IS Support - Cybersecurity: DePaul Security Training Videos

Make sure that all of your computing, browsing, and digital communications are secure. Please take a few minutes to review the following videos that will help protect you from cyber attacks. Just a handful of proactive steps can help to ensure that DePaul students maintain a safe computing environment.

Introduction to Cyber Security

DePaul's Information Services is proud to present a cyber security guide. Learn about phishing, passwords, browser safety, protecting your personal devices, and responding to identity theft. Please watch the following videos to be better prepared for security threats.

Security Training Videos

Introduction

Please watch this series of videos and be better prepared for potential cybersecurity threats.

Phishing

A phishing attack is an attempt to socially engineer a user into unknowingly giving up sensitive information. This sensitive information can be used to access user account(s), and steal identities.

Passwords and Authentication

Using strong passwords and multi-factor authentication can strengthen your security stature.

Web Browsers and Browsing Safety

Securing your browser and browsing the web can help keep you safe!

Protecting Personal Devices

Keeping your devices secure and free from malware is critical.

Responding to Identity Theft

Identity theft is a serious issue. Learn more to be prepared.

Outro

Thank you for watching this video series. Please watch this outro for more resources available to DePaul students regarding cybersecurity.

DePaul Security Training - Plain-text content

Phishing:

Being able to identify and phishing attempts can help keep you safe online!

A phishing attack is an attempt to socially engineer a user into unknowingly giving up sensitive information. This sensitive information can be used to access user account(s), and steal identities. The attacker pretends to be an individual, group, or organization that can be trusted:

“From:" field may be spoofed.
Email and/or associated website may be set up to closely resemble a real email and/or associated website.
The attacker may provide public or stolen information in an email to provide an air of legitimacy.

The attacker may prompt a user to click on a hyperlink. The attacker may attempt to hide the effective URL.

Hover over the hyperlink to find out the true embedded link.
URL shorteners and redirections may obscure the real destination.
Sometimes real companies and websites are compromised, and attackers create or alter a webpage to make it malicious.

The associated link will be malicious

The website will often attempt to mimic the legitimate service which it is spoofing.
The website may prompt the user for credentials, which would then be stolen.
The website may initiate an automatic download, which may install malware on the user's machine.
The website may direct the user to call a phone number.
Instead of clicking, visit a real website by typing in the known URL.

The attacker may prompt user to open/save/run an attachment. The associated attachment will be malicious.

Attachment title may attempt to appear to be legitimate.
Scripts and other malicious code can be executed in files other than .exe.
Opening, previewing, or saving an attachment may install malware on the user's machine.

Other key indicators of potential phishing

Grammatical errors
Vague references to user's identity
Incorrect information
Unexpected email
Emphasis on time-sensitive constraints, in an attempt to create a false sense of urgency, is an especially common tactic

Passwords/Authentication:

Using strong passwords and multi-factor authentication can strengthen your security stature!

Passwords should be complex

Passwords should be at least 8 characters long.
Passwords should contain a mixture of upper case and lower case characters.
Passwords should contain a mixture of letters and numbers.
Passwords should special characters/symbols (when possible).
Passphrases (a password made of a long sentence) can help strengthen passwords and improve your ability to remember them.
Consider replacing letters with their equivalent numerical representations.
Passwords should not contain any sensitive information.
Passwords should not contain easily guessable information.
Consider changing passwords on a regular basis.

Passwords should be unique

Re-using passwords can give attackers' access into multiple accounts by stealing only one password.

Password Management: consider using a secure password manager

Requires user to remember one very complex master password.
May generate long complex passwords that can be used to login.
Avoid saving sensitive passwords in web browser.

Two-Factor and Multi-Factor Authentication

Authentication can be performed in a variety of ways: something you know (e.g. password), something you have (e.g. cell phone with a text message code), or something you are (e.g. fingerprint).
Security is strengthened when more than one factor is utilized.
Even if hackers have the user's password, they will be unable to authenticate if they do not have the other factor of authentication.
Consider using two-factor or multi-factor authentication when possible.

Browser/Browsing Safety:

Securing your browser and browsing the web can help keep you safe!

By default, browser settings may not be ideally secure, but can be configured.

