E.L.U.D.E. Security Guide For Students
How to E.L.U.D.E. CyberSecurity Threats @ CCNY For Students
Office of Information Technology:
IT Security Office
Phone: (212) 650-6565
PROTECTING YOUR INFORMATION AND YOUR FAMILY
As the internet and mobile devices proliferate, maintaining information security has become a vital part of all our lives. Of particular concern is guarding personally identifiable information (PII), which includes:
- Social Security numbers and birthdates
- Debit and credit card numbers
- Userids with passwords
- Student records (e.g., GPAs, transcripts, grades, test results)
- Financial records (e.g., tax information, bills, insurance records, payroll information)
- Health records
- Drivers licenses or other government-issued identification
BEST PRACTICES TO E.L.U.D.E CYBERSECURITY THREATS
Ⓔnvironmental Awareness of cyber threats, risks, and best practices is essential protection
- Be careful when using online resources (commercial accounts, email and social networks): treat sensitive information like it will be there permanently, accessible to everyone.
- Disable online accounts and computer devices you no longer use.
- When possible, physically secure your computer with security cables/plates; always lock building/office doors and windows when your devices are unattended.
- Never leave mobile devices unattended; thieves can steal your hardware and identity.
- Regularly check your accounts, billing statements, and credit reports for suspicious activity.
Ⓛogins and Passwords should always be enabled and strong, respectively
- Use strong passwords that cannot be easily guessed or deciphered: at least eight characters including upper and lower case letters, numerals and symbols. Avoid using simple identifiers like common names, dictionary words, birthdates, and anniversaries.
- Use a unique password with each account (with a password manager, if necessary).
- Never, ever share your password or your account when logged in!
- Passwords are compromised all the time, so change your password at least every 180 days
- When available, configure your accounts to use two-factor authentication.
- Always require a password to login to your computer, especially at computer start-up; use a screensaver to automatically password-lock your unattended devices.
- Use a generic user account for daily tasks (browsing, email, working); only use administrative accounts for installing new software, updates and system maintenance.
- Always log out of your computer workstations, applications, social media websites, even if you will only be away for moments.
Ⓤpdates and Upgrades provide up-to-date protection against always evolving threats
- On all your devices always check for and install critical updates and security patches before using software products—including operating systems, applications, browser plug-ins and add-ons; only use products that are currently maintained by their developer.
- Always use up-to-date malware protection to protect against cyberthreats.
- Outdated programs contain security vulnerabilities; if you don’t need it, delete it!
Ⓓata and Information Management organize and isolate sensitive information to avoid risk
- Exercise caution when opening unexpected or suspicious email messages or websites, which may contain malicious attachments or links that appear legitimate.
- Classify and organize sensitive information to minimize exposure; never email or post it on public websites or email them. If you don’t need it, delete it!
- Back up critical data in scheduled intervals and store it on a safe, secure backup site.
- Learn how to securely delete unneeded data that contains confidential information, emptying the trash is not enough.
- Before disposing of storage devices containing sensitive information use a special programs to securely delete data also consider physically destroying the hard drive/flash drive.
Ⓔncryption securely encodes data, scrambling it to make it resistant to hacks
- Learn to use encryption tools (e.g. Microsoft Bitlocker, 7-Zip, Macintosh FileVault, OS X Disk Utility, VeraCrypt, TrueCrypt) to protect information stored on your devices.
- Use layered file, folder and/or full disk encryption to protect confidential data.
- Before transmitting confidential information always ensure data encryption protocols are in effect and secure (e.g. HTTPS:// for websites and SSL/ TLS for file transfer).
