Guidelines and Tips for Students & Faculty on Safe Computing Practices

Overview

Here are some general safety recommendations for students and faculty members regarding computing.

Cyber Security Threats & Best Practices

Social Engineering

Social engineering involves manipulating individuals to divulge confidential information or perform actions that compromise security. Social engineering may encompass a broad range of manipulative tactics, both online and offline.

Examples of Social Engineering:
  • Impersonation: Attackers may impersonate someone in authority, such as a colleague, IT support personnel, or a superior, to gain trust and extract sensitive information.

  • Pretexting: Creating a fabricated scenario or pretext to trick individuals into disclosing information. For example, posing as a vendor or service provider to request login credentials or other sensitive details.

  • Baiting: Offering something enticing, such as a free software download or a tempting link, to lure individuals into revealing information or executing malicious actions.

  • Quizzes and Surveys: Crafting seemingly harmless quizzes or surveys that ask for personal information can be a method of social engineering.

  • Phishing: Phishing involves fraudulent attempts to obtain sensitive information, such as usernames, passwords, and financial details, by posing as a trustworthy entity. Attackers often impersonate well-known organizations, educational institutions, or even colleagues to deceive individuals into disclosing confidential data. Phising primarily relies on deceptive electronic communication, often through emails, messages, or websites

Best Practices

1. Verify Requests
Before divulging sensitive information or complying with requests, verify the legitimacy of the person making the request through a trusted channel, such as a known phone number or in-person contact.

2. Be Skeptical of Unsolicited Requests
Question unexpected requests for information, even if they seem to come from someone within the organization.

3. Report Suspicious Activity
If you suspect social engineering, report it to the appropriate IT or security personnel to investigate further.

4. Security Awareness Training
Regularly participate in security awareness training sessions to recognize and resist social engineering attempts.

Best Practices for Email Security Against Phishing Attacks

1. Verify Emails
Double-check the sender’s email address before clicking on any links or providing information. Legitimate organizations usually use official domain names, and misspellings or unusual characters in email addresses can be red flags.

2. Check Hyperlinks
Hover over hyperlinks in emails to preview the actual destination. Be cautious if the link address looks suspicious or does not match the purported sender.

3. Use Multi-Factor Authentication (MFA)
Enable MFA wherever possible to add an extra layer of security. Even if login credentials are compromised, MFA provides an additional step for verification.

4. Be Skeptical of Unexpected Emails
Question unexpected emails, especially those requesting personal or financial information. Legitimate organizations typically do not ask for sensitive details via email.

Malware (Malicious software)

Malicious software (malware) can infect computers and devices, leading to data breaches or system disruptions. Malware comes in various forms, such as viruses, worms, and Trojans, and can compromise the security of your digital environment.

Examples of Malware:
  • Viruses: Viruses are programs or code snippets that attach themselves to executable files or applications. They rely on a host file to replicate and infect other software, spreading from one file to another.

  • Worms: Worms are standalone malicious programs that can self-replicate and spread across a network without requiring a host file. They exploit vulnerabilities in network services or operating systems to propagate. Worms can spread independently and are often capable of spreading rapidly.

  • Trojans: Trojans, short for Trojan horses, are deceptive programs that appear legitimate but contain malicious code. They often trick users into installing them, allowing attackers to gain unauthorized access or steal sensitive information. Trojans are designed to stay on the infected system for an extended period, enabling attackers to maintain control and carry out malicious activities without immediate detection.

  • Keylogging: Certain malware, known as keyloggers, can record keystrokes on infected devices. This means that sensitive information, such as login credentials and credit card numbers, can be captured and transmitted to malicious actors without your knowledge.

  • Ransomware: Ransomware is a type of malware that encrypts files or entire systems, making them inaccessible to the user. The attacker then demands a ransom in exchange for providing the decryption key.

Best Practices

  1. Avoid Suspicious Downloads Only download files and software from reputable sources. Be cautious of email attachments and links, especially if they are unexpected or from unknown senders.

  2. Update Operating Systems Regularly update your operating system and software to patch vulnerabilities that malware may exploit.

  3. Backup Important Data Regularly back up your important data to an external, secure location. In the event of a malware infection, having backups ensures that you can restore your files.

  4. Install Antivirus Software Keep antivirus software up-to-date and perform regular scans to detect and remove malware from your system. Be cautious and ensure that your antivirus software is from reputable sources, as some malware disguises itself as antivirus programs.

Weak Passwords

Weak passwords are susceptible to various attacks, where attackers employ different methods to gain unauthorized access. Understanding these attack techniques is crucial for fortifying your accounts against potential breaches.

Examples of Password Attacks:
  • Brute-Force Attacks: In a brute-force attack, hackers systematically attempt every possible combination of passwords until they find the correct one.

  • Dictionary Attacks: Dictionary attacks involve using pre-existing lists of common words or phrases to guess passwords. Attackers often use specialized software that rapidly tries each word in the dictionary.

Best Practices

1. Create Strong Passwords
Make your passwords long and complex by using a combination of uppercase and lowercase letters, numbers, and special characters. Aim for a minimum length of 12 characters or more to enhance security. To counter dictionary attacks, avoid easily guessable passwords like common words, phrases, or sequential combinations. Opt for unique and unpredictable combinations.

2. Regular Password Changes
Change passwords periodically to mitigate the risk of unauthorized access, especially after security incidents or if you suspect your password may have been compromised.

3. Avoid Password Reuse
Using the same password across multiple sites or services poses a significant risk. If one account is compromised, it exposes all others using the same password. Use unique passwords for different accounts to prevent widespread access in case of a breach.

4. Password Manager
Consider using a password manager to generate and store complex passwords securely.

Unsecured Wi-Fi Networks

Connecting to unsecured Wi-Fi networks exposes your devices to various security risks, including eavesdropping, unauthorized access, and data interception.

Security Risks of Unsecured Wi-Fi:
  • Eavesdropping: Without encryption, data transmitted over unsecured Wi-Fi networks can be intercepted by malicious actors, allowing them to eavesdrop on your online activities.

  • Man-in-the-Middle Attacks: Attackers can position themselves between your device and the network, intercepting and potentially altering the communication between you and the intended destination. Users may be redirected to fake sites and enter sensitive information such as login credentials or personal details, thinking they are interacting with the genuine service.

  • Unauthorized Access: Unsecured networks lack authentication mechanisms, making it easier for attackers to gain unauthorized access to connected devices.

Best Practices

  1. Use Encrypted Connections
    Connect to secure and encrypted Wi-Fi networks whenever possible.

  2. Avoid Public Wi-Fi for Sensitive Transactions
    3. Refrain from accessing sensitive information when connected to public Wi-Fi.
 
Are you ready to take the next step toward your future career?