Jennifer Raby

Oct 152014
Everyone wants to exercise best practices and stay safe while online, though doing so is often easier said than done. For most, convenience outweighs security and as a result, we put ourselves and others at risk for identity theft and other cyber threats. In keeping with the shared responsibility theme for National Cyber Security Awareness Month, we wanted to bring you an opportunity to not only hear about the typical dangers and pitfalls that come with being online, but more importantly, for you to know which ones (as an individual), you are most susceptible to.

One of the National Cyber Security Alliances’ partners (EMC2/RSA) has kindly provided an “Online Identity Risk Calculator” quiz, to help you find out your personal identity risk score and based on that – they will provide practical tips on how you can keep your online identity protected.Just answer 10 questions and discover how your online activities – from banking and shopping to the types of social networking sites you visit – may potentially make you more vulnerable to identity theft and fraud. Click HERE to play! – IDENTITY RISK GAME

Are you unwittingly putting ECU at risk?…Now that we have looked at our personal habits and the potential consequences of such, we wanted to give everyone a chance to take a similar evaluation to determine if and how their behavior differs while at work.

Just answer 12 questions to calculate your workplace security risk score.  Discover how behaviors like sharing passwords, or using your work computer to check personal emails or download music could make the university vulnerable to hacking, malware and other attacks. Click HERE to play! – WORKPLACE SECURITY GAME


Did your online risk score(s) surprise you? Did you think that you were being more careful than you really are? Are you practicing safer habits at home than you are at work or vice-versa? – If so, why?

We would love to hear feedback from staff and faculty across campus to help us understand and target the areas of concern. Please post to this blog, our Technology Digest blog or our ITCS Facebook page with your results and/or comments!

ITCS on Facebook:

ECU Technology Digest blog:

Oct 302013

Passwords are the keys to your kingdom; you must use them wisely. In this newsletter we discuss how to create strong passwords that bad guys cannot easily guess and how to use them securely.

Passwords are the keys to the kingdom. Once someone knows your password, they can steal  our identity or access all of your personal information. Let’s learn what makes a good password and how to use them securely. There are two key points to good passwords:

• First, you want passwords that are hard to guess. This means do not use simple passwords such as 123456, your pet’s name or your birth date.

• Second, use passwords that are easy to remember. If you keep forgetting your passwords, they are not very helpful.

The problem is cyber criminals have developed sophisticated programs that can guess (or brute force) your passwords, and they are constantly getting better at it. This means that they can break into your accounts if your passwords are not  strong enough. To protect yourself, you want your password to be as long as possible. The longer your password is, the stronger it is. In fact, instead of using just a single word as your password, use multiple words. This is called a passphrase.

For example, your passphrase could be something simple like: time for chocolate

To make your passphrase even more secure, do the following:

• Use a number in your passphrase.
• Have at least one lower case and one upper case letter in your passphrase.
• Use a symbol in your passphrase.

Let’s take our passphrase and make it even more secure by replacing some of the letters with numbers and symbols, as we just discussed. First, replace the first letter with a capital letter. Next, we can replace letters with numbers or symbols. For example, you can replace the letter ‘a’ with the ‘@’ symbol or replace the letter ‘o’ with the number zero. In addition, we can add symbols using common punctuation such as spaces, a question mark or an exclamation point. As a result, we now have a strong password that is very difficult for cyber criminals to compromise, yet is simple to remember and easy to type: Time for ch0c0l@te!

Using Passwords Securely
In addition to creating strong passwords you must also use them securely. A strong password is of little use if the bad guys can easily steal it from you.

• Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password it is no longer secure.

• Do not use public computers, such as those at hotels or libraries, to log into a work or bank account. Since anyone can use these computers, they may be infected with malicious code that captures all of your keystrokes. Only log into your work or bank accounts on trusted computers or mobile devices you control.

• If you accidently share your password with someone else, or believe your password may have been compromised or stolen, be sure to change it immediately.

• Be careful of websites that require you to answer personal questions. These questions are used if you forget your password and need to reset it. The problem is the answers to these questions can often be found on the Internet, or even your Facebook page. Make sure that if you answer personal questions you use only information that is not publicly known.

• Many online accounts offer something called two-factor authentication, or two-step verification. This is where you need more than just your password to log in, such as codes sent to your smartphone. When possible, always use these stronger methods for authentication.

Different Passwords for Different Accounts
Be sure to use different passwords for different accounts. For example, never use the passwords for your work or bank accounts for your personal accounts, such as Facebook, YouTube or Twitter. This way, if one of your passwords is hacked, the other accounts are still safe.