HACKS HAPPEN! How to E.L.U.D.E. cyber threats
Following these best practices will go a long way to protecting you from the worst
Environmental awareness of cyber threats, risks and best practices is essential protection
Logins and passwords should always be enabled and strong
Updates and upgrades provide up-to-date protection against ever evolving threats
Data and information management: Organize and isolate sensitive information to avoid risk
Encryption securely scrambles data, making it nearly impossible to hack
INFORMATION SECURITY RESOURCES
SANS Ouch! Information Security Newsletters:
This free monthly security awareness newsletter is written by information security experts for a wide audience. Subscribe today! (https://www.ccny.cuny.edu/it/security_sans_newsletters)
CUNY Security Awareness Program. This interactive program provides an overview of information security threats with best practices developed to keep you cyber-safe and secure. It takes approximately 30 minutes. (https://security.cuny.edu)
McAfee Anti Malware Software Download. The CUNY-licensed malware protection is available free to CUNY students, faculty, and staff for installation on personally owned devices. Download it from the CUNY Portal eMall. (See back page for download instructions.)
CCNY Password Reset Reset your password for applications maintained by OIT, including CityMail student email, CityCentral student portal, CCNY Wifi network, library databases, and Tech Center resources. If you ever suspect your CCNY account has been compromised, use this utility to immediately reset your password! (https://reset.ccny.cuny.edu/student)
HOW DO I GUARD MYSELF FROM IDENTITY THEFT?
Identity theft is the fraudulent acquisition and use of a person's private identifying information, usually for financial gain; victims can suffer adverse financial and criminal consequences. These resources advise on understanding, avoiding, detecting, and reporting identity theft:
To proactively prevent identity fraud (credit card, mobile phone accounts) request free annual credit reports from the following three credit reporting agencies. For a nominal fee you can also establish a “security freeze” for each of your family members. If you suspect identity theft, use these same agencies to request a free “fraud alert” or “extended fraud alert.”
GLOSSARY OF INFORMATION CYBER THREATS
Computer • An electronic device for storing and processing data, typically in binary form, according to instructions given to it in a program (e.g. laptop, desktop, mobile phone, game console, tablet, etc.).
Hacking • Using a computer to gain unauthorized control of a computer or access to data, often for fraudulent purposes.
Identity theft • The fraudulent acquisition and use of another person's private identifying information, usually for financial gain.
Keylogger • Software that records every keystroke typed, sending it to a covert, remote listening agent; a stealthy way to steal userids and passwords.
Malware • A general term used to describe malicious software designed to trick a computer user or infiltrate a computer, stealthily transmitted by many vectors, including email, websites, social media, USB drives, texts, wi-fi, advertising, browser plug-ins, and games.
Pharming • An attack intended to redirect a website's traffic to fraudulent site, often used to mimic legitimate and authoritative sites (e.g. banks, anti-virus software, invoices).
Phishing • Deceptive attempt to acquire sensitive information (i. e. usernames, passwords, and credit card details) by an agent masquerading as a trustworthy entity; threats include email, instant messaging, web sites, social media, and telephone calls.
Ransomware • Malicious software designed to encode a user’s documents using encryption and then demand a ransom to have those files restored.
Rootkit • A stealthy type of malicious software designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer, using adaptive behavior to avoid detection and remediation.
Software vulnerability • A flaw in software programming exploitable by malware and hacking; meticulous software management (including patches, updates, removal) reduces risk.
Spam • The use of electronic messaging systems to send unsolicited bulk messages indiscriminately. Basically junk email.
Spyware/ Adware • Malware or marketing software whose principal aim is to surreptitiously collect information by “spying” on the user.
Trojan • Disguised malware which appears to perform a benign or normal action but in fact performs a malicious action, such as transmitting a computer virus. Can appear to be a legitimate program or system resource.
Worm • Self-replicating malware that can move from computer to computer. Unlike a virus, it does not need to attach itself to an existing document or application.
Virus • Self-replicating malware that attaches itself to a digital document or application then spreads through copies of that document or application that are shared.
FREE McAFEE ANTI-MALWARE SOFTWARE DOWNLOAD
FREE McAfee Anti Malware Software • The CUNY-licensed malware protection is available free for CUNY students, faculty, and staff for installation on personally-owned devices.