April 2020
Jennifer Bogut, MCSA, MCSE, BSIT
IT Director
Staying safe online is a challenge in normal times, and right now it is even more important…and probably less on your mind.
By following your typical safeguards and becoming aware of some newer ideas and resources, you can relax a bit as you work from home, educate your children, find ways to stay in shape or just browse kitty pictures!
Let’s review the typical safety recommendations:
Passwords:
-
- Strong passwords are the best protection
- At least 8 characters—the more characters, the better
- A mixture of both uppercase and lowercase letters
- A mixture of letters and numbers
- Inclusion of at least one special character, e.g., ! @ # ? ] Note: do not use < or > in your password, as both can cause problems in Web browsers
- A strong password is hard to guess, but it should be easy for you to remember—a password that has to be written down is not strong, no matter how many of the above characteristics are employed
- Examples of strong passwords
- Snoopy and Woodstock becomes Sno0py&ws
- In the dog house becomes !nTh3dawgHs
- Let’s have dinner at 8:00 p.m. becomes Lhd@800pm
- Think of a word and a number, then intermix them and mix the case. For example, your elementary school name (Main Street Elementary) and your pet’s birth month and year (12/961) becomes m1A2/i1n6
- Weak passwords
- Any word that can be found in a dictionary, in any language (e.g., airplane or aeroplano)
- A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0)
- A repeated character or a series of characters (e.g., AAAAA or 12345)
- A keyboard series of characters (e.g., qwerty or poiuy)
- Personal information (e.g., birthdays, names of pets or friends, Social Security number, addresses)
- Anything that’s written down and stored somewhere near your computer
- Strong passwords are the best protection
Known and unknown email senders:
We are all currently deluged with offers to help, although most are legit – many are not.
-
-
- If you get a “weird” email from a known sender, send a separate email, text or call them to verify they sent it.
- If an email asks for any of your login or personal information, it is likely a scam….contact the company by telephone.
- Check the “look and feel” of the images; that looks like the company logo…but is it really? Misspellings, an off-color or bad grammar all point to a spoofed/fake setup.
-
Current known COVID-19 related scams:
-
-
-
- Hackers are sending messages that claim to be from the Centers for Disease Control (CDC), World Health Organization (WHO) and other public health offices. The scam comes in the form of a phishing email aimed at stealing confidential information or installing malware.
-
- As part of the recently announced stimulus package, it is expected that the U.S. Government will be sending money to qualifying households, either via direct deposit or physical check. However, threat actors are calling and emailing people and asking for personal information or money upfront in order to process the alleged government payment.
-
- A suspicious call allegedly comes from a member of the IT department, asking for a user name and password or requesting that certain software be downloaded while working remotely.
-
- Remote workers more than likely are receiving a high volume of robocalls while working from home. Some of these calls are pitching COVID-19 test kits, cleaning supplies, medicine, ventilators, and masks.
-
-
If you are using a meeting service such as Zoom, here are a few tips:
-
-
- Do not make meetings or classrooms public. There are typically at least two options to make a meeting private:
- require a meeting password
- use the waiting room feature and control the admittance of guests
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post, rather, provide the link directly to specific people.
- Manage screen-sharing options such as change screen-sharing to “Host-Only”.
- Do not make meetings or classrooms public. There are typically at least two options to make a meeting private:
-
Apps/Games/Downloads:
Android users may not be as conscious of the threat because third-party app repositories are normal for that platform versus Apple’s highly controlled App Store. Still, the safest source of Android apps is the official Google Android Market, or at least an app store from a trusted source like the Amazon App Store. To avoid shady apps, you should deselect the “Unknown sources” option in the Android Applications Settings.
Mobile operating systems have enough security in place that apps generally have to request permission to access core functions and services of the device. Think about the permissions you are granting before you just tap and accept them. Does that Sudoku app really need access to your contacts, camera function, and location information?
Reputable and helpful links:
-
-
- General Tip sheets Stay Safe Online:
- If you are a victim of online crime:
- Digital declutter checklist:
- Family Online Safety Institute:
-
Utilizing some or all of the above should help to alleviate at least some of the additional stress we are all dealing with. Stay safe, stay well, check on your friends and neighbors, and check out our exercise videos to stay strong!
And here are some baby goats to make it all a smidge better: