With working and studying from home becoming more and more commonplace, this year's Cybersecurity Month will focus on ways that Auburn University students, faculty, and staff and build a distance defense and stay secure while remote.
Use a VPN whenever accessing or using sensitive data.
A VPN (Virtual Private Network) provides a secure two-way communication between your device and the information you're accessing. The Palo Alto GlobalProtect VPN is required in order to use certain Auburn University resources, but that's not the only time you should worry about secure data. Using 3G/4G/5G network data, public Wi-Fi, or even private Wi-Fi where the password is publicly available, can put your information at risk.
- Financial Information: Online shopping is a breeze through mobile apps, and fast shipping can make it very enticing to complete a purchase as soon as you think about it. But completing an order means that you're transmitting financial information, whether it's bank account details or a debit or credit card number. You run into a similar problem if you access your banking apps or websites. Your password, account and routing number, and transaction history suddenly can become available.
- Passwords: It may seem harmless to log into your social media while you're out and about, but if you use the same password across multiple accounts, hackers will have access to those as well. In addition to using a VPN for your browsing, you should also make sure that you use different passwords across all your accounts in the event that one is compromised. If that seems like a daunting task, you can store your passwords in a vault like LastPass.
- Location Data: Many apps require access to your location data to provide you appropriate content. The convenience of finding restaurants, dates, and deals near you is very appealing! But consider the fact that other people may be able to find you if your location data gets transmitted over public networks. Not only may that lead to unsavory characters finding you on your night out, but it could also provide data for potential criminals who need to get you away from your house. Using a VPN gives you a lot more control over who can access that information.
Don't open links or files from unknown sources.
Phishing is constantly becoming more and more problematic as tens of thousands of people fall for phishing scams every single day. This can negatively affect the people who fall for the scams as well as anyone in their contacts or on the same network. It doesn't help that scammers are getting more sophisticated in their attacks, but there are still some red flags you can be on the lookout for:
- Links: It's easy to make a link look like it's directing you somewhere else, so don't click on a link in an email you're not expecting. Instead, type in the web address directly into the browser. You should also be wary of links on unsecured websites.
- Attachments: You may receive emails with attachments that look like simple documents or photos, but only open files from known senders, and even then, make sure you're expecting it. Innocuous looking files make still contain data and can install a virus or some other malware that can wreak havoc on your device.
- Impersonal Greetings: Phishing messages often start with “Dear User" or “Dear Customer" instead of addressing you by name.
- Threats: Be wary of any message that tells you that you will lose access immediately or that your account will be terminated.
- Spelling & Grammar: Plenty of people make mistakes in spelling in emails, but phishing attacks often have more spelling and grammar issues than normal.
- Request for Money or Information: If an email ever asks you to enter your password, banking information, social security number, or anything like that via email, don't do it. Legitimate companies will not request that information via email.
If you're worried you may have fallen for a phishing scam, or if you want more information on phishing, visit our Phishing Awareness page.
Beware of job, tax, and other financial scams.
When you're not working face-to-face with someone, a lot of correspondence happens through emails and text. Those forms of communication are easy to fake, so remote work is a great time for scammers to get your money or personal information. Here are some common scams to be aware of:
- The Gift Card: This scam starts with an email typically asking if you are available. The account is made to look like it belongs to someone from Auburn and in your organizational structure, so many people quickly respond if they are available. The sender then requests that you purchase a gift card and send the redemption code or a picture of the card back via email. Whenever you get odd email requests, make sure to confirm the identity of the sender!
- The Prize: This scam has been around for years, and it's not going anywhere. Whether it's via email, text message, or browser pop-up, be very skeptical if a message tells you that you've won some amazing prize. The “fine print" may ask you to enter banking information to pay for shipping, enter your social security number for tax purposes, or enter a username and password to confirm your identity. Be extremely careful about where you enter any sensitive information into any site or email.
- The Job Offer: There are many variations of this scam ranging from temporary gigs to full-time employment, but they tend to show up more often near the end of semesters. And since there was a high rate of layoffs at the beginning of the pandemic, there has also been a big surge over the past 6 months. There's typically a “trial task" that involves making a purchase, paying a bill, or transferring money with the promise that you'll be reimbursed above what you spend. Never accept a job that requires a money transfer or something similar and be extra cautious with any job offer where you didn't apply.
- The Stimulus Check: This particular scam has only become common since the start of the COVID-19 pandemic, but it has been rampant throughout 2020. The federal government has already provided one round of economic impact payments, and congress has been discussing another round for months. As long as a discussion of more payments persists, this scam will as well. Most people didn't have to do anything to get these payments other than wait – but that waiting can be difficult. Some scammers were offering you the chance to get your payments sooner, for a small fee, of course. Some scammers were calling or texting to request your Social Security number in order to confirm your payment, but the IRS already has that information. And if you do need to provide information, it should only be directly through the IRS website. If you think you've encountered a scam of these nature, contact the Federal Trade Commission.
Create secure backups of all your important files.
Your data is the most important thing on your computer. Be it family photos, important tax documents, pieces of art, your band's music, sensitive research papers, or anything else, losing it should simply not be an option. Unfortunately, computers fail, and often. Having a backup plan set before anything goes wrong is one of the most important tasks you will undertake as a responsible computer user. Just make sure that any personal data is in a secure, encrypted location.
- Manually Backing Up Files: The most basic method to back up files is to simply copy/paste them to another resource such as a flash drive, external hard drive, shared network drive, or writeable media (such as a CD or DVD). System files should not be backed up. Instead focus on your personal files. And if you have sensitive files, consider purchasing an encrypted flash drive for those items.
- Using a Backup Program: There are a number of programs that you can use to assist you and automatically schedule backing up of files to local resources. Mac users should consider using Time Machine.
- Backing Up to the Cloud: A number of cloud services provide ample secure storage to backup your personal files, such as OneDrive for Business, Box, Google Drive, DropBox, iCloud, etc. Work-related files that don't contain confidential information should be limited to OneDrive for Business and Box.