What do Lake City, Florida; La Porte, Indiana; Montgomery County, Alabama; Atlanta, Georgia; and 22 towns in Texas have in common? They have all been victims of RANSOMWARE attacks. And this is just the tip of the iceberg. There are daily cyberattacks against corporations, municipalities, universities, states, and even the federal government. From large company data thefts and individual identity thefts to extortion emails and employment scams, cybercrime has reached epidemic levels.
The current rising threat: Ransomware attacks. In a ransomware attack, a hacker encrypts all of your data, preventing you doing your job or delivering your service. The hacker then demands payment of anywhere from a few thousand dollars to millions of dollar to restore your access.
Our greatest defense is vigilance in prevention and rapid detection of attacks if they occur. Here are some of the most common cybercrimes that you are likely encounter followed by a list of tips you can use to defend against the threat.
Phishing is one of the most commonly discussed cyber threats. It is an attempt to acquire personal information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Typically, these attacks are email based.
Social Engineering relies on certain aspects of human nature to gain access to sensitive information. This type of attack may include sob stories, promised freebies, or other tactics that play on human emotion in an attempt to get personal information or larger scale account and network access. Email, web links, and even telephone calls are all attack methods used in Social Engineering attacks.
Even if you don’t provide your password via a phishing or other social engineering attack, your password may still be vulnerable. Password hacking can be done manually or via software, and hackers can easily crack a password that is short, simple, or that contains readily known information about you.
And, of course, the ransomware threat explained above.
So how do we defend ourselves and our institution?
There are preventative measures you can take now, as well as ongoing efforts you should make, in an effort to keep your data, money, and personal information secure. Here are our tips for helping you protect yourself both at work and at home.
- Sign up for 2-Factor (2FA) Authentication – Whenever it’s available, sign up for 2FA. Most financial institutions now offer it, as do most social media networks and major online retailers. Auburn requires DUO for connecting to most sensitive systems.
- Change Your Passwords – If you use the same password across multiple accounts, you should change them. Make sure your new passwords are long and complex(12 characters or greater, upper case letters, lower case letters, numbers, and special characters), unique, and not easy to guess.
- Use LastPass – LastPass is a password vault that allows you to store all those unique passwords in a secure location, and it is free with an Auburn email account. Find out more at https://aub.ie/lastpass - just be sure you use a long password and two factor authentication because if this password gets hacked, you risk all your accounts being hacked.
- Lock Your Credit File – Subscribe to a credit monitoring service, and lock your credit file when not in use. For more information on freezing (locking) your credit https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs.
- Check the Full Email Address – It’s easy to set up a free account on Gmail, Hotmail, Yahoo, etc. that looks legitimate. Check the full email address to see if it’s really from the sender. For example, OIT emails will come from firstname.lastname@example.org, not from email@example.com. If you see two “@” signs, it’s fake.
- Never Click Links – If you can’t verify the sender, or if you aren’t expecting the email, don’t open attachments or click links. Call the sender and confirm before opening anything.
- Keep Your Information Private - Do not give away your user name and password to anyone, for any reason.
- Don’t Buy Gift Cards or Wire Transfers – If you get an email from your boss that asks you to send a wire transfer or buy gift cards, DON’T DO IT. Verify the wire transfer verbally, and don’t buy those gift cards.
- Research Job Offers – If a job offer sounds too good to be true, it probably is. Do not send personal information to a potential employer unless you can verify the company information.
- Don’t Cash a Check to Pay Others – If someone gives you a $2,000 cashier’s check and tells you to deposit it and instructs you to send $500 to three people and keep $500 for your troubles, you will probably lose $2,000.
- Backup Your Data – Securely backup your data, your term papers, your research, anything that is important to you. If you can’t risk losing the last 8 hours-worth of work, then create a backup.
For more information on Cybersecurity threats and practices, visit https://aub.ie/cybersecurity. And if you have any questions, or if you need assistance with any of these issues, contact Auburn’s cybersecurity staff at firstname.lastname@example.org.