Messiah’s WiCyS (Women in Cybersecurity) student chapter started an exciting new tradition in October! Operating through Messiah’s Computer Science Club, the group held the University’s first CTF event. CTF’s, or Capture-The-Flag events, are cybersecurity competitions that develop participants’ hacking and problem-solving skills. The challenges involve finding a random string of characters, referred to as the flag, hidden inside a computer system. For this event, the competition involved cryptography, breaking password hashes, using basic Kali Linux tools, and more. The event took place in Messiah’s new, state of the art Cyber Center, and the WiCyS club partnered with the Games Club to provide food, a fun atmosphere, and a great community. They hope to continue these events each semester as the club grows.
Compromised Passwords and Turning Off Hackers
Did you know that cyber criminals, aka the “bad guys”, have more than 15 billion compromised passwords[1] to choose from when trying to break into your system? And where, you may ask, do these compromised passwords come from?
One infamous password collection—dubbed “RockYou2021”—is thought to be a compendium of passwords cobbled together from data breaches[2]. It is estimated that this list is comprised of over 8 billion legitimate passwords collected from a series of data breaches that included username/password combinations.
Given the size and scope of the leak, anyone who does anything online should check if their passwords were compromised. To check whether your password is safe, there are several free and easy options you can use. They include:
- HaveIBeenPwend
- F-Secure’s Identity Theft Checker
- CyberNews’ personal data leak checker and leaked password checker
- Avast’s Hack Check
Since the databases that each of these resources uses are likely not identical, it would be smart to check as many as possible just to cover all your bases.
So, before you grumble about having to use some form of multi-factor authentication (MFA) you may want to make sure your current password hasn’t been hacked.
And for those of you who don’t know what MFA is, here is a quick overview. As the name implies, MFA blends at least two separate factors. One is typically your username and password, which is something you know. The other could be:
- Something you have. A cellphone, keycard, or USB could all verify your identity. Often it is an app on your phone that provides a one-time password, otherwise known as an OTP.
- Something you are. Fingerprints, iris scans, or some other biometric data prove that you are who you say you are.
MFA is a great “hacker turnoff”. So, even though it means that it might take a second longer to sign in, remember your hacked password and thank your IT Security director for that added little bit of protection MFA provides.
[1] https://www.okta.com/identity-101/why-mfa-is-everywhere/
[2] https://www.consumeraffairs.com/news/new-84-billion-password-hack-breaks-records-060821.html
Post written by Vinny Sakore, Director of Cybersecurity Education at Messiah University. Vinny spent 20+ years in the information technology and cybersecurity field. His industry experience includes serving as Verizon’s HIPAA Security Officer and stints as Chief Technology Officer for two healthcare technology companies. He continues to remain active in the industry by providing consulting services to a number of organizations including NetDiligence, Inc. (www.netdiligence.com).
Photo credit: George Prentzas via unsplash.com
How To Thwart Hackers: Tips From MU’s Information Security Director
This is the final post for Cybersecurity Awareness Month from Messiah University’s Information Security Director, Allen Snook. We appreciate him and the Cybersecurity interns lending their expertise this month for the #seeyourselfincyber campaign, giving us tips and resources for safeguarding our information online.
Internet scams are nothing new. Since the 1980’s, hackers have been attempting to gain illegal access to networks and systems in order to obtain sensitive information. They are after your identity, the contents of your email, and your financial data (they don’t need to know how much is in your bank account to want to gain access to it). Phishing emails are one way they attempt to steal this information from you.
If you’ve been following our other blog posts for Cybersecurity Awareness Month, you might recall some of the tips we’ve given for keeping your personal information safe, such as developing strong passwords, updating your apps, and avoiding oversharing on social media. In this post, we wanted to share further measures for safeguarding your information in order to thwart malicious hackers.
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email. If you receive an email from a person or a company you are not familiar with, do not click any of the links or attachments (no matter what they’re promising in their message). Pay close attention to the details and verify the sources before you click on anything.
- Create and use strong passwords. See our previous post on this.
