Cybersecurity Blog

Can’t remember all those passwords? Use a password manager. – 02/22/17

You are supposed to have a unique password for every account. However, considering you have to login to do everything from checking your to do list to booking an appointment with your doctor, keeping track of all those passwords is getting close to impossible. That is why we recommend you use a password manager.

A password manager stores all your passwords, allows to you login using quick keys and will even generate secure passwords for you. All you have to remember is the master password to login to the password manager.

There are many types of password managers on the market. Some are free like KeePass and LastPass, others require a fee.  How do you choose which one to use? To help you out, PCmag has a review of some of the more popular ones.

To help you learn how to use the password manager KeePass, we have created a lovely handout that includes the basics . To make learning even easier,  we also regularly offer a terrific, fun little workshop. Visit the Cybersecurity Hub is find dates and register.

Updated 03/01/22

What you need to know about crossing the border – 02/10/17

 

After a Canadian woman was required to surrender her cell phone to US border guards last week and then denied entry, people are wondering what they can do to protect their privacy. Unfortunately, not a whole lot. When crossing the border, you are entering a foreign country and their laws take precedence. They can scan your phone, laptop, tablet or any other device for content as they wish. Any information they find can be used against you. Any sensitive data that is stored can be exposed.

The best way to protect your privacy and that of Mount Royal is to not bring a device with you.  Leave your smartphone, tablet or laptop at home. This is especially true if you are traveling to countries with less than honest border guards who are known hold on to your device until you pay a fine. If you are traveling for business and require portable devices:

  • Ensure that portable devices are wiped clean of anything you want to remain private. This includes removing social media apps and deleting browser, email and text message history.
  • Store data you need access to on Google drive or leave it on your workstation and then use SRAS to access it from your hotel.
  • Make sure you remove your Mount Royal email account from your phone and devices and log out of Google.

Basically you want to turn your smartphone into a phone. It takes calls and that’s it. Theoretically they could ask you to login to your email anyway, however the odds are they are not going to bother.

If you need specific legal advice concerning crossing the border as a Mount Royal University employee, contact Legal Services.

One last piece of advice, be nice to the border guards. Declaring that you have rights as a Canadian citizen will only aggravate them.  You are attempting to enter their country, our privacy laws do not apply.

Increase the security of your Google account with two step verification – 02/08/17

 

It seems like every day, we hear about a new security breach. Yahoo, Adobe, Ashley Madison;  all breached leaving their account holders feeling violated and wondering if their data or identify are safe. To make matters worse these breaches are often not identified until months or years after the attack, giving criminals plenty of time to capitalize on the stolen information. Even if you have a strong password, it cannot protect you if your account provider has its user’s login credentials stolen.

As mentioned in a previous post,  many account providers are now offering two step verification. How does it work? You set up the service by giving them your cell phone number. The next time you login you are asked for your password and then an verification code that is texted to your phone. Worried about losing your phone? You can print off backup codes or give them an alternative cell phone number.

Once two step verification is enabled, if a cyber criminal tries to login to your account you will receive a text with an verification code. Not only does it keep the criminal from logging in to your account, it also alerts you that your login credentials have been compromised and that you need to change your password.

ITS highly recommends that you enable two step verification on all your accounts that offer it, especially on your Google account.  If you are a user who has access to sensitive data or admin access, our recommendation is even stronger.  To make it as easy as possible to enable it, we have created a lovely step by step document that gives clear instructions. We also encourage you to call the Service Desk if you wish to enable it but are uncomfortable doing it on your own.

Common Data Privacy Pitfalls – 02/07/17

What are the most common ways people compromise their privacy online?

Exposing too much personal information online

Cyber criminals mine the internet for your personal information. They use it to determine your security question answers on your accounts, to impersonate you when calling agencies you have accounts with and to create phishing emails that contain content related to your life. To thwart cyber criminals:

  • Set your social media privacy settings to the highest level
  • Don’t accept contact requests from people you do not know
  • Limit what information you enter into websites as much as possible
  • Don’t use information that can easily be found on the Internet for security questions or in your passwords

Not sure how much of your personal information can be found online? Google yourself or better yet have a friend google you. You might be horrified to see what they find.

Sending a regrettable email

We have all been there, we have clicked send and went…”Oh no!!”. Worse yet, we have clicked send and found out days later we have just started Armageddon. How do you avoid sending the regrettable email?

Want a check list to print out and post by your computer? Check out,  Avoid the regrettable email.

Ransomware Alert – Do not install a Chrome font pack! – 02/02/17

 

There is a new ransomware scam.  So new that antivirus software isn’t aware of it yet and therefore can’t detect it. Chrome for windows users that visit compromised websites are suddenly finding the text on the page becomes unreadable. An alert appears explaining that their browser doesn’t have the font needed to display the page properly and instructs them to install a font pack.  To add to the fun, they are unable to close the alert using the “x” button and they cannot close the browser.  If you choose to download and install the so called font pack, you are able to read the text but ransomware is also being installed in the background. The nasty thing is so sneaky, you don’t even notice that something is awry…at least not at first.

Your first clue is your computer starts to run rather slowly. Then you see folders on your desktop grey out and you can’t open them. As the encryption starts to spread you loose access to your documents one by one.  Then the lovely ransom note appears. However by this time you no longer have access to any of your files.

If you find your folders are greying out or you are unable to open files, please disconnect from the network immediately and call the Service Desk.

This latest ransomware uses a common tactic for delivering malware, the fake alert window. If an alert of any type pops up when you visit a webpage, encouraging you to install something to fix the problem, close the browser immediately.  Do not click on anything in the alert window including the “x” as some diabolical hackers design their malware to install regardless of where you click. If you are unable to close the browser, reboot your machine. By following this simple no click rule, you will save yourself a whole lot of frustration and heartache.