Make sure that all of your computing, browsing, and digital communications are secure. Please take a few minutes to review the following videos that will help protect you from cyber attacks. Just a handful of proactive steps can help to ensure that DePaul students maintain a safe computing environment.
Introduction to Cyber Security
DePaul's Information Services is proud to present a cyber security guide. Learn about phishing, passwords, browser safety, protecting your personal devices, and responding to identity theft. Please watch the following videos to be better prepared for security threats.
Security Training Videos
Introduction
Please watch this series of videos and be better prepared for potential cybersecurity threats.
Phishing
A phishing attack is an attempt to socially engineer a user into unknowingly giving up sensitive information. This sensitive information can be used to access user account(s), and steal identities.
Passwords and Authentication
Using strong passwords and multi-factor authentication can strengthen your security stature.
Web Browsers and Browsing Safety
Securing your browser and browsing the web can help keep you safe!
Protecting Personal Devices
Keeping your devices secure and free from malware is critical.
Responding to Identity Theft
Identity theft is a serious issue. Learn more to be prepared.
Outro
Thank you for watching this video series. Please watch this outro for more resources available to DePaul students regarding cybersecurity.
DePaul Security Training - Plain-text content
Phishing:
Being able to identify and phishing attempts can help keep you safe online!
A phishing attack is an attempt to socially engineer a user into unknowingly giving up sensitive information. This sensitive information can be used to access user account(s), and steal identities. The attacker pretends to be an individual, group, or organization that can be trusted:
- “From:" field may be spoofed.
- Email and/or associated website may be set up to closely resemble a real email and/or associated website.
- The attacker may provide public or stolen information in an email to provide an air of legitimacy.
The attacker may prompt a user to click on a hyperlink. The attacker may attempt to hide the effective URL.
- Hover over the hyperlink to find out the true embedded link.
- URL shorteners and redirections may obscure the real destination.
- Sometimes real companies and websites are compromised, and attackers create or alter a webpage to make it malicious.
The associated link will be malicious
- The website will often attempt to mimic the legitimate service which it is spoofing.
- The website may prompt the user for credentials, which would then be stolen.
- The website may initiate an automatic download, which may install malware on the user's machine.
- The website may direct the user to call a phone number.
- Instead of clicking, visit a real website by typing in the known URL.
The attacker may prompt user to open/save/run an attachment. The associated attachment will be malicious.
- Attachment title may attempt to appear to be legitimate.
- Scripts and other malicious code can be executed in files other than .exe.
- Opening, previewing, or saving an attachment may install malware on the user's machine.
Other key indicators of potential phishing
- Grammatical errors
- Vague references to user's identity
- Incorrect information
- Unexpected email
- Emphasis on time-sensitive constraints, in an attempt to create a false sense of urgency, is an especially common tactic
Passwords/Authentication:
Using strong passwords and multi-factor authentication can strengthen your security stature!
Passwords should be complex
- Passwords should be at least 8 characters long.
- Passwords should contain a mixture of upper case and lower case characters.
- Passwords should contain a mixture of letters and numbers.
- Passwords should special characters/symbols (when possible).
- Passphrases (a password made of a long sentence) can help strengthen passwords and improve your ability to remember them.
- Consider replacing letters with their equivalent numerical representations.
- Passwords should not contain any sensitive information.
- Passwords should not contain easily guessable information.
- Consider changing passwords on a regular basis.
Passwords should be unique
- Re-using passwords can give attackers' access into multiple accounts by stealing only one password.
Password Management: consider using a secure password manager
- Requires user to remember one very complex master password.
- May generate long complex passwords that can be used to login.
- Avoid saving sensitive passwords in web browser.
Two-Factor and Multi-Factor Authentication
- Authentication can be performed in a variety of ways: something you know (e.g. password), something you have (e.g. cell phone with a text message code), or something you are (e.g. fingerprint).
- Security is strengthened when more than one factor is utilized.
- Even if hackers have the user's password, they will be unable to authenticate if they do not have the other factor of authentication.
- Consider using two-factor or multi-factor authentication when possible.
Browser/Browsing Safety:
Securing your browser and browsing the web can help keep you safe!
By default, browser settings may not be ideally secure, but can be configured.
- Browser should require webpages to ask first before accessing user's location.
- Browser should require webpages to ask first before accessing user's webcam.
