Cyber Security 101

What is Cyber Security?

The internet was originally designed to connect large computers at universities, businesses and governments. It grew exponentially once personal computers became common in the 1980s. Connecting to the internet leaves computers vulnerable. People can use computers to delete data, spread visuses, or even steal someone's identity.

Learn why protecting your information online is crucial with this video from the NOVA Cyber Security Lab.

Phishing

Phishing has quickly become one of the most common and effective attacks to compromise an organization's security and illegally access information and assets. These attempts to trick individuals into revealing private information have no end in sight, but following some basic guidance can help reduce the odds of becoming a victim:

Don't trust email from unknown senders and don't open their attachments.
If an email seems suspicious, verify the sender through trusted contact information.
Hover your mouse icon over hyperlinks to ensure the destination matches the URL.
Read the full destination URL when hovering over hyperlinks or when viewing a linked page.

If you think you may be involved in a phishing incident, contact the IT Help Center for support.

Reading URLs

Speaking of checking the destination URL, how do we know a good URL from a bad one? Webpage URLs consist of multiple parts that compose the final destination, for example:

http://www.heritage.edu/
This is a good link! "Heritage" is the second Level Domain and "EDU" is the top Level Domain

http://www.heritag.e.edu/
This is a bad link! It has a 3rd level domain of "Heritage", a 2nd level domain of "E", and a top level domain of "EDU". So, this link would actually send someone to the website "e.edu", not "heritage.edu"

Now, what about this one:

http://www.heritage.edu.dll.ca/homepage.htm
This is a bad link! The top level domain is before the first slash " / " mark, so even though this URL contains the correct "HERITAGE.EDU", it's actually a sub-domain site for website "DLL.CA".

These are just a few of the ways phishers attempt to trick people into trusting malicious webpages, it's up to everyone to remain vigilant and report phishing attempts when they're encountered.

Avoiding Scams

Between 2014 & 2018, the FBI's Internet Crime Complaint Center (IC3) received 1,509,679 complaints totaling $7.45 billion in total losses. In 2018 alone, they received an average of more than 900 complaints every day. Read the full report here: https://pdf.ic3.gov/2018_IC3Report.pdf

IC3 Guidance for Business Email Compromise (BEC):

Contact the originating Financial Institution as soon as fraud is recognized to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity.
File a detailed complaint with www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
Visit www.ic3.gov for updated PSAs regarding BEC trends.
Never make any payment changes without verifying with the intended recipient; verify email addresses are accurate when checking mail on a cell phone or other mobile device.

Viruses

What is a computer virus?

A computer virus is designed to spread from host to host and has the ability to replicate itself. Computer viruses cannot reproduce and spread without programming such as a file or document.

In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data.

How does a computer virus attack?

Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. In order for a virus to infect your computer, you have to run the infected program, which in turn causes the virus code to be executed.

This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do.

How do computer viruses spread?

In a constantly connected world, you can contract a computer virus in many ways. Viruses can be spread through email attachments, internet downloads, and social media scam links.

To avoid contact with a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust.

What are the signs of a computer virus?

A computer virus attack can produce a variety of symptoms. Here are some of them:

Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs.
Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it.
Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.
Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on.
Unusually slow computer performance. A sudden change of processing speed could signal that your computer has a virus.
Unknown programs that start up when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications.
Unusual activities like password changes. This could prevent you from logging into your computer.

Phishing Examples

Below you will see some examples of Phishing emails that have been sent to Staff and Faculty at Heritage.

Protect Your PC!!

Help prevent viruses from getting on your PC

There are many preventive steps you can take to help protect your PC from viruses and other threats.

Use an anti-malware app. Installing an anti-malware app and keeping it up to date can help defend your PC against viruses and other malware (malicious software). Anti-malware apps scan for viruses, spyware, and other malware trying to get into your email, operating system, or files. New threats can appear daily, so check the anti-malware manufacturer's website frequently for updates. Windows Defender is free antimalware software included with Windows, and you can update it automatically through Windows Update. You can also visit the list of Consumer security software providers to look for antivirus apps that work with Windows.
Don't open email messages from unfamiliar senders, or email attachments that you don't recognize. Many viruses are attached to email messages and will spread as soon as you open the attachment. It's best not to open any attachment unless it's something you're expecting.
Use a pop-up blocker with your Internet browser. Pop-up windows are small browser windows that appear on top of the website you're viewing. Although most are created by advertisers, they can also contain malicious or unsafe code. A pop-up blocker can prevent some or all of these windows from appearing. Pop-up Blocker in Windows Internet Explorer is turned on by default.
If you're using Internet Explorer, make sure SmartScreen Filter is turned on. SmartScreen Filter in Internet Explorer helps protect you from phishing and malware attacks by warning you if a website or download location has been reported as unsafe.
Pay attention to Windows SmartScreen notifications. Be cautious about running unrecognized apps downloaded from the Internet. Unrecognized apps are more likely to be unsafe. When you download and run an app from the Internet, SmartScreen uses info about the app's reputation to warn you if the app isn't well-known and might be malicious.
Keep Windows updated. Periodically, Microsoft releases special security updates that can help protect your PC. These updates can help prevent viruses and other malware attacks by closing possible security holes. You can turn on Windows Update to make sure that Windows receives these updates automatically.
Use a firewall. Windows Firewall or any other firewall app can help notify you about suspicious activity if a virus or worm tries to connect to your PC. It can also block viruses, worms, and hackers from trying to download potentially harmful apps to your PC.
Use your Internet browser's privacy settings. Some websites might try to use your personal info for targeted advertising, fraud, and identity theft.
Make sure User Account Control (UAC) is turned on. When changes are going to be made to your PC that require administrator-level permission, UAC notifies you and gives you the chance to approve the change. UAC can help keep viruses from making unwanted changes. To open UAC, swipe in from the right edge of the screen, and then tap Search. (If you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.) Enter uac in the search box, and then tap or click Change User Account Control settings.
Clear your Internet cache and your browsing history. Most browsers store info about the websites you visit and the info that you provide, like your name and address. While it can be helpful to have these details stored on your PC, there are times when you might want to delete some or all of them—for example, when you're using a public PC and don't want to leave personal info behind.

Here are some free antivirus's we recommend:

If you would like us to help you get antivirus software installed, please stop by the IT Help Center!