Cyber Security and Your Personal Devices

Bring Your Own Device (BYOD) has become the standard instead of the exception for many organizations, with an estimated 70% of mobile professionals using personal devices for work-related activities. As to be expected, many businesses have been hesitant in allowing their employees to use personal devices due to concerns with security. As such, many companies have put in place tools to protect their sensitive data – but what can you do to protect the data on your personal device?

1. Keep your software up to date: In 2017 one of the major types of cyber attacks came in the form of ransomware – both businesses and consumers alike were affected. One of the most important safeguards to prevent such attacks is by patching outdated software, both in operating systems and applications: enable “Automatic System Updates” for your device and make sure your web browser is updated too. These steps help to remove vulnerabilities that hackers can use to access your data through your devices.
2. Use anti-virus protection: Anti-virus (AV) and anti-malware protection software is one of the main defenses to combat malicious attacks. This software helps to prevent viruses and malware from entering your device and compromising your data. Note: antivirus and anti-malware software is not 100% effective from every kind of attack. Due diligence is still necessary when using your device. Use software from trusted vendors and only run one antivirus/anti-malware tool on your device.
3. Use a firewall: Similar to antivirus and anti-malware software, a firewall protects your device from malicious intent. It helps screen out unauthorized users (hackers), viruses, malware and other unauthorized activity by determining what traffic is allowed to enter your device. Windows Operating Systems (OS) and Mac OS X comes with their respective firewalls (Windows OS: Windows Firewall. Mac OS X: Mac Firewall).
4. Use strong passwords: It cannot be overstated: strong passwords are crucial to online security! Passwords keep our accounts and networks safe from unwanted access by those with malicious intent. According to the National Institute of Standards and Technology (NIST) you should consider the following when creating and/or updating your password(s):
   • Create/use a password with a minimum of 8 characters that should contain a least one lower-case letter, one upper-case letter, one number and a symbol. Your password(s) should not spell out actual words and should not be related to important information such as birthdays, anniversaries or locations
   • Do not use the same password twice.
   • Choose a password that is easy to remember.
   • Do not leave your password hints out in the open and do not share your password with others.
   • Change your password(s) often, at least once per year.
   • If you plan to leave your computer or personal device, lock the screen and require a password for re-entry.
5. Use two/multi-factor authentication: two-factor or multi-factor authentication is a service that provides additional layers of security to your accounts. This is achieved through many different channels, for example push notification, personal identification number (PIN) and finger print identification. For more information, click here.
6. Use caution: It is easy to become distracted during our daily activities; however, one of the more common cyber security threats can be prevented simply by using caution. These threats can come in the form of email messages with links to websites, telephone calls from someone desperate, and even printed fliers tacked to bulletin boards advertising something free. Each of these are types of phishing attacks in which someone with malicious intent attempts to steal your personal information. Phishing attacks are highly effective and very lucrative for the scammer: in 2018 nearly 1 in 6 Americans lost money due to phone scams.
7. Protect your personal identifiable information (PII): Personal Identifiable Information (PII) is any information that can be used by someone with malicious intent to identify or locate an individual. PII includes data such as a name, address, phone number, birthday, Social Security Number, IP and MAC addresses, location details etc. This data is easily available, especially with the “Always on” default settings in our modern devices and with our social media accounts. In 2016, Cifas, the UK’s leading fraud prevention service, released a video demonstrating just how easy it is to gather your data.
8. Use your mobile device securely: According to Malwarebytes Labs, some ways to ensure protection of your mobile device are:
   • Lock your phone with a password or fingerprint detection.
   • Consider encrypting your data.
   • Only install apps from trusted sources
   • Keep your device updated
   • Avoid sending personal or sensitive information over text message or email
   • Use Find my iPhone (iPhone) or the Android Device Manager (Android) to prevent loss or theft
   • Use an anti-malware app
9. Backup your data regularly: Regularly backing up your data to a secure source is not just a good idea to protect your data from cyber-attacks, but to also a good practice to prevent data loss in the event that there is a hardware failure on your device. Using resources such as iCloud (iOS/MacOS), OneDrive (Windows OS/ MacOS X 10.12 or later) and Backup and Sync (Android) will help ensure that your data is regularly backup up. Another option is to store your data on an external Hard Drive (HDD).
10. Do not use public WiFi without a Virtual Private Network: By using a VPN, the traffic between your device and the VPN server is encrypted. This means it’s much more difficult for a cybercriminal to access your data. If you do not have a VPN, use your cell phone network.

