A Good Time to Become CyBear SMART
[National Cyber Security Awareness Month (NCSAM) has come to a close but the need to stay CyBear SMART never ends. ISG hopes that the events as well as the tips & tools we presented during October helped make you and your computer more secure.
Though the month has ended, we'll continue to offer periodic Brown Bags and classes announced in Morning Mail. We're also leaving the weekly summaries and their links in place for your later reference.
Finally, congratulations to all the contest winners as well as everyone who participated in our events and online.
If you've had your day derailed by a computer virus, laptop theft or identity hack, then you know the havoc that these serious "gotcha's" can cause. Just recently, Wired magazine's tech-savvy Mat Honan disclosed the painful details of how he lost precious personal information, his Google account, control of his Twitter account and a lot of time trying to recover from a major hack. [ Mat's recounting of the story on Wired; related article from Infosecurity Magazine ] National Cyber Security Awareness Month -- to giving you the tips and tools to protect yourself from hackers, thieves, phishing, malware and more. We know you don't have a lot of time so have boiled it down to a simple message: STOP the Gotcha's -- GO CyBear SMART, which stands for:
- S - Strong Passwords
- M - Mobile Safety
- A - Alert & Informed
- R - Reputation Protection
- T - Take Control
Each week during October we'll focus on each of these topics, offering both online and in-person opportunities to become more cyber secure. The more you participate, the more you learn PLUS the more chances you can collect toward prizes awarded at the end of the month for the CyBear SMART contest.
Throughout October ISG, will also tweet tips on the week's theme, and at the end of the week we'll offer a short quiz based on those tweets. Ace the quiz for 10 points. In fact, we'll give you points just for following us on Twitter . Attend a Brown Bag or Be Safe Brown! Campus Safety Resource Fair for more points (every ten points collected = one chance on the drawing).
Details for the month continue to evolve, so check back often for the latest information.
Week #1 :: Strong Passwords
They're your first line of defense, whether protecting your laptop, phone or tablet; research records, salary info or grades; email, bank account or Facebook page.
A study by Microsoft on password habits showed that an average person will use the same password across almost 5.67 sites, that weak passwords are used at more sites on average (6.06), and stronger passwords at fewer sites on average (4.48), and then usually only when required. If complexity is not enforced, passwords containing only lowercase letters are predominate, regardless of password length. In other words, we as humans tend to take the easiest route. During this week, we will help you to become more aware of -- and hopefully to swap -- old habits for new ones.
- Oct 1 - 5: ISG kicks off the month with a focus on passwords, something you control and can easily improve. Sign up for our Twitter feed for 10 points.
- Oct 1: Stop by the ISG booth at the "Be Safe Brown!" event. Play CyBear SMART" to collect 10 points toward the drawing.
- Oct 3: Attend the lunchtime Brown Bag R U A 10+? and collect 10 more points, plus dessert is on us!
- Oct 5 - 8: The quiz is no longer available.
- Learn Online: Protect yourself with Strong Passwords and know the dangers of Password Sharing; update your Brown and/or Google password now with MyAccount.
- Brown Bag: Our first of four presentations, R U A 10+?, was held from 12:05 to 12:50 PM on Wednesday, October 3rd at 169 Angell, Room 202.
- Tools: Test your password's strength using Microsoft's password checker or the site How Secure is My Password. Note: No data is stored or transferred. Passwords are checked and validated on your computer.
- Videos: View the student video contest winners How to Create a Secure Password (:30) and 10 Most Common Passwords (:30) and Mozilla's video How to Choose Strong Passwords (2:07).
Week #2 :: Mobile Safety
This week we focus on helping you stay secure when on-the-go. Learn how to protect your laptop / tablet / smartphone, cultivate common sense habits to prevent big headaches, AND get two more chances on an iPad and more! Reminder: If you haven't started following us on Twitter, you can do so at twitter.com/ISGatBrown.
October is also National Crime Prevention Month. The Department Public Safety is holding safety and awareness events throughout the month, including a special push to have the Brown community register their laptops and tablets (as well as bicycles) as part of their Operation Identification. To have your items engraved and registered, please contact Crime Prevention at (401)863-1438 during normal business hours.
- Oct 9 - 12: Learn how to protect your mobile device, whether a laptop, tablet, smartphone or in between, and keep them safe when on the move.
- Oct 11: Attend the lunchtime Brown Bag Love to Travel? Love Your Devices? pick up pointers and 10 points. Bring your lunch; we supply the cookies.
- Oct 12 - 15: The quiz is no longer available.
