Cyber Safety at Work
WHPS Tech Tip
Tips for Cyber Safety at Work:
1. Defend your computer
2. Think before you share sensitive information
- Never provide sensitive or confidential information in response to an e-mail, even if the e-mail appears to be from someone you know. Call the sender to verify the authenticity of the message.
- Be cautious when sharing information online. Avoid posting sensitive or personally identifiable information (PII) to unknown or untrusted sites.
3. Think before you click
- Pause before you open attachments or click links in e-mail if it is something you are not expecting or looks suspicious. The sender’s e-mail address may have been spoofed, or the e-mail account of the sender may have been compromised; call the sender to verify.
- Do not click on links or buttons in pop-up windows or websites you aren’t familiar with and trust.
- Contact Helpdesk (x6636) to report any suspicious links or e-mail messages.
4. Use strong passwords
- Secure your online accounts, computer, mobile phone, and other devices with complex passwords or PINs that are not easy to guess.
- Keep passwords and PINs secret. Never disclose your passwords to others, and do not write them down.
- Don’t use the same password everywhere.
- Consider using a passphrase instead of passwords for added security. A passphrase is a combination of words that are easy for you to remember but harder for others to guess.
5. Protect yourself from e-mail scams
- Look out for alarmist messages, misspellings and grammatical errors, formatting irregularities, deals that sound too good to be true, requests for sensitive information like account numbers, passwords and other signs of a scam.
- Scrutinize e-mail attachments. Never open attachments that seem suspicious or unexpected.
- The IT Department will never ask for your password over e-mail, nor send you links to reset your password; contact Helpdesk (x6636) if you receive a message like this.
6. Protect your data on the go
- Only connect to Wi-Fi networks that you trust.
- Confirm the exact spelling of the wireless network you’re connecting to. Beware of clever (slightly misspelled) fake wireless network names.
- Guard your laptop, smartphone, and other mobile electronic devices like flash-drives as carefully as your wallet.
- Immediately report to Helpdesk (x6636) the theft or loss of a district device and also inform the school office.
- Change all passwords associated with the lost device, if applicable.
www.cybercompass.org is a WHPS IT Cyber Safety resource for parents and students. The small amount of time someone takes to stop and think before they click or enter information online may be all it takes to avoid a privacy breech, data loss or identity theft; stay cyber safe! Here are some common definitions:
Phishing attacks are on the rise (150% in the past year on social media networks like Facebook, Twitter, Instagram and LinkedIn) and the bait is becoming increasingly believable and harder to identify. The logo looks legitimate, the promotion sounds good, and the quiz seems so fun! So as much as you want to take that survey on Facebook (you can even win a prize!), don’t.
While the attacks above will solicit you for personal information and rely on you to make an error in trust or judgement via clicks and keystrokes, this form of attack will simply take you there! Using malicious code, pharming directs internet users to a fake website that mimics the appearance of a legitimate one in order to gain a user’s personal information. Pharming can redirect you to the false website without your knowledge. Everything looks real and you may not have even noticed a change in the webpage. Online banking sites and e-commerce organizations have become prime targets here. Be extra careful when entering sensitive or payment information online. Take an extra second and make sure you see an “s” in the “https” of the URL, and check for the lock, key or padlock symbol (this may vary based on the browser you use). Be wary of websites that look a bit “off” or different than the last time you visited.
Cyber threats are growing smarter and more sophisticated by the day. It’s important to remember that although these forms of attack exist, they are not independent of each other. You may get a vishing voicemail directing you to a phishing website. The attacks are intertwined and refined. Don’t believe every sender and site is legitimate, and most importantly, don’t take the bait. If it looks “off,” it probably is. It's not a waste of time to stop and verify who you are talking to and what you are receiving or viewing online before handing over your information. (Definitions credit: BlumShapiro)