Browser should require webpages to ask first before accessing user's location.
Browser should require webpages to ask first before accessing user's webcam.
Browser should require webpages to ask first before accessing user's microphone.
Browser should block popups and notifications.
Browser should ask before saving passwords, and this should be avoided altogether if possible.

Browsers can also usually be configured to be even more secure

Delete cookies, cache, etc.
Block third-party cookie reading and writing.

User should verify that their connection is secure

Connection should use HTTPS (valid TLS/SSL). This can usually be verified by a box next to the URL.
Secure connections are especially important when submitting sensitive personal or financial data.
A secure connection ensures that your data will be encrypted when sent across the Internet, but does not necessarily mean that your data is being sent to a legitimate place (e.g. a malicious website can provide secure connection).

Determining if a site is safe

Browsers, antivirus software, as well as other plugins may alert users when they are about to visit a potentially malicious site.
Terms of service and privacy policies: Often long and in “legalese", but also often very valuable. The contract(s) between the user and the website owner. Defines how the user's data is being used (collected, shared, etc.).

Check for spoofing

Utilizing a lookalike domain is a common method of tricking users.
Malicious sites may attempt to spoof the layout of a legitimate page.
Hover over a link to determine the URL inside of a hyperlink or the action to be taken.
Type the URL of the webpage you want to browse to, instead of clicking, or use a previously made bookmark.
When searching for a webpage in Google, the first result may not be the real site.

If a website is deemed to be potentially insecure users should try to find an alternative: big name online retailers or brick and mortar stores as an alternative to lesser known, potentially suspicious retail sites (if deemed insecure).

Even trusted sites may have malicious script embedded in an advertisement displayed by the ad service a website uses.

Safe posting habits

Users should be careful when posting personal information online. Attackers can use this information maliciously.

Public Machines and Access

Use caution when browsing while using a public computer (e.g. library computer).
Don't enter or access sensitive information when using a public machine.
Machine could be infected, or sensitive information could be cached and later retrieved by an attacker.

Use caution when connecting to unknown Wi-Fi networks or hotspots

Don't enter or access sensitive information when connected to hotspots found in places such as cafes.
Be careful of rogue hotspots attempting to spoof the SSID of a legitimate network.

Host Based Security:

Keeping your devices secure and free from malware is critical!

Computers are targets

Any device and any operating system can be a target for attacks and malware.
Attacks and vulnerabilities can vary between device and OS.
This includes mobile devices.
Best approach is layered security/defense in depth.

Securing the Operating System

Stable patches and updates should applied as soon as possible, as they may contain fixes for security vulnerabilities.
Host-based firewall should be enabled, and not open.
User accounts should have strong passwords.

Securing third-party software

Updates for third party software is developed by the individual or organization, who provides the software.
Sometimes the software can automatically check for updates for itself.
Sometimes the user will be required to download and install newer versions from the individual or organization, after checking on their own.

Anti-Virus

All machines should have anti-virus software installed. There are many free and paid anti-virus software. Helps prevent, detect, and remove malware from a computer.

Common signs and symptoms of malware

Computer slowdown
Abnormal popups or advertisements
Abnormal program installation or processes running
Unusual browser behavior: new homepage, toolbar, search engine, odd automated activity, etc.
Frequent crashes
Warning messages relating to anti-virus: computer infection message, or antivirus not installed

Accidents can happen

Incidents should be responded to appropriately
Cleanup with antivirus tools
Clean install on machine
Bring machine to a professional (e.g. DePaul Genius Squad)
Important files can be backed up regularly to avoid data loss

Responding to Identity Theft:

Identity theft is a serious issue, learn more to be prepared!

Prevent Further Issues

Freeze or the close the account(s) in question
Contact the organization which services the account. They may be the ones who initiate the freeze or provide a list of what steps to take next.
Change account login information

Place a fraud alert with one of the three major credit bureaus

Free
Requires creditors to contact filer of the alert before opening a new line of credit in filer's name.

Additional Responses to Identity Theft

Check credit report.
Report the theft to the FTC.
Report the incident to the local police department. This may be the Sheriff's office.
For more information, visit: identitytheft.gov.

Learn more about Cyber Security

For more info or any additional questions contact the Help Desk at 312-362-8765 or helpdesk@depaul.edu.