Additional information and helpful links:

• https://it.okstate.edu/security-education/
• https://www.coxblue.com/8-things-you-need-to-know-about-byod-and-cyber-security/
• https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/
• https://pages.nist.gov/800-63-3/sp800-63b.html
• https://www.securitymagazine.com/articles/90146-phone-scams-cause-americans-to-lose-105-billion-in-2018
• https://www.mcafee.com/enterprise/en-us/threat-center/mcafee-labs.html
• https://www.icloud.com/find
• https://www.google.com/android/find

Microsoft Teams

Overview

Microsoft Teams is a cloud-based communications platform and part of the Office 365 suite. Teams provides a project group with many tools: a conversation and chat space, video meetings, and file storage. As part of Oklahoma State’s Microsoft license, Teams is free to use as an employee of OSU.

Features

MS (Microsoft) Teams offers you the ability to have a group chat, online meetings, calling and web conferencing, thereby allowing your team to more effectively communicate.

In Teams you can work together by collaborating on files with built-in Office 365 apps like Word, Excel, PowerPoint, and SharePoint. You can customize your workspace by adding in your favorite Microsoft Apps and third-party services such as OneDrive.

Administrators of the team can control membership and manage team information and security by clicking on ellipses (next to the team name):

If you are interested in learning more about Microsoft’s hub for teamwork in Office 365, visit https://products.office.com/en-us/microsoft-teams/group-chat-software .

FAQs

Q: Is Microsoft Teams Free to use as an Employee at OSU?

A: Yes, Microsoft Teams is free to use as an Employee of OSU.

Q: How do I access Microsoft Teams?

A: The main ways to access Microsoft Teams is either through the Desktop standalone App, via the web, or through the Mobile App. Shown below are basic instructions:

     Accessing Microsoft Teams – Standalone App
1. Start Teams.

• In Windows, click Start > Microsoft Corporation > Microsoft Teams.
• On Mac, go to the Applications folder and click Microsoft Teams.
• On mobile, tap the Teams icon.

2. Sign in with your Office 365 username and password.

      Accessing Microsoft Teams – via the Web

1. Open a web browser (such as Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox, Google Chrome, Apple Safari, etc.) and visit Cowboy Mail (cowboymail.okstate.edu)

2. Log in using your OSU credentials.  

3. Once in CowboyMail, Click on “Apps” menu. The Apps Menu is the blue square with nine (9) white dots, located in the top left hand corner.

4. Once the Apps menu has opened, click on Teams.

5. From here, you will be redirected to Microsoft Teams. You will see team names for those teams to which you have access.

*NOTE* If you have previously logged into Microsoft Teams, and are attempting to log in again; you may be required to sign in using your OSU Credentials once again.

     Accessing Microsoft Teams – Mobile App

1. Go to the App store on your mobile device (Apple App Store, or Google Play Store)
2. Search for Microsoft Teams
3. Once the Microsoft Teams App has been downloaded and installed; Log in using your
   OSU Credentials.

Q: How do I setup a ‘team’?

A: Listed below are the detailed instructions on how to setup a ‘team’.

1. Login to https://okey.okstate.edu.
2. From the left-hand navigation, select “Microsoft Groups”:
3. Select “Create a new group as an employee”.
4. Complete the form then click “Create Group”. After approximately one business day, the group is created and the team is available in Microsoft Teams.