Keep Learning

Keep Cybersafe

Keeping Cybersafe: Home Edition

You should make it a goal to stay as safe and secure online while remotely working from home. Technology alone cannot fully protect you. We have put together a few steps for you to keep in mind during this time. Not only will these five steps increase your security posture, but they will also help you create a cybersecure home for you and your family.

Also, scammers are using the coronavirus (COVID-19) as bait. They are sending emails with malicious attachments or links to fraudulent websites trying to “hook” your email credentials and much more.

This virus has affected the lives of millions of people around the world. It’s impossible to predict its long-term impact. But it is possible to take steps to help protect yourself against coronavirus-related scams.
 

IT SECURITY GOALS WHILE WORKING FROM HOME

Many employees at Cleveland State University are working from home due to the coronavirus. As we stay home to protect against further spread of the virus, you should make it a goal to stay as safe and secure online while working from home. Technology alone cannot fully protect you. We have put together a few steps for you to keep in mind during this time. Not only will these five steps increase your security posture, but they will also help you create a cybersecure home for you and your family.

1. YOU are the best defense - Attackers have learned that the easiest way to get what they want is to target YOU! They want your passwords and any personal information they can get. Attackers will try to do this via phishing emails, text messages, phone calls, etc. Remember your security best practices and look for the red flags (Grammatical errors, typos, urgency, sender's address etc.).

2. Home Network - Securing your wireless network is a key part of protecting your home. We recommend the following steps to secure your network:

  • Change your default network password
  • Make your password strong and different from any other password you have
  • Only allow people that you trust on your home network

3. Passwords - Create strong passwords for your home network (WiFi, router, etc.):

  • The more characters it has, the stronger it is
  • Use a passphrase - This is a combination of words that you’ll likely remember Example: IL0veW0rkingFr0mH0m3Y@Y!
  • Use unique passwords - this means a different password for each site/device
  • Use a password manager to store your passwords encrypted and help remembering them

4. Updates - Attackers are constantly looking for new vulnerabilities in the software you're using. Make sure your computer, mobile devices, programs and apps are running the latest version of its software. Companies that create the software release updates to fix these vulnerabilities. Make sure you are using the latest version of software and enable automatic updates.

5. Family - While sharing is caring, don’t share your work related devices with children, family or friends. They can accidentally erase or modify information, or, perhaps even worse, infect your devices. It's NOT a good security best practice to use your work devices for personal use.
 

HOW DO I SPOT A CORONAVIRUS SCAM?

Coronavirus-themed scams can take different forms, including these:

Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) alerts - Scammers are sending phishing emails designed to look like they’re from the CDC and the WHO. The email might falsely claim to link to a list of coronavirus cases in your area. The sender's email address also comes from a convincing domain, such as cdc-gov.org, whereas the CDC’s real domain is cdc.gov. You always need to stay vigilant in checking the sender's email address.

Health advice emails - Scammers are sending emails that offer medical advice to help “protect” you against the coronavirus. The emails might claim to be from medical experts stating “This little measure can save you,” or “Use the link below to download Safety Measures” for example.

Pandemic prevention products - Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges, etc. or over-the-counter products available to treat or cure coronavirus online or in stores.

These fake ads often try to create a sense of urgency — for instance, “Buy now, limited supply. At least two bad things could happen if you respond to the ads:

You might click on an ad and download malware onto your device.

You might buy the product and receive something useless, or nothing at all. Meanwhile, you may have shared personal information such as your name, address, and credit card number.

Bottom line? It’s smart to avoid any ads seeking to capitalize on the coronavirus.

Charitable donations - Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money think twice, be smart and do your research. Remember your security best practices and verify a charity’s authenticity before making donations.
 

Tips for recognizing and avoiding phishing emails

Phishing emails will try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here’s some tips to avoid getting tricked:

  • Disclosing personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies or companies won’t ask for that information.
     
  • Check the links. You can inspect a link by hovering over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses.
     
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, this could be a sign you’ve received a phishing email.
     
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” could be a sign of a phish.
     
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to immediately click on a link and provide personal information.
     
NOTE: To report a phishing email:

Do not click on any links. Forward the email to security@csuohio.edu