If you have too many passwords to remember, consider using a password manager. This is a
special program you run on your computer that securely stores all of your passwords for you.
The only passwords you need to remember are the ones to your computer and the password
manager program. Check with your supervisor, the help desk or the information security team to see if a password manager is an option you can use.

Print this newsletter: Module07-Passwords-Newsletter

© The SANS Institute 2013  /  Used with permission from The SANS Institute.


Oct 232013

Social networking sites are powerful tools that allow you to communicate with friends and family around the world. However, be careful what you share, how you share it, and with whom.

Social networking sites are one of the most exciting and powerful technologies on the Internet. These are virtual, online communities allowing people to connect to each other from around the world. On these sites, you create an account, post information about yourself, and share information with your friends, family and fellow co-workers. You can also track others to learn what they are currently doing. Different sites are used for different purposes. Sites such as LinkedIn are used for professional or work-related activities, while sites like Facebook are used for personal activities.

Each of these sites is set up differently, but they are all designed to allow you to decide what  information you want to share, how often, and with whom. Some people update their sites daily or even hourly, posting what they are doing, where they work, their hobbies, and their favorite music. What makes these sites so powerful is how easy it is to share with others and to watch and learn what others are doing. However, with these amazing capabilities come many risks you need to be aware of.

1. Sharing Your Information
Social websites allow you to post and share a tremendous amount of information. Not only  can you publish basic personal data, but also favorite songs and movies and personal photos
and events in your life. The concern is, if you’re not careful, sharing all this information can harm you.

Criminals and attackers look for highly personal information. Based on details of your life you’ve shared, they may be able to guess your passwords, impersonate you online, or even steal your identity. You should never post personal details such as your birth date, home address, or identification numbers. In addition, organizations hiring new employees or universities reviewing new students often do background checks on popular social networking sites such as Facebook. To protect your future, do not post any embarrassing information or photos of yourself. If it is something you would not want your boss or family to see, you should not post it.

2. Others Posting Information About You
Even more challenging to control is information others publish about you. You can control what is published on your page and who has access to it, but other people can publish  information about you on their own sites. Photographs, videos, or online chat sessions can easily be shared. Always inform your friends what information they can and cannot share  about you. If they are not sure, have them ask before posting. It is also wise to review their sites to see what they have posted about you. Some social network sites will even notify you if others have posted information about you. In addition, many social networking sites have an abuse contact. If someone will not take down personal information about you, then contact the website’s abuse center.

3. Third Party Apps and Games
Some social websites have additional third-party programs, such as games you can install. These programs are usually not developed or reviewed by the social networking website. Instead, they are developed independently by other individuals or organizations. Always be careful when using third-party programs, as they can potentially infect your computer or access your private information.

4. Trusting Others
One of the exciting features about social networking is the ability to quickly and easily interact with others. The issue is these websites make it easy for attackers to impersonate people you trust. Only accept friends or contacts you know. If you blindly accept any request to join your network, then you have no privacy protection. Another common attack occurs when criminals hack an account on a social networking site and pretend to be the victim. The criminal posts messages to all of the victim’s friends, pretending to be the victim and tricking their friends to visit a website or install a program. When people visit the websites or install the program, their accounts or computers are often hacked. Criminals are using your trust of others to attack you. So be careful. If a friend’s request seems odd, confirm it is your friend and not a criminal or virus that has taken over their account. When in doubt, call your friend to verbally confirm the request.

5. Work Information
Never post any organization-related information on social networking sites unless you have prior permission. In addition, be sure you are using different passwords for your personal and work social networking accounts.

Your Privacy Settings
Most social networking sites such as Facebook offer privacy controls. These are settings you can configureto determine who can and cannot access information on your page. The intent is to give you the ability to publish private information, then share that information with only specific people. The problem with most privacycontrols is they are complex. You may think your information is protected, but you may be surprised to learn others can access it, such as Friends of Friends. Also, privacy controls may not work as you expect, so in some cases people who are not your friends or even third-party applications can still access your information. Finally,even once you figure out the privacy options they often change.
The best way to protect yourself is to limit the amount of personal information you post. In fact, it is best to assume any information you do post will eventually become public, regardless of the privacy controls you use.If you do not want your boss, coworkers, or family members to find out about it, you shouldn’t post it.

Print this newsletter: Module05-SocialNetworking-Newsletter

© The SANS Institute 2013  /  Used with permission from The SANS Institute.