In honour of Cyber Security Awareness Month, the Office of the Chief Information Security Officer (CISO) has put together a few tips to help you level up your cybersecurity knowledge. Here are a few helpful points to keep in mind:
Managing Your Passwords
It’s 2018, and the most commonly used password is still “123456.” Close behind it are favourites like “qwerty,” “abc123,” and “password.” With dozens of online accounts to remember login information for, it’s tempting to use and reuse easy-to-remember passwords like these. But easy-to-remember is also easy-to-guess, and cybercriminals are counting on you to make a password they can easily crack.
Luckily, there’s a simple solution that falls in between “use the same insecure password repeatedly” and “burn yourself out keeping track of a hundred passwords.” That solution is a password manager. A password manager is a tool that stores and retrieves all your passwords in an encrypted cyber vault. Your password manager can only be opened by your master password, which acts as the decryption key. Without the key, your other passwords remain encrypted and safe from hackers.
The password manager you decide on will come down to personal preference. Cost, features, and security are all important factors to weigh, along with general useability. To get you started, the Office of the Chief Information Security Officer (CISO) has investigated four top-rated password managers and created a comparison chart:
Detecting Phishing Attacks
Every day, our email accounts get a barrage of phishing attacks. Over half of internet users receive at least one phishing email in their inbox every day, and according to Verizon’s 2018 Data Breach Investigations Report:
- 92% of malware is transmitted via email;
- 16% of data breaches in the education industry are due to human error;
- 39% of malware-related data breaches contain ransomware, twice the number of last year.
Phishers are good at what they do. You might know the warning signs of a phishing email, but if the bait looks legitimate, you can still get hooked.
Phishing is when a fraudulent email is sent from a seemingly legitimate organization in an attempt to convince individuals to divulge personal information, such as passwords and credit card numbers. Links in phishing emails will often take you to phoney sites that encourage you to send personal or financial information to these criminals.
1. Don’t trust the display name: always check the sender’s actual email address. The sender’s domain name (e.g., royalbank@secure.123.com) will indicate if it’s a phishing attack.
2. Don’t click any links or attachments: hover your mouse over the link to see where the URL leads you, but don’t click. Don’t open any email attachments you weren’t expecting.
3. Check for spelling mistakes: legitimate organizations have professional communicators, so their emails typically do not contain spelling and grammar mistakes. An excess of spelling and grammar errors indicate a phishing attack.
October is Cyber Security Awareness month, an internationally recognized campaign held each October to inform the public of the importance of cyber security. For more tips on how to keep your data safe, visit the University of Alberta’s Chief Information Security Officer’s (CISO) website.Chief Information Security Officer’s (CISO) website.