A warm welcome to this, our final daily post for Cyber Scotland Week 2020. We finish the series with a look at how to store data securely and protect it from accidental or malicious loss.
Thank you for visiting our blog throughout Cyber Scotland Week 2020 – we hope you found it useful. If you have any feedback you’d like to share about the blog, or indeed have any questions at all about cyber security, please get in touch.
Store Data Securely
It’s the weekend! Pity about the weather though…
Following on from Thursday’s post about the importance of using strong passwords and yesterday’s about how even strong passwords can be compromised through phishing, today we’re going to show how enabling Multi Factor Authentication can put a stop to a significant proportion of account takeovers, even in cases where your password is revealed.
Information Services will soon be introducing MFA on staff Office 365 accounts. You can find out more about that on the MFA Project site, but in the meantime you should consider setting it up on your other accounts where available.
Enable Multi Factor Authentication (MFA)
Yesterday we looked at the importance of using strong passwords, but even the strongest password is of little benefit if a cyber criminal can trick you into handing it over to them willingly. This is what phishing emails are designed to do, so in today’s post we’ll explain some of the manipulative techniques they employ and what you can do to defend against them.
If you’d like to have a go at spotting potential phishing messages without putting yourself at risk, try this quiz from Google.
Despite strong passwords being fallible to a successful phish, there are ways to make it more difficult for a cyber criminal to access your account – even if you unwittingly hand over your password. Multi Factor Authentication (MFA) is one such method and we’ll be exploring what it is and how it works when we return tomorrow.
Defend Against Phishing
Passwords are often the only thing standing between a determined cyber criminal and full access to your email, social media accounts and online banking – which is why it’s so important that they’re strong and resistant to attack.
Focus on protecting these key accounts by giving them each a unique password that isn’t based on any information linked to you, and which hasn’t already been cracked or guessed elsewhere. Strong passwords can be difficult for people to remember, so try using three random words or think about using a Password Manager to remember your passwords for you.
Email-based attacks are the topic of Friday’s post, where we’ll explain how to defend against phishing. Hope to see you back here tomorrow!
Use Strong Passwords
Gone are the days when family members fought over whose turn it was to use “the computer” – many people today now have access to their own phone, tablet or laptop and frequently use all of these devices – either for personal use or work. With so much of our lives, friendships, memories and business activities dependant on these portable computers, it’s important that we all know how to properly protect them.
By taking some simple steps like setting a passcode and installing software updates, you can make it more difficult for cyber criminals to gain access to your important data, apps and accounts – even if the worst happens and your device is lost or stolen.
We touch upon authentication when discussing setting a passcode on your devices, but for all the details on using strong passwords, you’ll want to read Thursday’s post.
Secure Your Devices
It’s two topics for the price of one today! First we’ll explore the types of people behind cyber attacks, what they hope to gain by targeting you and why you make such a good target in the first place.
The second part of our post will go on to explain how to and why it’s important to report all cyber incidents, no matter how trivial you think they may be.
We look forward to welcoming you back tomorrow, when we’ll be exploring how to secure your devices.
Why would anyone target me? / How do I report a cyber incident?
We begin Cyber Scotland Week 2020 with the launch of a new cyber security e-Learning module for all staff, which replaces the existing module in Moodle. The link remains the same however, so you can still access it here. All Edinburgh Napier University staff need to complete the new e-Learning module – including those who have previously completed the old UCISA module.
Based on your feedback, we’ve made the content more current and easier to navigate, reduced the length to under 30 minutes and it’s now viewable on mobile devices such as tablets and phones.
The module introduces why cyber security is important, how attacks happen and then covers four key areas:
- Defending yourself against phishing
- Using strong passwords
- Securing your devices
- Reporting incidents
Since the new module is shorter and applicable to all organisations, it no longer includes university-specific sections such as handling research data. For further information on this and other relevant topics, please see the Information Security pages on the Staff Intranet. If you’d like to discuss bespoke cyber security awareness and training options for your team, please contact the IS Service Desk.
