At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure. Furthermore, attacks are not just on large companies, but also on higher education institutions like Berry. Multiple colleges and universities in Georgia and elsewhere have been attacked this year. Luckily, there are several steps that we can take (and have taken) to mitigate risks and stay one step ahead of the bad guys.
Here are a few:
Enable MFA
Multi-factor authentication (MFA) adds that necessary second check to verify your identity when logging in to one of your accounts. By requiring multiple methods of authentication, your account is further protected from being compromised, even if a bad actor hijacks your password. Berry has implemented MFA on all college accounts, but you should also enable it on any other accounts you have that support it.
Use strong passwords/phrases and use a password manager
This may seem obvious, but all too often securing strong passphrases or passwords using password managers is overlooked. People spending more time online during the pandemic has certainly contributed to more bad actors prowling for accounts to attack. Using long, complex, and unique passwords is a good way to stop your account from being hacked, and an easy way of keeping track and remembering your passwords is by using a password manager.
Keep your devices and software updated
When a device prompts that it is time to update software, it is tempting to simply click to postpone or even ignore it. However, having the latest updates for your antivirus/malware software, web browsers, and devices is one of the best defenses against threats. Don’t wait – update.
Use only approved software and do your research
Do some research before downloading anything new to your devices or computers. Use only legitimate app stores for new apps, check the reviews, look over the permissions and privacy notices, and even look for articles online about the app or software before installing. On your college maintained devices like laptops, desktop, and tablets, only use approved software and ask about any potential exceptions you may require.
Check your settings
Be diligent to double check your privacy and security settings, and know who can access your documents. This extends from OneDrive docs to Zoom calls, and beyond. For meetings on Zoom, for example, create passwords so only those invited to the session can attend, and restrict who can share their screen or files with the rest of the attendees. Be sure to never store files related to your work at Berry that might contain sensitive or confidential information on personal devices or in personal cloud storage.
Being cyber smart and maintaining stellar online hygiene is the best way to protect yourself and others from cyber attacks. No single tip is foolproof, but taken together they can make a real difference for taking control of your online presence. Following these tips is also easy, and free. By taking preventive measures and making a habit of practicing online safety, you can decrease your odds of being hacked exponentially – and prevent lost time and money, as well as annoyance.
If you are reading this, you already see that the website is a little different. OK, maybe a LOT different. Gone are the huge pictures and seemingly endless scroll of the main page. All the content is still here, but the way it is presented (we hope) is more effective and accessible. I had promised an introduction to the site, but we had a number of production delays and you are currently looking at it, so that now seems like a silly idea. We’re flexible here…
Instead, I want to impress on you the importance of following the second item on the list above – using strong passwords or passphrases AND using a password manager to “remember” it all. If you are like me, you have dozens of accounts, and every account requires a username, usually your email address, and a password. I would suggest that if the site allows you to choose a different username that you do so…AND you should make it unique to the account or site.
For example, if you have an account with a site called Mark’s Magnificent Magazine Museum, and it happens to allow you to pick a username, you might use the letters “mmmm” and your initials as the username, which for me would be “mmmmdhb”, which is actually better than using your email address. It’s not that it is “unguessable”, but that it is NOT your email address and therefore is another piece of a puzzle that an attacker would have to figure out (along with your strong password).
But you say “I can’t remember all my passwords, let alone a unique username for every site out there!”
That’s crazy! Why would you ask me to do this?
WHY?!?!?!?
That’s what a password manager is for. Check out the Quick Info page for password managers for more information.
Don’t forget to go check out the Virtual Scavenger Hunt. It starts on Monday, October 4th and ends on Friday, October 29th. Prizes will be awarded each week and two lucky people who complete the Hunt will win the grand prize of a Cambridge SoundWorks (Creative Labs) OontZ Angle 3 Ultra Bluetooth speaker.
Good luck in the Virtual Scavenger Hunt and come back next week for the week 2 article where we will discuss phishing.