- Try not to connect to public Wi-Fi networks. Although they are convenient, they are often vulnerable to cyber criminals.
- Secure your devices. Be sure to update security software, operating system software, internet browsers and apps. You could also install an antivirus software to help combat viruses, malware, etc.
- Back up your data. Make extra copies of your files so that if something happens to one of the files, you still have your backups. One way to do this is by saving information in the cloud or to an external storage device.
All of this is to say: Be proactive. You can ensure that you and your organization are a secure place online by taking the initiative to safeguard your information. We hope these tips equip you to do that.
#seeyourselfincyber #messiahcyber
Image by Mikhail Fesenko, via Unsplash.com
Think Before You Post: Tips From MU’s Information Security Director
In an age where it’s popular to share many aspects of our lives online, we need to consider the dangers that can occur with freely dispensing information about ourselves. Oversharing online can put any one of us at risk of fraud, as identity thieves and hackers use the information we post to study us or to steal our identity. We should not give out an excessive amount of personal information, especially in a way that might be considered inappropriate or dangerous to us and those around us.
It is important to remember that nothing posted in a public forum is ever truly private. THINK BEFORE YOU POST! Here are a few specific tips to keep in mind:
- Do not share your current location. This can mean turning off location-based apps.
- Do not share sensitive information. This makes it easier for individuals to gather information about you. Examples of sensitive information are names of your family members, phone numbers, and birthdays.
- Be careful what is in the background when you post. Be mature.
- Not everything needs an account.
- Sharing too much can result in cyberstalking.
- Review your privacy settings. Privacy settings can vary on social media platforms, so be sure to familiarize yourself with the settings on every platform you use.
Want to know what’s out on the web about you? Simply search for yourself online. Doing this will allow you to see what other people can find out about you. You might be surprised at just how much information about you is public.
We encourage you to be proactive in protecting your information. One of the ways to do this is to think about what you’re posting online before you post it. Avoiding the popularity of oversharing is a safety principle that can mitigate the risk of being a victim of cyber crime.
#seeyourselfincyber #messiahcyber
Post written by Allen Snook, Director of Information Security at Messiah University, and Cybersecurity interns.
Photo credit: Christina @ wocintechchat.com via Unsplash.com.
Strong Passwords: Tips From MU’s Information Security Director
Passwords are one of the first lines of defense in keeping your information safe online. When it comes to password protection, think in terms of layers. In this post, we want to outline some ways you can double, even triple, your login protection.
When creating a password, try merging three uncommonly used words (example: staple, sentinel, orangutang). Then, add numbers to your newly merged word. Per NCCIC guidance, we suggest a total of 16-30 characters. Avoid using personal data when creating your password. Doing so will give hackers too much information should your password ever show up in a security breach.
You can add another layer of protection to your passwords by not re-using them. Having different passwords for various accounts can help prevent cyber criminals from gaining access, thereby protecting more of your information in the event of a breach.
We recommend that you do not share your passwords with anyone. Every time you share a password it opens more ways with which it could be misused or stolen.
A few more important layers of protection we recommend implementing are:
- Using multi-factor authentication whenever provided.
- Using fake, non-personal answers to security-questions.
- Managing your passwords by saving them in a list that is not on a cloud or in your google-drive. This allows you to make more diverse, creative passwords.
Creating passwords with these tips in mind is an easy way to improve your cybersecurity. This multi-layered approach to password protection allows you to put cybersecurity first across all your devices.
#seeyourselfincyber #messiahcyber
Post written by Allen Snook, Director of Information Security at Messiah University, and Cybersecurity interns.
Photo Credit: Christina @ wocintechchat.com via unsplash.com
Make Your Apps More Secure: Tips from Messiah University’s Information Security Director
When it comes to safeguarding your information, don’t forget about all the information stored on your apps. Here are a few simple steps you can take to increase your cybersecurity when it comes to app usage.
- Update often: Updates are important. Not only do they provide new features for the app, but they ensure you are using the most current security technology.
- Review your app settings for privacy changes after updates: Sometimes new data and information are being accessed without your permission. Therefore, take a moment to review the privacy and security settings of your apps after updates.
