Cybersecurity Tips - Protect Yourself

Incidents of cyber crime are increasing every year.


The global cost of cyber crime was about $2 trillion in 2019. Everything and everyone is a potential target, from government agencies and large corporations to small businesses, school districts and individuals.


Of the many factors that contribute to data breaches, about a quarter occur when people unwittingly respond to malicious emails, browser pop-ups and catchy website links.


The key to reducing this vulnerability is learning basic practical computer and information security.


1. Create Strong Passwords

One person’s weak password has the potential to compromise not only an entire district’s data, but also the data of the students and staff. It’s amazing how many people use vulnerable passwords. Every year, SplashData publishes a list of the top 100 worst passwords, and every year, passwords like 12345, 123456, 12345678, and “password” all top the list.


We require passwords that are at least eight characters long—the longer the better. Choose something you can easily remember.

  • Don’t include your name in the password
  • Avoid pet names, children’s birthdays, addresses and other things that may be public (i.e. posted on social media)
  • A phrase or pair of words that that are rarely related form a good basis for a long but easy to remember password
  • Either replace certain letters in your phrase with symbols or numbers, or insert numbers and symbols in the phrase

Example: Starting with ”tan lamb white lion”, remove spaces, replace “i” with “!” and “a” with “@”, you would have t@nl@mbwh!tel!on


Tip: With so many passwords to remember, consider using a password manager like the Google Chrome or Apple Safari password manager or a separate service like LastPass or 1Password.

2. Use Two Factor Authentication

The more barriers put in place, the more difficult it is for hackers to get into your accounts and your information. Two Factor Authentication combines two independent credentials: what you know (your password), what you have (your phone or a paper list of one-time use codes). If your password is stolen or compromised, the hacker is still blocked without having your second (physical) factor.


Use Two Factor Authentication everywhere you can: your personal email, cloud storage, financial institutions - Anywhere you have sensitive or personal information, or manage your finances.


Tip: Because your phone is now so important, make sure you use a non-obvious PIN, and if possible make the PIN 6 or more digits long.

3. Learn to Recognize Phishing Scams

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to respond with sensitive information. If deceived, you could give the attacker access to all sorts of valuable data - your credit card, bank account or social security number or a password to an important account. We use Google to filter potential phishing emails in the district. Nonetheless, one might always get through. Furthermore, never forget that your personal accounts are probably not so well protected.


Here are a few things you should be on the look-out for:


  • The Displayed Name in the Email – a name displayed in the “from” box does not guarantee that this is the sender.
  • Suspicious Links (Don’t Click!) – If the web address you see when you hover over the link doesn’t seem to match the sender, be very careful. Be especially careful if an email directs you to a website asking for a login - this a way to to steal your login credentials.
  • Spelling or Grammar Mistakes – if it doesn’t look or sound right, it’s probably not legitimate.
  • Odd Salutations – if the contact you know usually addresses you by your first name but the email greets you as “Valued Customer” or “Important Client”, it’s a scam.
  • Request for Sensitive Information – if asked for sensitive information, pick up the phone and call a known number to verify the request.
  • Implied Urgency – this is a scare tactic is designed to get you to respond. If the email is threatening you with legal action, service stoppage, etc., don’t reply, call a known number to verify the demand.
  • Images that aren’t Quite Right – if the images or layout of an email seem a bit off, it’s most likely a phishing attempt.
  • Suspicious Domains – many malicious emails use a domain that is close to the legitimate domain. For example, someone could use Capitol0ne.com instead of capitalone.com to try to fool you.
  • Non-Standard Attachments – if the attached file is not one you recognize (like .doc for a word file, .xls for an Excel file, or .pdf for a PDF file), be suspicious, don’t click!


If you suspect that a message is Phishing email, please report it immediately to IT at help@sboe.org.


4. Text Messages Can Be Scams Too

Text messages can be another channel for breaching your privacy. Beware of text messages from unknown or unusual sources, or with an unusual format. Never respond to these texts. Clicking on an embedded link can expose your phone to malicious software or take you to a phishing site.


