How to stay safe in an online world
Life has changed over the past few years, as has the technology we use. Yet cybersecurity threats have evolved alongside the platforms we increasingly use to connect virtually.
“During the pandemic, we moved into a more virtual world out of necessity, but that world is sticking around,” says Mike Popoff, chief information security officer for Instructional and Information Technology Services (IITS).
“This has provided an opening for more complex cybersecurity attacks that target the new online platforms we use and social-engineering attacks that are baiting people to provide personal information using emotional appeals.”
Popoff shares a few tips to help you remain cybersecure.
Avoid getting reeled in by phishing
Most people’s inboxes are full of dubious messages — some harmless and others quite dangerous. Here are some simple ground rules for identifying unwanted email:
- Unsubscribe from legitimate senders. This will keep your inbox clean so you can focus on spotting real attacks.
- Never click links from unknown senders, even the “Unsubscribe” link. Play it safe by deleting the email or using the “mark as spam” feature to help block future messages.
- Be intensely skeptical of any email from someone you don’t know. When in doubt, delete.
- Be aware of what you share online. Online quizzes that ask for personal data can be used by spear phishers to gather information about your life for potential security questions.
- Stay alert for suspicious requests from otherwise trusted individuals, such as unexpected wire transfers or requests to disclose sensitive information.
- Be wary of emails with a tone of urgency, even if they seem to be from trusted sources. Alarmist emails try to provoke you into making hasty decisions. Instead, follow up with the person directly.
The main goal of phishing is to trick you into performing a desired action such as clicking a link, downloading an attachment or filling out a form. Here are a few warning signs to look out for:
- Multiple addressees on the To: line should be examined carefully.
- Messages that address you generically, such as “Account Holder” or “Customer” are a sign that the message may not be from a trusted source.
- Keep an eye out for spelling errors. Big companies and social networking sites check their spelling in form letters prior to sending them out.
- Beware of links within messages, especially if they don’t display where they are taking you.
- Attachments can be serious threats. Opening them can introduce malware into your system. Any attachments, especially unexpected ones, should be regarded with suspicion.
- Be wary of forms that ask you to enter personal information like your password. If you’re unsure, try navigating to the website using an official link.
Boost your online security
Concordia’s increasing adoption of cloud-based tools have become a necessity, but they’ve also opened us up to new cyberattacks. Increasingly sophisticated phishing attacks seem to possess a degree of legitimacy, with topics like vaccination records or IT equipment.
Here are a few ways to boost your security:
- Install security software on personal computers. Set up antivirus and anti-spyware applications that scan your computer at least once a week. While all Concordia-owned devices have antivirus and anti-spyware programs installed by IITS, keep your personal devices safe as well with this best practice.
- Never skip an update. Keeping your software and operating system updated is an easy way to protect your computer. Updates often contain important security patches.
- Customize your security settings in your browser. Browser options are set by default to balance security and functionality. Use the drop-down menu to customize these settings and boost your online security.
- Clear your cache and browsing history if working from a shared computer so you don’t accidently leave a record of IDs, passwords, banking information and other sensitive data.
- Keep your browser updated. Like software and operating systems, browser updates are an important way to remain secure.
- Be careful what you download. Don’t download files off the internet unless they are from a trusted source.
Here are a few ways to secure your documents:
- Avoid sharing documents online that include sensitive information. If you do so, protect these documents with a strong password.
- Do not keep unnecessary emails or documents stored online. Some known data breaches in education involved sensitive data that was more than 40 years old.
- Encrypt documents and emails containing sensitive information. Encrypting information means that information is converted from readable text into scrambled cipher text. Only those with the password can read it.
- Keep up to date on Concordia’s data policies. Concordia’s Policy on Data Governance (PRVPA-4) and associated Data Governance Framework have been created to structure the way university securely stores information.
- Understand Concordia’s data classifications. Is your information public, internal, confidential or restricted? Each category has its own data handling procedures.
Visit the IT Security page to learn valuable information about protecting your identity.