The following article is courtesy of Jisc.
For IT, cyber security and information security staff, lockdown triggered a whirlwind few weeks trying to quickly organise remote access for thousands of users, while also ensuring the safety of systems and data.
Jisc cyber security team shares some simple steps we should all be taking to stay safe online.
Protect your accounts
This advice applies to everyone, whether connecting to personal or university/college accounts, and is very simple: choose a strong password and, if it’s offered, switch on multi-factor authentication (MFA).
Believe it or not, the most popular password of 2019 was 123456. And ‘password’ came in at number four.
Come on! We can all do better than that, and if you don’t want your email, Amazon account or access to the virtual learning environment hacked, then you should make an effort. Use a different password for every account, too, otherwise you run the risk of multiple ‘hacks’. Using a password manager is really helpful here.
Use a different password for every account, too, otherwise you run the risk of multiple ‘hacks’.
MFA is slowly being rolled out across the education sector and means that, in addition to your password, you must verify it’s you trying to log on, by a second method, for example by approving a request on an app, inputting a code in a text message, or a fingerprint.
Devices
Chances are you’ll be using a laptop at home for a while yet. Most will encrypt data while at rest, which will protect information on the device if it is lost or stolen, but if it’s your own device, do check.
Make sure you update the operating system when prompted to do so – this will fix bugs and update security settings.
Whether using a phone, tablet or laptop, make sure you update the operating system when prompted to do so – this will fix bugs and update security settings. And check out the National Cyber Security Centre’s (NCSC) bring your own device (BYOD) guidance.
Data security
Particularly if you’re working on sensitive material, whether that’s research, a finance system or you’re using personal data, your IT/security team may insist you use a virtual private network (VPN). Through data encryption, VPNs allow remote users to securely access systems. You can download VPNs on to your personal device too.
Be very careful if using USB drives, which can be easily shared and are not easy to track. They can also introduce malware, too, so Jisc advises against their use altogether. There are other, more secure means of sharing files, such as corporate storage, like SharePoint, or collaboration tools, such as Microsoft Teams.
Collaboration tools
There’s been a lot of coverage about the pitfalls of video conferencing applications such as Zoom, and a previous blog by the head of Jisc’s security operations centre outlines simple steps to take to make these applications more secure.
This includes how to safely share links to meetings to prevent unwanted and uninvited guests, and to safely share screens, use a meeting password if possible, and to think carefully about how call recordings are stored and shared. And what’s in shot behind your webcam? Is there anything in view that should not be seen by all?
The NCSC has produced guidance, while the Janet computer security incident response team (CSIRT) has also published advice.
Phishing
There have been many reported coronavirus scams.
Cyber criminals are quick to take advantage of any disaster, playing on emotions to commit fraud
Cyber criminals are quick to take advantage of any disaster, playing on emotions to commit fraud by encouraging people to click through to dodgy websites which, for example, offer face masks for sale, or ask for donations. Others may trick people into giving away passwords. There’s further information in a blog by Jisc cyber security delivery manager, Jon Hunt.
Reporting problems
Think you’ve been sent a phishing email, suspect your device has been infected by a virus, or you’ve been harassed online? Make sure you know who in your organisation to report problems to – and don’t delay!
Make sure you know who in your organisation to report problems to – and don’t delay!
Security know-how
Are you confident you know how to protect yourself online? Jisc advocates security information awareness training for all staff and students? If your organisation doesn’t have its own online modules, the NCSC’s top tips for staff e-learning package will help fill the gap.
Good behaviour
Chances are, you will all have been asked to sign up to an “acceptable use policy” covering devices and systems. Such policies are sets of rules designed to inform the ways in which networks or systems may be used, including not breaking the law, such as by launching cyber attacks; to stop users sending spam or touting for commercial gain; and to prevent cyber bullying or harassment.
Also this year GÉANT joins the European Cyber Security Month, with the 'Cyber Hero @ Home' campaign. Read articles from cyber security experts within our community and download resources from our awareness package on https://connect.geant.org/csm2021
