When life and learning happen online, it’s important to know how to stay safe
Life has changed over the past year and a half, as has the technology we use. But cybersecurity threats have evolved alongside the platforms we use to work, teach, learn and get together virtually.
“The pandemic has led to the creation of more complex cybersecurity attacks that are not only targeting our new online platforms,” says Alex Aragona, executive director of application and portfolio management and chief information security officer for Instructional and Information Technology Services (IITS).
“They’re also social engineering attacks that are baiting people to provide personal information using emotional appeals.”
Aragona shares a few tips to help you remain cybersecure.
Avoid getting reeled in by phishing
Most people’s inboxes are full of dubious messages — some harmless and others quite dangerous. Here are some simple ground rules for identifying unwanted email:
- Unsubscribe from legitimate senders. This will keep your inbox clean so you can focus on spotting real attacks.
- Never click links from unknown senders, even the "Unsubscribe" link. Play it safe by deleting the email or using the "mark as spam" feature to help block future messages.
- Be intensely skeptical of any email from someone you don't know. When in doubt, delete.
- Be aware of what you share online. Online quizzes that ask for personal data can be used by spear phishers to gather information about your life for potential security questions.
- Stay alert for suspicious requests from otherwise trusted individuals, such as unexpected wire transfers or requests to disclose sensitive information.
- Be wary of emails with a tone of urgency, even if they seem to be from trusted sources. Alarmist emails try to provoke you into making hasty decisions. Instead, follow up with the person directly.
The main goal of phishing is to trick you into performing a desired action such as clicking a link, downloading an attachment or filling out a form. Here are a few warning signs to look out for:
- Multiple addressees on the To: line should be examined carefully.
- Messages that address you generically, such as "Account Holder" or "Customer" are a sign that the message may not be from a trusted source.
- Keep an eye out for spelling errors. Big companies and social networking sites check their spelling in form letters prior to sending them out.
- Beware of links within messages, especially if they don't display where they are taking you.
- Attachments can be serious threats. Opening them can introduce malware into your system. Any attachments, especially unexpected ones, should be regarded with suspicion.
- Be wary of forms that ask you to enter personal information like your password. If you're unsure, try navigating to the website using an official link.
Boost your online security
Concordia’s recent adoption of cloud-based tools, in addition to hybrid work and learning environments and the COVID-19 pandemic, have opened us up to new cyberattacks. Increasingly sophisticated phishing attacks seem to possess a degree of legitimacy, with topics like vaccination records or IT equipment.
Here are a few ways to boost your security:
- Install security software. Set up anti-virus and anti-spyware applications that scan your computer at least once a week.
- Never skip an update. Keeping your software and operating system updated is an easy way to protect your computer. Updates often contain important security patches.
- Customize your security settings in your browser. Browser options are set by default to balance security and functionality. Use the drop-down menu to customize these settings and boost your online security.
- Clear your cache and browsing history if working from a shared computer so you don’t accidently leave a record of IDs, passwords, banking information and other sensitive data.
- Keep your browser updated. Like software and operating systems, browser updates are an important way to remain secure.
- Be careful what you download. Don’t download files off the internet unless they are from a trusted source.
Choose secure passwords and keep them safe!
To prevent unauthorized access, passwords should adhere to the following requirements:
- Trend toward length over complexity. For a long time, we've been taught to use passwords that include a complex combination of characters. While not bad in principle, in practice we find ways to side-step these requirements. Make a password that's strong while also being easy to remember (e.g. FavFood45!).
- Use different passwords for your accounts. Even if you have a strong password, reusing it among multiple accounts is very risky. If one of those accounts gets compromised, your entire online world — and our organization's systems and information — could be next.
- Avoid using a single, common word in your password that can be found in the dictionary or that uses the name of the associated service.
- Change your password every three to six months. If you suspect your password has been compromised, change it immediately.
- Opt in to multi-factor authentication (MFA) to give your accounts an added layer of security.
Learn more about how to keep yourself and your data safe by visiting Concordia's IT Security webpage.