- Browser should require webpages to ask first before accessing user's microphone.
- Browser should block popups and notifications.
- Browser should ask before saving passwords, and this should be avoided altogether if possible.
Browsers can also usually be configured to be even more secure
- Delete cookies, cache, etc.
- Block third-party cookie reading and writing.
User should verify that their connection is secure
- Connection should use HTTPS (valid TLS/SSL). This can usually be verified by a box next to the URL.
- Secure connections are especially important when submitting sensitive personal or financial data.
- A secure connection ensures that your data will be encrypted when sent across the Internet, but does not necessarily mean that your data is being sent to a legitimate place (e.g. a malicious website can provide secure connection).
Determining if a site is safe
- Browsers, antivirus software, as well as other plugins may alert users when they are about to visit a potentially malicious site.
- Terms of service and privacy policies: Often long and in “legalese", but also often very valuable. The contract(s) between the user and the website owner. Defines how the user's data is being used (collected, shared, etc.).
Check for spoofing
- Utilizing a lookalike domain is a common method of tricking users.
- Malicious sites may attempt to spoof the layout of a legitimate page.
- Hover over a link to determine the URL inside of a hyperlink or the action to be taken.
- Type the URL of the webpage you want to browse to, instead of clicking, or use a previously made bookmark.
- When searching for a webpage in Google, the first result may not be the real site.
If a website is deemed to be potentially insecure users should try to find an alternative: big name online retailers or brick and mortar stores as an alternative to lesser known, potentially suspicious retail sites (if deemed insecure).
- Even trusted sites may have malicious script embedded in an advertisement displayed by the ad service a website uses.
Safe posting habits
- Users should be careful when posting personal information online. Attackers can use this information maliciously.
Public Machines and Access
- Use caution when browsing while using a public computer (e.g. library computer).
- Don't enter or access sensitive information when using a public machine.
- Machine could be infected, or sensitive information could be cached and later retrieved by an attacker.
Use caution when connecting to unknown Wi-Fi networks or hotspots
- Don't enter or access sensitive information when connected to hotspots found in places such as cafes.
- Be careful of rogue hotspots attempting to spoof the SSID of a legitimate network.
Host Based Security:
Keeping your devices secure and free from malware is critical!
Computers are targets
- Any device and any operating system can be a target for attacks and malware.
- Attacks and vulnerabilities can vary between device and OS.
- This includes mobile devices.
- Best approach is layered security/defense in depth.
Securing the Operating System
- Stable patches and updates should applied as soon as possible, as they may contain fixes for security vulnerabilities.
- Host-based firewall should be enabled, and not open.
- User accounts should have strong passwords.
Securing third-party software
- Updates for third party software is developed by the individual or organization, who provides the software.
- Sometimes the software can automatically check for updates for itself.
- Sometimes the user will be required to download and install newer versions from the individual or organization, after checking on their own.
Anti-Virus
- All machines should have anti-virus software installed. There are many free and paid anti-virus software. Helps prevent, detect, and remove malware from a computer.
Common signs and symptoms of malware
- Computer slowdown
- Abnormal popups or advertisements
- Abnormal program installation or processes running
- Unusual browser behavior: new homepage, toolbar, search engine, odd automated activity, etc.
- Frequent crashes
- Warning messages relating to anti-virus: computer infection message, or antivirus not installed
Accidents can happen
- Incidents should be responded to appropriately
- Cleanup with antivirus tools
- Clean install on machine
- Bring machine to a professional (e.g. DePaul Genius Squad)
- Important files can be backed up regularly to avoid data loss
Responding to Identity Theft:
Identity theft is a serious issue, learn more to be prepared!
Prevent Further Issues
- Freeze or the close the account(s) in question
- Contact the organization which services the account. They may be the ones who initiate the freeze or provide a list of what steps to take next.
- Change account login information
Place a fraud alert with one of the three major credit bureaus
- Free
- Requires creditors to contact filer of the alert before opening a new line of credit in filer's name.
Additional Responses to Identity Theft
- Check credit report.
- Report the theft to the FTC.
- Report the incident to the local police department. This may be the Sheriff's office.
- For more information, visit: identitytheft.gov.
Learn more about Cyber Security
For more info or any additional questions contact the Help Desk at 312-362-8765 or helpdesk@depaul.edu.