Welcome the the fourth and final week of Cybersecurity Awareness Month!
This week we will discuss making cybersecurity a priority, both at work and at home, particularly in this time of occasional to full-time work-from-home. We’ll look at how we can begin to think about cybersecurity first whenever we are adding devices to our home network and dealing with personal and work data.
In this day and age, employees are more connected than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office setups. According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to rise by a staggering 70% by 2025. Even if you are not working from home, you are probably still connecting more and more devices to your home network, from light bulbs to refrigerators to regular computers. In this new normal where smart devices and consequently online safety are a must, here are some tips for securing those devices.
Remember smart devices need smart security
Make cybersecurity a priority when purchasing a connected device. When setting up a new device, be sure to set up the privacy and security settings on web services and devices bearing in mind that you can limit who you are sharing information with. Once your device is set up, remember to keep tabs on how secure the information is that you store on it, and to actively manage location services so as not to unwittingly expose your location. Be sure to register your new device so the manufacturer can update you if there is an issue. Pay attention to any correspondence from the manufacturer and follow any update recommendations.
Put cybersecurity first in your job
Make cybersecurity a priority in your role at work. Take it upon yourself to exercise best practices to keep Berry safe. Some precautions include allowing for regular software updates by rebooting your computer regularly, and setting up MFA once it is enabled on your account, which should be NOW. If you realize MFA is not enabled on your account, contact the Technical Support Desk by emailing email@example.com or calling extension 5838 and request it.
Be sure to keep your personal files separate from your work files and only handle work files on approved devices. Don’t store a lot of personal photographs, documents or other files on your work-issued computer. Don’t use your work email account to register for personal websites, unless it is required for some reason, say for instance, you get a discount if you register with a .edu (educational, academic) account. If you are unsure about using your Berry email to register on a site, contact Information Security at infosec.berry.edu or extension 1750 and we’ll be happy to discuss your situation and help you determine the best course to take.
Make passwords and passphrases long and strong
Whether or not the website you are on requires it, be sure to combine capital and lowercase letters with numbers and symbols to create the most secure password. Generic passwords are easy to hack. If you need help remembering and storing your passwords, don’t hesitate to turn to a password manager for assistance. In addition to using good password, don’t use real information for password recovery questions. Information like maiden names, school mascots, favorite pets or pet names, streets where you grew up, and other supposedly “secret” bits of data are readily available online. You post them yourself on social media sometimes but these are also mostly public records. Make up answers and put them in your password manager or don’t use recovery questions if you can avoid it.
Never use public computers to log in to any work or sensitive accounts
While working from home, or just in general, you may be tempted to change scenery and work or relax at a coffee shop or another type of public space. While this is a great way to keep the day from becoming monotonous, caution must be exercised to protect yourself and your company from harm. Make sure that security is top of mind always, and especially while working in a public setting, by keeping activities as generic and anonymous as possible. Don’t log into work accounts, bank accounts or other sensitive sites on public computers or while on “free” wifi. Free usually means “not well maintained” especially in small shops and most public places.
Turn off WiFi and Bluetooth when idle
The uncomfortable truth is, when WiFi and Bluetooth are on, they can connect and track your whereabouts. To stay as safe as possible, if you do not need them, switch them off. It’s a simple step that can help alleviate tracking concerns and incidents. This is true whether traveling in or out of the country. Check with reputable travel sites to see if there are recommendations concerning connected devices in a country you are planning to visit.
These are just a few simple steps towards achieving the best online safety possible. Staying safe online is an active process that requires constant overseeing at every stage – from purchasing and setting up a device, to making sure that your day-to-day activities are not putting anyone at risk. By following these steps, you are doing your part to keep yourself and your company safe from malicious online activity.
If you want to know more about how to protect yourself and the college, Information Security has cybersecurity awareness training for the entire active community; faculty, staff and students. A short, roughly half-hour long set of courses will introduce and educate on cybersecurity awareness. It will cover topics such as good password management, how to spot phishing emails and other social engineering attempts, data security, safe browsing and use of social media. In addition, it will explain how to protect your devices, whether they are mobile devices like phones and tablets, more standard computing devices like laptops and desktops, or any of the thousands of “Internet of Things” (IoT) items like Amazon Echos, smart light bulbs, intelligent appliances, video doorbells, or other devices that connect to the network, but don’t have traditional screens or input devices.
This training is available right now by request, but we will be rolling it out as required training in the near future. Watch for emails from Information Security for more details and keep an eye on this website. If you are interested in taking this training now, you can use the form on the right side of any page on this site to request access to training. As technology constantly advances, so does the cyberthreat landscape, so this training will be required on a regular basis.
That’s it for this final week of Cybersecurity Awareness Month. Thanks so much for reading these articles. I hope they were interesting and educational. You still have time to complete the scavenger hunt as long as it is not past 11:30am on Friday, October 29th when you read this. You should need less than thirty minutes to find all the answers and be eligible for the grand prize drawing. To start hunting for answers in the Virtual Scavenger Hunt follow the link. If you have any difficulties advancing to the next set of questions, please email firstname.lastname@example.org and I will help you along. The fourth week questions posted at 8:00AM on Monday, October 25th, but you must complete the first three weeks of questions to get to the fourth week. The hunt will wrap up on Friday, October 29th at noon. Good luck!