Join us again tomorrow for a double-bill of topics: Why would anyone target me? and How do I report a cyber incident?
Information Security Awareness
Cyber Scotland Week draws together events across the country to showcase the innovation taking place in the sector, while raising awareness of good cyber resilience practice and promoting a career within the industry.
In a hurry? Jump to the schedule for the week!
Cyber security affects us all, whether or not we realise it. Cyber attacks can cause disruption to our daily routines and cyber-enabled crimes such as fraud and identity theft can result in significant financial losses. Cyber crime is crime – just like theft or assault – but the police and other authorities suspect that it is being massively under-reported, because many people don’t treat it as such, or because they may feel embarrassed about falling victim to an online scam.
Recent cyber attacks on Maastricht University and Dundee and Angus College have sent a clear message that Higher and Further Education institutions are being actively targeted by cyber criminals. This may be because they are traditionally open environments with more relaxed security controls, they are in possession of large amounts of personal data relating to their students and staff, they have valuable research data that could be held to ransom or sold, or more likely a combination of all these factors.
However, this doesn’t mean that falling victim to cyber crime is inevitable. By following our advice and adopting a few basic defensive behaviours, you can greatly reduce the likelihood of a successful attack:
- Listen to your instincts – if an email, website or phone call doesn’t feel quite right, consider that it could be malicious and what could happen to you or the University if it is. If there’s the potential for harm or damage, think carefully before you act.
- Take your time – Don’t feel pressured into doing something in a hurry, just because a message tells you to act quickly. Think about whether or not the request is reasonable or expected and, if necessary, seek confirmation using an alternative method such as phone call or face-to-face.
- Share your concerns – Use a trusted authority such as Information Services for advice, guidance and support and always tell us if you think that something bad may have happened. You won’t get into trouble for reporting accidents or near-misses and doing so helps to protect other people.
What’s happening during the week?
Here at Edinburgh Napier University, we’ve put together 7 themed days of cyber security content for students and staff, presented on this website and promoted through our digital signage, intranet sites and social media accounts.
- The week lifts off on Monday 17th with the launch of our new Cyber Security e-Learning module. We’ll also have a stall in the foyer at Craiglockhart between 10:00 and 13:00, so come along and talk to us!
- On Tuesday 18th we’ll answer two very important questions: Why would anyone target me? and How do I report a cyber incident? Our stall will be in the foyer at Merchiston between 10:00 and 13:00, so you can ask us in person if you like.
- Most people have at least one mobile device, so on Wednesday 19th we’ll teach you how to Secure Your Devices – how to protect the information on them, the importance of software and app updates and what to do if your device is lost or stolen. The foyer at Sighthill between 10:00 and 13:00 is the final outing for our stall and our staff will be on hand to help.
- We’ll show you how to Use Strong Passwords on Thursday 20th and by doing so you’ll make it much harder for attackers to break in.
- Friday 21st is fish day at the Craiglockhart Hydra Restaurant, but every day is potentially a day you need to Defend Against Phishing. While it may not be possible to avoid every single phishing message, our tips will help you to avoid many of them and will tell you what to do if you think you may have fallen victim to a phishing attack.
- One of the most effective ways to keep cyber criminals out of your accounts is to Enable Multi-Factor Authentication (MFA), so on Saturday 22nd we’ll explain how.
- On Sunday 23rd we’ll conclude Cyber Scotland Week 2020 with a look at how to Store Data Securely – staff in particular have access to large amounts of information, including confidential data on students, finance and research. Knowing where that information is being kept, who has access to it and if it’s properly protected against damage or loss is essential to University business.
We’re hoping that everyone will find something useful in the content that we’ve prepared, but if there’s anything we haven’t covered that you’d like to know more about, please let us know.
Wishing you a cyber safe 2020!
Information Security Manager
Edinburgh Napier University