- Be aware of apps requesting one or more of these “dangerous” permissions.
- Body sensors
- Calendar
- Camera
- Contacts
- GPS location
- Microphone
- Calling
- Texting
- Storage
When it comes to app permissions, you should avoid permissions that aren’t necessary for an app to work. If the app shouldn’t need access to something, such as your camera, location, or contacts, don’t allow it. Consider your privacy when deciding whether to avoid or accept an app permission request. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use.
These are just a few cyber smart practices you can adopt right now to increase your cybersecurity when it comes to app usage. Taking simple steps such as the ones listed here can help you secure your personal information, thereby reducing your risk of cyber attacks.
Post written by Allen Snook, Director of Information Security at Messiah University, and Alanah Innis, Cybersecurity Senior.
Photo Credit: Gilles Lambert
#seeyourselfincyber #messiahcyber
Staying Safe on Social Media
The goal of this year’s “See Yourself in Cyber” campaign is to raise awareness about how each one of us is responsible for our own behavior online.
Today, we wanted to resource you with a few ways to stay safe on social media, since it is such a huge part of our lives. Here are some tips we’ve gathered from CISA, along with a few additions of our own:
- Use discretion when you post on social media. Once your words, hashtags, and photos are on the Internet, they’ll be there forever.
- Limit the information you share online. Do not share personal information (birth dates, anniversaries, neighborhood or street names, etc.).
- Turn your location notifications off.
- If you want to share a picture that has someone else in it, ask for their permission first.
- Connect only with people and networks you know.
These suggestions may seem either too simple (“If I do these things, will it actually help?”) or too complicated (“I don’t have time to think about this”). However, the reality is that when it comes to your cyber presence, you play the main role in securing your personally identifiable information (PII).
In the end, the security you place around your devices is only as strong as you. Our hope is that by providing easy-to-use tools and tips like the ones above, we will all see the value in tightening our security at home and at work.
Stay tuned for more tips and resources all month long. For more information about undergraduate degree in Cybersecurity, get in touch with us!
#seeyourselfincyber #messiahcyber
Photo Credit: dole777 via Unsplash.com
CYSE Program Announces the “See Yourself in Cyber” Campaign, In Partnership with CISA and the NCA
Welcome to our blog! This is where you’ll find cybersecurity-related posts written by the faculty and students of the Cybersecurity Education Program at Messiah University.
Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, and the Cybersecurity Education Program is partnering with the “See Yourself in Cyber” campaign created by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance. Cybersecurity Awareness Month was started in 2004 at the behest of the President of the United States and Congress, in an effort to help individuals protect their information online.
The goal of this year’s “See Yourself in Cyber” campaign is to raise awareness about how each one of us is responsible for our own behavior online. All month long, we’ll be offering blog posts written by our faculty and students related to keeping your personal information safe online, as well as insights into global cybersecurity issues.
Wait, Why Does This Matter To Me?
Today we are connected to our smartphones or a computer wherever we go. Because of that, our world is becoming increasingly dependent on cybersecurity. Cyber attacks are frighteningly versatile, challenging to identify, and painfully difficult – sometimes close to impossible – to remove.
Always try to keep track of where your storage devices have been, and do not plug “lost-and-found” USB drives into your computer. Keep your personal and workplace data storage and other devices separate to avoid transferring malware from one system to another, just like washing your hands to prevent the flu from spreading!
You can greatly increase your cybersecurity online, at work and at home by taking a few simple steps: Enable Multi-Factor Authentication, Use a Trusted Password Manager and Strong Passwords, Recognize and Report Phishing, and Update Your Software.
More To Come
Stay tuned for more posts and insights from our team. For more resources, classes, and even live events this month, go to CISA’s Cybersecurity Awareness Month website www.cisa.gov/cybersecurity-awareness-month. And if you’re interested in being part of one of the most exciting fields of study, get in touch with us at https://www.messiah.edu/undergraduate/cybersecurity-major.
#seeyourselfincyber #messiahcyber
Photo Credit: Adi Goldstein