Spotlight on DASNR IT

Using Password Managers to Stay Safe Online

Whether it is posting in social media, reading email, banking, or any number of other things, if you are online, you will be using a password to access your account. Some people are really good about using secure password practices but many of us remember passwords by writing them down on a Post-It Note, using easy-to-guess passwords or reusing old passwords. These practices leave our accounts vulnerable in the cyber world. One thing that can help us keep our online accounts safe is a password manager.

Password managers do pretty much exactly as you would expect: they manage passwords. To get started, a “strong” password is created for the password manager then the password manager provides tools for creating and storing your passwords. The password manager creates unique and hard to guess passwords thereby increasing the security in the associated accounts. Along with the password, password managers keep login information for each website including the username or email address you use. So when you log into a website, like Facebook for example, it will remember your email and the password and automatically put both into their respective fields. It is critical to secure the computer that is entrusted with your password manager: a username and password should be required to get access to the computer!

Another benefit of password managers is to have your passwords available on multiple devices. Several password managers have an app for both IOS and Android so you can also have access to your passwords on your phone as well and the app can be shared across different computers too. If you have a laptop and desktop you will have access to the passwords in both places. If you lose your device you can just change the password of your password manager and the rest of your passwords will still be safe behind that new password. Some password managers will even allow you to remove a device from its list requiring that device to be logged back into with your password to your password manager.

There are many different password managers. Chrome, Firefox, Internet Explorer, and Edge all have built in password managers that work for storing password, but don’t offer some of the other features. A few other password managers offer better features and some have free versions.

Dashlane– Dashlane has some amazing features, like changing several passwords at once. However, the free version of Dashlane limits the password storage to 50 sets of credentials.
LastPass– The free edition of LastPass has unlimited devices, and even a security challenge that helps determine how secure you are with your online accounts.
Best Security: Keeper – Keeper also has some storage for files and documents that you want to keep safe. The limiting factor on the free version is that it is limited to a single device

References:

https://www.cnet.com/news/the-best-password-managers-directory/
https://www.tomsguide.com/us/best-password-managers,review-3785.html

Tips for Staying Safe Online With Your Social Media Accounts

Social media has made the world a more connected place, and in most cases, that’s a good thing. But social media has also created easy access to people’s and business’ information. And that can be a very bad thing when it comes to hackers and scammers getting involved.

Giving up social media is not a realistic option. Social remains the current most effective way to reach certain audiences. But neither is it reasonable to carry on as if social networks are always safe and secure. You need to take steps to protect your personal and the university’s information against some of the most common social media security threats. Here’s where to start.

Third-party Apps

Third-party apps are apps or websites that let you access your social media account’s information to look at statistics or analytics of your site. These apps are not usually approved by the social media companies themselves.Even if you have your own social accounts on lock-down, hackers may be able to gain access through vulnerabilities in third-party apps that integrate with the big social networks.

For example, hackers gained access to the Twitter accounts of Forbes and Amnesty International using a flaw in the Twitter Counter app, used for Twitter analysis.

So be sure to use the official social media websites to view your social media information to decrease the likelihood of personal or private information from being obtained by hackers or scammers.

Phishing Attacks and Scams

Phishing scams use social media to trick people into handing over personal information (like banking details, passwords, or business information).
A recent social media scam involved false reports that the actor Rowan Atkinson had died. (The Mr. Bean and Blackadder actor is still very much alive.)

What looked like a video link actually directed users to a page that said their computer had been locked, with a phone number to call for support. Rather than a support team, the phone line connected to scammers looking for credit card numbers and personal information. Worse, the “support software” offered was actually a virus.

So if you ever run into an issue like this, where you get a big error in your web browser asking you to contact someone for support, please contact your Computer Support Specialist on campus first before doing anything else so that we can help you determine if these errors are legit. (Most of the time they are not!)

Limit Social Media Access

You may have several staff members working on social media messaging, post creation, or other content creation. But that doesn’t mean everyone needs the ability to post. And it doesn’t mean that everyone needs to know the passwords to your social accounts.

The first line of defense is to limit the number of people who can post on your accounts. Think carefully about who needs posting ability and why.
Also, if a staff member leaves the university or moves to a different position, be sure to disable their access to your social accounts to prevent any accidents or malicious posts from being created.

Use Unique Passwords for Each Social Network

It’s a pain, I know. But it is also absolutely recommended that you don’t use the same password for Twitter as you do for Facebook, Instagram, or other social tools. Using a single password makes it easy for hackers and scammers, as gaining access to one means gaining access to all. Just imagine how painful it will be when you find you’re locked out of your entire online life.

When you use one password for multiple services, you’re only as safe as the least secure service you use. For example, if there is a security breach at Facebook and hackers or scammers have obtained your information, they’ve effectively gained your information for Twitter and Instagram as well, if you use the same password for all sites.

Additional Links and Information

15 Social Media Security Tips

https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/social-media/

Mobile Device Security When Traveling Abroad – Cyber Security Awareness Month 2018

This blog post is intended to provide a follow up to a previous post. You are encouraged to read the previous post because it, too, contains relevant information about this important topic.

Travelers face an ever-increasing variety of cyber threats. Vulnerabilities, including unsecured devices and data and over-sharing information, can be minimized if we understand these threats and take appropriate precautions. Recommendations to help protect your data, devices, and professional and personal identity include:

Store data on a USB thumb drive or other removable media that can be destroyed after use and do not accept USB thumb drives or other removable media from any other sources. When possible, travel with a new or re-imaged device so that no data is stored on it. Do not plug USB-powered devices into public charging stations – only connect USB-powered devices to the power adapter with which they were intended to be used.
Keep electronic devices with you at all times. When not in use, devices, network connections and services should be turned or powered off.
Before traveling, change all passwords that you will use while traveling abroad and clear browsing histories and other stored information that could be abused by foreign entities. Upon your return change the passwords of any accounts that were accessed while abroad.
Delete unnecessary applications, plugins, and software.
Ensure your computer and mobile device has the most recent patches, software updates, and anti-virus software installed.
Where possible use a one-time web-mail account.

Other recommendations:

Do not access sensitive accounts or conduct sensitive transactions over public networks, including hotel business centers and Internet cafés. If a connection to sensitive accounts or systems is required, use a virtual private network (VPN) connection, if it is legal in the country to which you are traveling. Note that it is not legal to use OSU’s VPN in all countries outside the U.S. You should consult with your local contacts before using a VPN.
Know the local laws regarding online behavior as some online sites are illegal in certain countries, including Google, YouTube, Facebook, Twitter, and Instagram. Consult the State Department website for information about particular destinations.
Assume that all online activity is subject to government and/or other monitoring techniques, including OSU’s Outlook Web Access (cowboymail.okstate.edu).
Use of mobile apps that contain encrypted communication may be illegal. Consult your local contacts before using the app.

Note about OSU’s VPN: the VPN offered by OSU encrypts and secures data only when accessing okstate.edu domains. When connected to the VPN, data transmitted to/from non-okstate.edu domains will be sent across the public network (unencrypted).

References:

https://www.dhs.gov/sites/default/files/publications/Cybersecurity%20While%20Traveling_7.pdf
https://us.norton.com/internetsecurity-mobile-8-cyber-security-tips-for-business-travelers.html
https://www.cisecurity.org/white-papers/cybersecurity-while-traveling/