinkConnect.org.