5. Use Multiple Lines of Communication

Malicious emails don’t always come from strangers. They can appear to come from friends and trusted colleagues.


If anyone sends a request for sensitive information like banking, credit card or login information, contact the sender on a separate platform to confirm the request. If the request comes by email, call the sender to make sure it’s valid.


6. Be Cautious of Free Software Downloads and Extensions

Most people naively believe that software downloads from any website or extensions from the Google Play store are safe as long as the software itself is from a trusted brand. It is important to understand that where a program is downloaded from is just as important as what is downloaded. Sites that offer free versions of known paid programs are likely to contain trojans, spyware, worms, viruses and other types of malware - avoid them! At the very least, make sure to run all downloads through antivirus and spyware programs.


7. Don’t Ignore Application Updates

Operating System or software update reminders on your computer can be annoying, but they shouldn’t be ignored. These updates are an important part of maintaining the operation an d security of your computer.


Hackers know the vulnerabilities of out-of-date devices, so companies need to keep up to date with all the latest patches. Many people believe that operating system and application updates are optional or unnecessary. The truth is, they’re not. They are an important line of defense against new types of attacks.


8. Be Careful when using Public WiFi

There are times when we need to use our computers away from work or home. To connect to the internet, you will have to connect to the WiFi network at a restaurant, cafe, airport, etc.


Connecting to public WiFi can be unsafe. How you select the WiFi network, how you connect to WiFi networks, the websites you access, your use of passwords, and your device's settings and updates are all important.


See this article from PC Magazine for tips to safely use WiFi when you are away from home or work. https://www.pcmag.com/how-to/14-tips-for-public-wi-fi-hotspot-security


9. Beware of Social Engineering

Social engineering refers to a broad spectrum of malicious activities using psychological manipulation to trick users into giving away sensitive information. Perpetrators patiently collect data and background information on their intended victims. Then they gain the victim’s trust and provide seemingly harmless reasons for their victims to give up sensitive information.


What makes social engineering so dangerous is that it preys on human error, much more of a wild card—and much harder to track—than taking advantage of vulnerabilities in software and operating systems.


Be suspicious of people you meet casually or that cold call you and ask questions about you, your family, friends or work.


10. Pop Ups and Ads Can Be More Than Annoying

Some pop-ups are ads. They are annoying but benign. Many pop-ups are scams or are intended to get you to install malware on your device.


One scam is a pop-up ad or a page warning you about a problem with your device. These pop-ups are designed to trick you into calling a phony support number, or buying an app that claims to fix the issue.


In some pop-ups, clicking on a provided link or button, you may inadvertently either install malware or be redirected to a website that installs malware.


Some pop-ups can’t seem to be closed. To get rid of these, look carefully at the corners for an X - it may be obscured - and click it. If you can’t close the pop-up that way, either close the browser tab it’s associated with, or close the browser completely. If on reopening the browser, the pop-up returns, close it again and clear your recent browser history.


The best advice with pop-ups is to not allow them. Allow pop-ups only in the rare circumstance that an app or site that you have chosen to use requires them.


To manage pop-ups in Google Chrome, see https://support.google.com/chrome/answer/95472?Co=genie.Platform%3dandroid&hl=en


To manage pop-ups in Apple Safari, see

https://support.apple.com/en-us/HT203987


11. Backup your Data

If you get attacked by a virus or by ransomware, you can lose critical information and a lot of hard work. This is a risk if you work on and store files locally on your computer rather than in the cloud (Google Workspace, Microsoft 365 / OneDrive / Dropbox, Apple iCloud).


The best way to protect your data from malware is to sync your files with a cloud service. In the event of an attack, you should be able to access and restore earlier uncorrupted versions of your files.


If you feel uncomfortable with cloud services, you can use a USB external drive or memory stick. If you do, use drive encryption software provided with your computer or with the drive/stick, and store the backup in an accessible but safe location