- Learn Online:
» Devising a Safer Environment for your Mobile Device
» Physical Security: Laptops, Mobile Devices, Thumbdrives, Smart Cards
» Secure Wireless When Traveling
» International Travel Information for all Brown University Travelers
- Brown Bag: Our second in a series, Love to Travel? Love Your Devices? will be held from 12:05 to 12:50 PM on Thursday, October 11th at 169 Angell, Room 202. Come learn 15 tips to secure yourself and your devices so that the love affair can continue. You bring a lunch and we supply the cookies.
- Games:Your assignment, should you accept it, is Mission: Laptop Security. Beat back the hack attack in the Invasion of the Wireless Hackers (warning: soundtracks may be loud)
- Tools: When away from campus, use SSL-VPN. Install FrontDoor Laptop Security Software, available from Public Safety's website. Buy a cable lock, which you can find at the Brown Technology Center as well as online. For serious lock-downs, visit Computer Security Products, offering laptop tie-down brackets and anti-theft tags. Use Brown-Secure when on campus and connecting via wireless. You can find the instructions for your OS here, which include how to use Cloudpath to automatically configure your device. Learn about eduroam, which will let you obtain wireless connectivity across campus and when visiting other participating institutions. Encrypt your laptop with Symantec Endpoint Encryption.
- Videos: View the short student videos Z-Bay, When You Least Expect It, For Their Inconvenience, Protecting Your Computer in a Public Place and Mobile Phone Theft.
Related event this week:
- October 9, 6:45 PM - David Sherry will speak on The Evolution of the Information Security Management Function at the Providence Web Application Security Group. The event takes place in the new Continuing Education building at 200 Dyer Street in downtown Providence.
Week #3 :: Alert & Informed
You keep your computer patched, right? What about the most important CPU you own, the one between your ears?
When it comes to information security and safe computing, most experts agree that "the human is the weakest link." There is much talk about hacking the human (including a book with that name by Ian Mann and another called Social Engineering: The Art of Human Hacking by Christopher Hadnagy), which leads some in the field of information security to coin such terms as patching the human and the HumanOS. And like patches, they need to be applied regularly,or in other words, you need to keep alert and informed of threats and the risks they pose to stay protected. ISG provides many ways to keep current: our newsletter Secure IT!, periodic Brown Bags, malware and phishing alerts on the CIS blog, Morning Mail announcements, Twitter, and concerted efforts like National Cyber Security Awareness Month each year. Read on for more resources!
- Oct 15 - 19: The focus this week is on raising your level of awareness. We'll teach you how to fend off phish, spot scams, navigate safely online and more.
- Oct 17: Attend the lunchtime Brown Bag In This Phishing Contest, Your Identity is the Trophy, which offers tips on how to sniff out phishing scams and keep your identity intact. More pointers and points and dessert.
- Oct 19 - 11: The quiz is no longer available.
- Learn Online:
» Phishing & Malware alerts | Phishing Primer | Phishing Good News / Bad News | Tips for Avoiding Email Phishing Schemes
» Identity Theft: How to Deter, Detect & Defend
» Secure IT! newsletter | Phishing & Malware Alerts
» twitter.com/ISGatBrown | twitter.com/CISOatBrownU
- Brown Bag: The third Brown Bag in our series, In This Phishing Contest, Your Identity is the Trophy, will be held from 12:05 to 12:50 PM on Wednesday, October 17th at 169 Angell, Room 202. This fast-paced, interactive session will help you spot a phishing email, fend off social engineering, and prevent you from becoming a victim of identity theft. Pick up 10 more points and another chance on the drawing. You bring a lunch, we supply the cookies.
- Games & Quizzes: Try to stop the techie spy in The Case of the Cyber Criminal; two ways to test your phishing savvy - Phishing Scams: Avoid the Bait and Spam, Scam Slam: Don't Be Fooled! (warning: soundtracks may be loud) | Quiz - Can you tell a real site from a fake one? | What's your Phishing IQ?
- Tools: Tutorial: Spotting a Phishing Scam in Your Email | Facebook: Controlling Your Information; Interactive Privacy Tools
- Videos: View the 30-second award-winning video Phishing Lesson, plus the short videos The Right Kind of Bait and Cyber Safety Tutorial with Cybersecurity Sam
Your public information may be scattered across the Internet but is now even easier to be reassemble into a digital footprint, thanks to a new application, Maltego, demonstrated at the recent Breakpoint 2012 Security Conference. Its owner, Paterva, describes it this way: "Information is leverage. Information is power. Information is Maltego."
If this makes you squirm a bit inside, then why not use that angst as a motivator to get a better grasp of your online life? Consider Facebook, for example. Ever wonder what your Facebook timeline looks like to others? Use the View As tool then tweak your timeline to your comfort level.
This week we highlight social media and how to balance being public while protecting your privacy. Read on for more tips, come to Wednesday's Brown Bag, follow us on Twitter (at twitter.com/ISGatBrown) and then take the quiz on Friday. You'll be safer and collect more chances on the big drawing!
