Did You Know? October is National Cyber Security Awareness Month! - 2016
Security: It's Everyone's Responsibility
National Cyber Security Awareness Month is a collaborative effort between government, industry, and education to ensure every American has the resources they need to stay safer and more secure online.
As part of Cal Poly’s ongoing commitment to promoting information security awareness and best practices, this page will be updated weekly during October with links to short videos, best practices, tips or information related to the sponsored Portal announcements and themes listed below.
Please take a few minutes each week to visit one or more of these links to help you learn how to protect you and Cal Poly, and make everyone a better Cyber Citizen!
-
Week 1 - Watch Where You Surf!
-
Week 2 - Wave Goodbye To Weak Passwords!
-
Week 3 - Don't Get Hooked!
-
Week 4 - Be Safe With Social Media!
Week 1 - Watch Where You Surf!
When we visit a web site, we all just want it to work. So, when a warning pops up to impede progress, instead of accepting it, it's worth slowing down to understand the risks.
Use HTTPS
Credit card and online banking sites are convenient and easy ways to purchase and handle financial transactions. They are also the most frequently spoofed or "faked" sites for phishing scams. Information you provide to online banking and shopping sites should be encrypted and the site's URL should begin with https. Some browsers have an icon representing a lock at the lower right of the browser window (SANS.org).View the Security Certificates - Warning to protect yourself against identity theft.
Regularly Use and Update Antivirus
Software can include bugs which allow someone to monitor or control the computer systems you use. In order to limit these vulnerabilities, make sure that you follow the instructions provided by software vendors to apply the latest fixes. Antivirus and anti-spyware software should also be installed and kept up to date.
Learn more about it!
- More information and online shopping tips can be found at StaySafeOnline and Privacy Rights Clearinghouse.
- Visit our main Viruses and Spyware page to learn more about anti-virus provided by Cal Poly at no charge to students, staff and faculty.
Week 2 - Wave Goodbye To Weak Passwords!
Cybersecurity experts continually identify the use of strong, unique passwords as one of their top recommendations. However, this is also one of the least commonly followed recommendations because unless you know the tricks, it’s difficult to remember strong, unique passwords for every login and website.
Recommendations
Consider using a password manager, which is an application that can run on a computer, smartphone, or in the cloud, that securely tracks and stores passwords. Most password managers can also generate strong, unique passwords for each account. When choosing a password manager, ensure it is from a known, trustworthy company with a good reputation. Examples of password manager services and applications include 1Password, Lastpass, and Dashlane.
Another technique to assist in building strong, unique passwords, is to choose a unique passphrase for your password. For example, "A-few-boxes-fell-down-the-stairs_$40". The Cal Poly Portal supports passphrases of 16 characters or longer that have minimal guidelines. A passphrase for the Cal Poly Portal must be 16 to 40 characters and can use any combination of uppercase, lowercase, and select special characters.
Learn more about it!
- For more information on securing your account with strong passwords, visit Stay Safe Online.
- Visit our main Cal Poly's Password page for more information on Cal Poly's Portal password security.
Week 3 - Don't Get Hooked!
Cal Poly users have become the target of phishing emails designed to trick you into revealing your Cal Poly username and password. This puts you and the university at risk. Armed with this information, a phisher will typically use your campus email account to send more phishing or SPAM emails, but they can also access any personal information found on the portal.
Cal Poly will never ask for your password via email, phone or a non-calpoly.edu web form. All password changes are handled through the Cal Poly Portal. If your account has been compromised, ITS will change your password immediately and then contact you regarding next steps. If you are not contacted but you know or think you responded to a phishing email, use the Cal Poly Portal to change your password and questions and then notify abuse@calpoly.edu.
What to do if you receive a phishing email message?
- If you receive a phishing email, do NOT reply, do NOT click on a link, do NOT open an attachment, and do NOT provide personal or confidential information.
- If you receive a phishing email that appears to come from Cal Poly or ITS, forward the message with full headers to abuse@calpoly.edu for analysis.
Learn more about it!
- Read "How Not to Get Hooked by a 'Phishing' Scam" and other facts about phishing.
- Take the SonicWALL Phishing IQ Test and play the Anti-Phishing Phil online game to learn more about phishing scams in general, and how to tell the difference between a phony and legitimate message in particular.
Week 4 - Be Safe With Social Media!
With social media platforms like Facebook, Twitter, and LinkedIn, users can connect with the world from the palm of their hand, but because these sites can carry so much personal information, danger may also be just a click away.
The risks are real
Before you type out those next 140 characters, consider the potential risks to your career and personal safety:
- Current and prospective employers may search social media sites as part of a background check and any embarrassing or incriminating photos or posts could hinder your chances of getting hired or promoted.
- Sharing sensitive or inappropriate information about your employer in social media posts could damage their reputation. Many organizations have a social media policy, so make sure to check it before saying anything about them online.
- Cyber criminals can use the information you post to impersonate you, reset your passwords, and gain access to your other online accounts, like bank accounts. They can even identify where you live or work. #scary!
How to keep your accounts secure
Here are some tips to help you navigate your social media feed without risking your personal security:
- Never post sensitive information, like your home address or phone number.
- Use strong, unique passwords and do not share them with anyone.
- Review your privacy settings regularly, since social media sites often change their privacy policies.
- Be cautious of emails from social media sites, they can be easily faked by cyber criminals.
- Be suspicious of phishing emails which may try to gain access to your computer through social media sites. If you don’t trust it, don’t click on it!
Learn more about it!
- Read Stay Safe Online's tips on safely using social networks.
- Review Facebook's FAQ for their available privacy settings and tools.