Cyber Safety at Work

WHPS Tech Tip

Tips for Cyber Safety at Work:

1. Defend your computer

Lock your computer when stepping away from your desk. TIP: The keyboard shortcut to lock your PC is to press and hold the Windows key then press L on your keyboard.

2. Think before you share sensitive information

  • Never provide sensitive or confidential information in response to an e-mail, even if the e-mail appears to be from someone you know. Call the sender to verify the authenticity of the message.

  • Be cautious when sharing information online. Avoid posting sensitive or personally identifiable information (PII) to unknown or untrusted sites.

3. Think before you click

  • Pause before you open attachments or click links in e-mail if it is something you are not expecting or looks suspicious. The sender’s e-mail address may have been spoofed, or the e-mail account of the sender may have been compromised; call the sender to verify.

  • Do not click on links or buttons in pop-up windows or websites you aren’t familiar with and trust.

  • Contact Helpdesk (x6636) to report any suspicious links or e-mail messages.

4. Use strong passwords

  • Secure your online accounts, computer, mobile phone, and other devices with complex passwords or PINs that are not easy to guess.

  • Keep passwords and PINs secret. Never disclose your passwords to others, and do not write them down.

  • Don’t use the same password everywhere.

  • Consider using a passphrase instead of passwords for added security. A passphrase is a combination of words that are easy for you to remember but harder for others to guess.

5. Protect yourself from e-mail scams

  • Look out for alarmist messages, misspellings and grammatical errors, formatting irregularities, deals that sound too good to be true, requests for sensitive information like account numbers, passwords and other signs of a scam.

  • Scrutinize e-mail attachments. Never open attachments that seem suspicious or unexpected.

  • The IT Department will never ask for your password over e-mail, nor send you links to reset your password; contact Helpdesk (x6636) if you receive a message like this.

6. Protect your data on the go

  • Only connect to Wi-Fi networks that you trust.

  • Confirm the exact spelling of the wireless network you’re connecting to. Beware of clever (slightly misspelled) fake wireless network names.

  • Guard your laptop, smartphone, and other mobile electronic devices like flash-drives as carefully as your wallet.

  • Immediately report to Helpdesk (x6636) the theft or loss of a district device and also inform the school office.

  • Change all passwords associated with the lost device, if applicable.

Additional Resources:


www.cybercompass.org is a WHPS IT Cyber Safety resource for parents and students. The small amount of time someone takes to stop and think before they click or enter information online may be all it takes to avoid a privacy breech, data loss or identity theft; stay cyber safe! Here are some common definitions:

Phishing

Phishing refers to criminal activity in which the criminal attempts to obtain sensitive information by masquerading as someone or something else via email. Ever get an email from “Amazon” asking about your recent payment activity and the need to update your account but you find out it’s not really Amazon? That’s phishing. The criminal poses as a legitimate person or entity in the hopes of you trusting them and giving up personal information such as your username and password, credit card details, security codes, etc.

Phishing attacks are on the rise (150% in the past year on social media networks like Facebook, Twitter, Instagram and LinkedIn) and the bait is becoming increasingly believable and harder to identify. The logo looks legitimate, the promotion sounds good, and the quiz seems so fun! So as much as you want to take that survey on Facebook (you can even win a prize!), don’t.

Spear Phishing

Even scarier, is spear phishing, in which the email appears to be from an individual or business you know and trust, but it isn't. Unlike a random attack, these target a specific organization to access confidential information. Hackers are now looking at your organization’s web page for employee listings and contact information so they know who to pretend to be and who to target. If you get an email from an internal employee asking for information that 1) seems suspect relative to their business needs and job function or 2) seems like something they should already have access to, don't reply right away. Give them a quick call or stop by their office and make sure it was really them reaching out to you.

Vishing

Voice + Phishing = Vishing; the telephone version of phishing. In this scenario, you receive a phone call from a criminal posing as an authentic business or agency in an attempt to fool you into providing personal information. A five minute identity theft. Vishing can occur via voice email, VoIP (Voice over IP), landline or cell phone. These criminals are hard to track down as they have even spoofed caller ID numbers to hide their identities. So while it “looks” like you’re getting a call from your bank, you aren’t. Be sure to verify who it is that you are talking to on the other end, never provide personal or payment information over the phone if you are unsure, and don’t be afraid to tell them you’ll call back after you validate the proper number for the business.

Smishing

Your phone lights up and you’ve got a new exciting text. “You have won a free gift card, click this web link to claim your prize!” But it’s not a prize, it’s a fake link that captures your personal information. That’s “smishing” – SMS + Phishing. If you get a mysterious text (many of which conveniently contain hyperlinks to fraudulent sites or phone numbers to call back) don’t reply. And keep an eye out for messages coming from a “5000” number. This generally indicates the text message was sent via email to your cell phone and not another mobile phone.

Pharming

While the attacks above will solicit you for personal information and rely on you to make an error in trust or judgement via clicks and keystrokes, this form of attack will simply take you there! Using malicious code, pharming directs internet users to a fake website that mimics the appearance of a legitimate one in order to gain a user’s personal information. Pharming can redirect you to the false website without your knowledge. Everything looks real and you may not have even noticed a change in the webpage. Online banking sites and e-commerce organizations have become prime targets here. Be extra careful when entering sensitive or payment information online. Take an extra second and make sure you see an “s” in the “https” of the URL, and check for the lock, key or padlock symbol (this may vary based on the browser you use). Be wary of websites that look a bit “off” or different than the last time you visited.


Cyber threats are growing smarter and more sophisticated by the day. It’s important to remember that although these forms of attack exist, they are not independent of each other. You may get a vishing voicemail directing you to a phishing website. The attacks are intertwined and refined. Don’t believe every sender and site is legitimate, and most importantly, don’t take the bait. If it looks “off,” it probably is. It's not a waste of time to stop and verify who you are talking to and what you are receiving or viewing online before handing over your information. (Definitions credit: BlumShapiro)