» THE WEEK'S SCHEDULE
- Oct 22 - 26: Your life is online. Is your reputation also "on the line?" What do you have to lose? Maybe a lot.
- Oct 24: Attend the lunchtime Brown Bag Your Life Online (details below)
- Oct 26 - 29: The quiz is no longer available.
- Learn Online:
- Guard Your Privacy (ISG)
- Privacy Basics (Privacy Rights Clearinghouse)
- Leaving a Trail on the Web (Onguardonline.org)
- Incognito Browsing: How to protect your privacy while browsing
- Panopticlick: How unique and trackable is your browser? (Electronic Freedom Foundation)
- Search engine alternative (non-tracking): duckduckgo.com
- twitter.com/ISGatBrown | twitter.com/CISOatBrownU
- In the News:
- Higher Ed Data Privacy
- Facebook Privacy Settings in Groups Work Backwards, Users’ Lives Ruined (International Business Times, 10/16/2012)
- Facebook-Datalogix deal may skirt privacy promises;
Facebook, Facewatch, Data Retention About-Face (Electronic Frontier Foundation, 10/1/2012)
- Brown Bag:
- The final Brown Bag in our series, Your Life Online will be held from 12:05 to 12:50 PM on Wednesday, October 24th at 169 Angell, Room 202. Lessons, tips and tools for protecting your privacy and reputation in today's Internet-connected world. More pointers and points and treats. You bring a lunch, we supply dessert.
- Games & Quizzes:
- Apps to protect you online:
- Privacy suite: Abine
- Blocks ads: Adblock Plus, AdBlock, AdSweep for Chrome & Opera
- No ad tracking: Beef Taco
- No tracking from major sites: Disconnect
- No third party tracking: Ghostery
- Manage your third party tracking: RequestPolicy
- Manage what gets sent to sites: RefControl
- No tracking from Flash: Betterprivacy
- Recommended books:
In the end, you are responsible for your own safety. We wrap up the month by pulling it all together with a few final tips on how to be proactive when it comes to protecting you and your computer.
- Get Physical: Protect your computer or device. Lock it up or safely stow it. Find a good case or sleeve to protect it. That amazing little piece of technology is powerful but also fragile.
- Paper Trails: Your identity isn't just at risk online. Don't carry around your social security card or bank cards you don't need. Get a good cross-cut shredder and use it for confidential papers, whether at work or home. That includes any mail with your personal information.
- Stay Current: Keep your OS, software and apps up to date, especially your security software. Make sure your setting will allow for automatic updates where possible, and when notified of the availability of updates (from reputable sources), install them.
- Copy That: If your information resides locally on your desktop, laptop, tablet, smartphone or flash drive and it's important to you, keep a spare copy. Memory is inexpensive so purchase an external hard drive or put it in the cloud, such as your Brown Google Drive.
- Goodbye Gullible: Learn to maintain a certain sense of wariness, whether online or in person. Social engineers can strike by email, phone or on the street. Think of it like when you were told not to accept rides or candy from strangers.
» THE WEEK'S SCHEDULE
- Nov 1: Month ends and contest winners are announced! The announcement of the contest winners was postponed until November 1st due to Brown closures on Monday and Tuesday.
|iPad2 (16 GB / white)||Alexx Temena|
|Hitachi Touro External HD (2TB)||Donovan Dennis|
|Imation USB 2.0 HD (1TB)||Neal Poole|
|Macally TriHub 7-Port Hi-Speed USB 2.0 Hub||Ashley Frith|
5th & 6th
|American Red Cross Crank Charger
(Flashlight & USB Cell Phone Charger)
|Dorothy Solomon & Lan Mei|
|Are You Naked Online? Protecting Your Internet Identity by Claypoole & Payton||name withheld|
|99 Things You Wish You Knew Before Your Mobile Device Was Hacked by R. Siciliano||Serguei Treil|
|Gear Head 4-Port USB 2.0 Hub||Srdan Beronja|
|Skull Candy Earbuds||Richard Shea, Paula Penelton & Dominic Rocco|
National Cyber Security Awareness Month (NCSAM) is an annual awareness-raising effort that seeks to encourage everyone to protect themselves online as well as their nation's critical cyber infrastructure. The Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), are the champions and founders of NCSAM and work together during the month of October to increase general cyber security awareness.
ISG has brought NCSAM to Brown each October since 2005 with safe computing classes as well as online information, videos and quizzes that focus on phishing, identity theft, the hazards of social networking and secure wireless. Plans are in the works for this October's offerings, which will be announced in Morning Mail and on CIS's website in late summer.
This site will continue to be updated in preparation for ISG's October events, so check back often. In the meantime, we encourage you to watch the video "The Faces of Cybercrime" produced by StaySafeOnline.org.