Cyber-Security Awareness

October is Cyber-Security Awareness Month!

 The Information Security Office promotes security awareness at ECSU, because we recognize that truly securing any system starts with educating users.  After all, you don't drive a vehicle without a practicing and obtaining a license, right?  Help us make our ECSU network and the Internet highways safe. Follow links under our Information Security Office web section for internet safety guidance and other useful information.  

Under the Hoodie Videos: True Stories from Rapid7 Pen Testers

Looking to get into television?  Apparently, all you need is a fake ID.  Watch this true story to see how an Ethical Hacker owned a TV station network in just two hours and hung around – undetected – for two weeks.  Guard your IDs!

Rapid7 video - the bank job Rapid7 video- remote control Rapid7 video - one mans junk Rapid7 video - you had me before hello
Rapid7 video - hack thy neighbor Rapid7 video - picked off on the kickoff Rapid7 video - pwned you twice  

View more Rapid7 Under The Hoodie series videos at: https://www.rapid7.com/info/under-the-hoodie/

Protect yourself against social engineering:  Phishing Explained


The Stop.Think.Connect. Campaign is a national public awareness campaign started by the National Cyber Security Alliance.  It is aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.  We recommend that everyone take the following precautions.  

>>Keep a Clean Machine<<

Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.

DIT staff monitor faculty, staff and lab computers and their AntiVirus definitions.  

Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.

DIT staff routinely push updates to faculty, staff and lab computers. 

Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.

Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.

>>Protect Your Personal Information<<

Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.

On campus, we use Single Sign-On authentication.  This is a secure method which allows our users to use one password for multiple connections determined by DIT, eliminating the need to remember multiple passwords or phrases.  

Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.

Get two steps ahead: Turn on two-step authentication – also known as two-step verification or multi-factor authentication – on accounts where available. Two-factor authentication can use anything from a text message to your phone to a token to a biometric like your fingerprint to provide enhanced account security.


>>Connect With Care<<

When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.

Click here for more information about phishing scams.

Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.

Protect your $$: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with “https://” or “shttp://,” which means the site takes extra measures to help secure your information. “Http://” is not secure.

>>Be Web Wise<<

Stay current. Keep pace with new ways to stay safe online: Check trusted websites for the latest information, and share with friends, family, and colleagues and encourage them to be web wise.

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.

Back it up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely.

>>Be a Good Online Citizen<<

Safer for me, more secure for all: What you do online has the potential to affect everyone – at home, at work and around the world. Practicing good online habits benefits the global digital community.

Post only about others as you have them post about you. The Golden Rule applies online as well.

Help the authorities fight cybercrime: Report stolen finances or identities and other cybercrime to the Internet Crime Complaint Center (www.ic3.gov) and to your local law enforcement or state attorney general as appropriate.

>>Own Your Online Presence<<

Personal information is like money. Value it. Protect it.: Information about you, such as your purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites.

Be aware of what’s being shared: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s OK to limit how and with whom you share information.

Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it could be perceived now and in the future.