Cybersecurity


Cyber Safety Tip of the Week

Multi-factor Authentication

What is it?
Multi-factor Authentication (MFA) is the process of verifying that you are who you claim to be when logging in to a device or an account. If you’re reading this from your work computer, you probably logged in to your computer – that’s single-factor authentication. But single-factor authentication is no longer enough to keep your accounts secure. Learn more below about the various ways you can digitally-authenticate your identity.

Understanding the Types of Identity Claim Factors:

  • Something you own. This is using a mobile phone or device that you have in your possession to prove your identity. Typically, the device provides a code via an application, text message, email, or voice call. You then enter this code, and for successful authentication, your code must match what is expected by the service you’re attempting to log in to.
  • Something you know. This is something you’ve memorized or stored somewhere, such as a PIN. You must supply the correct PIN to log in to your device or service.
  • Something you are. This factor is something about your physical body that cannot be altered, such as your fingerprint or retina. Biometric scanners or readers are used to confirm you’re physically the person that you’re claiming to be.

Why do I need it?
In our digitally-driven world, passwords are no longer enough to keep your information safe. These days, it takes minimal effort for hackers to break into, or social engineer their way into, accounts that are only protected by passwords. Adding an extra step to access your accounts, such as entering an authentication code, means that hackers would also need to have your phone to break in.

Create an additional layer of security and make it harder for criminals to access your data by using two-factor or multi-factor authentication.

STAY ALERT! Don’t be a victim.

Be Aware, Be Vigilant, Be Skeptical!

KCSD Cyber Safety, Security & Privacy Awareness


Recommendations for Securing Your Data & Protecting Your Privacy
Always
*Be skeptical of every email
*Lock your laptop before leaving it unattended
*Restart your laptop weekly
*Check Google Drive Sharing Permissions
*Be Very Careful if accessing District & personal Google accounts on the same device

Never

*Allow students to login to staff devices
*Login to student devices with staff accounts
*Write passwords down or keep close to computer
*Access District email links/attachments on mobile devices
*Use your District email to register for personal programs or services, social media, banking, etc.

For past KnowBe4 tips please take a look at Tips You Missed.

 


KnowBe4 Tip: Don’t Reuse that Password!

Today, data breaches are more common than ever. A data breach is a leak of sensitive or confidential information, whether intentional or unintentional. It is almost a guarantee that at least one of your passwords, past or present, has been exposed by a data breach.

When passwords are exposed, hackers can buy them for a small sum, giving them unlimited access to your accounts and sensitive information. And, if you’ve used that password for multiple online accounts, bad guys could access those accounts too. So, if you’re still using your old MySpace password for your Facebook account, change that password immediately!

Here are some tips to keep in mind when creating new passwords:

  • Make your passwords complex
    • Complex passwords use at least eight characters with a combination of upper and lower case letters, numbers, and symbols.
      • Example: a3D$8k0*
  • Use passphrases
    • Passphrases are a phrase or sentence. Don’t use the lyrics of your favorite song or a quote from a book! Make it unique but make it something you can remember.
      • Example: Pa$$wordSafety1sC0ol
  • Use a password generator
    • Password creators such as LastPass and 1Password can generate passwords for you.
  • Don’t use variations of your old passwords
    • Hackers know that untrained users will do this, so they use automated tools to figure out these variations.
      • As a simple example, if your password is “Password”, don’t make it “Password1”. Hopefully, none of your passwords are actually “Password”!

Whether or not you’re sure that your password has been exposed, make the safe choice and make all of your passwords unique. Not sure how to keep track of all of these unique passwords? Ask your IT team or supervisor if they can recommend a password or credential manager that you can use.

 

Remember, these attacks are only successful if we fall for them. Stay alert and be cautious!


How to Clear Cookies in Web Browsers

 How to Protect Yourself from Phishing Attacks

Note: teachers and staff are strongly urged to stay off of shopping sites and social networks while using District supplied laptops or desktops (this is especially true when using devices outside of the District). These types of sites promote computer viruses, along with types of malware, spyware,and ransomeware that could negatively impact your computer and jeopardize your data.

The tax and vacation seasons are a prime time for phishing attacks. Scammers will attempt to gain access to your personal information, eg., credit/debit card information, bank account information, your social security number, etc., by posing as legitimate companies or sites, emails, or even telephone contacts. Scammers can even hold your data hostage, i.e.,  “ransomeware”; in this case, the user’s data is encrypted and held hostage. In order to decrypt the data, a ransome is demanded by the scammers.

The attached post lists nine tips from Kapersky Labs, a leading anti-virus company, to protect yourself from phishing attacks.

How to Protect Yourself from Phishing Attacks

Symantec Corp., manufacturer of Norton Antivirus, has a lot of useful information concerning cyber security, virus protection, and child internet safety on their Internet Security website.

Norton Internet Security

Microsoft also has a very good tutorial and FAQ on ransomeware.

Microsoft Tutorial on Ransomeware

Google has found a way to keep their employees from getting phished. Check out:

 Google Eliminated Phishing by Giving All 85,000 Employees USB Security Keys


From CNET:

How to Avoid Being Scammed

To avoid being scammed or — perhaps, worse — having your phone number added to additional robocall lists, follow these tips from the BBB:

  • Do not answer calls from numbers you do not recognize (duh).
  • If you do answer and are asked questions that seem to be fishing for a “yes” or “no” answer, do not respond and hang up immediately.
  • Never give out any personal information over the phone when you are unsure of the caller (also obvious but worth repeating).
  • Make a note of the number and report it to BBB Scam Tracker to help warn others.
  • As always, check your bank and credit card statements regularly for unauthorized charges.

You can also report suspicious or unwanted calls to the FTC’s National Do Not Call Registry and register your home and mobile numbers for free to avoid or at least lessen the frequency with which you receive unsolicited calls.


9 Clever Ways Thieves Steal Your Identity – and How You Can Stop Them