Cybersecurity Blog

Welcome to the final week of Cybersecurity Awareness Month 2023! We hope you enjoyed our posts on top ways to increase password security, your guide to MFA, and how to not give in to phishing. This week we’re talking about how software updates can help you and your family stay safe online. Read on and spread the word! 🙌

Think twice before putting off updates!

Many people might select “Remind me later” when they see an update alert. However, many software updates are created to fix security risks. Keeping software up to date is an easy way for us to stay safer online. To make updates even more convenient, turn on the automatic updates in the device’s or application’s security settings.

Keep Software Up to Date with Three Simple Steps

1. Watch for notifications
Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.

2. Install updates as soon as possible
When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!

3. Turn on automatic updates
With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!
To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.

Why It’s So Important to Update Promptly

👉If a criminal gets into our devices through a security flaw, they will look for sensitive information to exploit. Technology providers issue software updates to “patch” security weak spots as quickly as they can. If we don’t install them, they can’t protect us.
Software updates can also:
• Fix bugs
• Improve performance
• Add features that can enhance our experience

To round out this month’s focus, here’s a family hard at work putting into practice some of the tips we’ve been talking about:

Welcome back for Week 3 of Cybersecurity Awareness Month 2023. This week, we’re talking about how to resist phishing attacks. Special thanks again to CISA and to KnowB4 for the resources for this series. Catch up on Week 1 and Week 2 if you missed them!

So, What’s Phishing?

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing “bait” usually comes in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

Stay Safe with Three Simple Tips

1. Recognize
Look for these common signs:
• Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
• Requests to send personal and financial information
• Untrusted shortened URLs
• Incorrect email addresses or links, like amazan.com
👉A common sign used to be poor grammar or misspellings, but in the era of artificial intelligence (AI) some emails will now have perfect grammar and spellings. Be sure to look out for the other signs.

2. Resist
If you suspect phishing:
• Resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information.
• Report the phish to protect yourself and others.
👉Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link.
👉 Just delete.

If a message looks suspicious, it’s probably phishing. However, if you think it could be real, don’t click on any link or call any number in the message. Look up another way to contact the company or person directly:
• Search for the company’s website in your web browser and capture their contact information from the verified website.
• Use another way to reach the person to confirm whether they contacted you. For example, if you get a strange message from your friend on Facebook, and you have their phone number, text or call them to ask if they sent the message.

🧐 Want to see phishing in action? >>>
1. Watch a hacker use social engineering to gain access to someone’s computer.
2. Take this interesting quiz and see if you can spot when you’re being phished (its tough!).

Most of all, remember 👇

Welcome to Week 2 of Cybersecurity Awareness Month 2023. Catch up on Week 1 here. This week we’re talking about multifactor authentication (MFA) and how to enable it for your accounts.

MFA provides us with extra security by confirming our identities when logging in to our accounts. This confirmation looks like entering a code texted to a phone or one generated by an authenticator app, or using biometrics to confirm your identity. MFA increases security—it can make us significantly safer online. Even if our passwords become compromised, unauthorized users will be unable to meet the second step requirement and will not be able to access our accounts.

The steps for turning on MFA vary according to the product. Here, we’ll outline the steps for Apple ID, Google, and Microsoft.

Apple ID

If you’re not already using two-factor authentication for your Apple ID, you can turn it on right on your device. On your iPhone or iPad:
1. Go to Settings.
2. Tap your name.
3. Select “Password & Security”.
4. Select “Turn On Two-Factor Authentication”.
5. Select “Continue” and follow the onscreen instructions.
Visit the Apple Support page for more info.

Google

1. Open your Google Account.
2. In the navigation panel, select Security.
3. Under “Signing in to Google,” select 2-Step Verification Get started.
4. Follow the on-screen steps.
Visit the Google Support page for more info.

Microsoft

1. Go to the Security basics page and sign in with your Microsoft account.
2. Select More security options.
3. Under Two-step verification, choose Set up two-step verification to turn it on, or choose Turn off two-step verification to turn it off.
4. Follow the instructions.
Visit the Microsoft Support page for more info.

There you have it! Once you’ve set up MFA, when you log into your accounts, it may challenge you to complete the MFA step that proves your identity. It only takes a moment but makes you much safer from hackers!

Turn on MFA for every account or app that offers it. Enabling MFA will protect things like:
• Banking information
• Online purchases
• Social media
• Email
• Businesses
• Your identity

PRO TIP: Check to see whether your email accounts, banks, healthcare providers, and other important accounts offer MFA and enable it by default. If they don’t, ask them why not. It’s your information they’re putting at risk.

Download this tip sheet from CISA and supercharge your journey to enabling MFA! ⏬

It’s Week 1 of Cybersecurity Awareness Month 2023! This week we are looking at how to use strong passwords and a password manager to protect your accounts. Special thanks to CISA and Know B 4 for their resources this month!

Creating Strong Passwords

Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding critical information. Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers.

So, what exactly is a “strong” password? A strong password follows ALL THREE of these tips:

1. Make them long
At least 16 characters—longer is stronger!

2. Make them random
Two ways to do this are:
1. Use a random string of mixed-case letters, numbers and symbols. For example:
• cXmnZK65rf*&DaaD
• Yuc8$RikA34%ZoPPao98t
2. Create a memorable phrase of 5 – 7 unrelated words. This is called a “passphrase.” To make it even better, get creative with spelling and/or add a number or symbol. For example:
• Strong: HorsePurpleHatRunBaconShoes
• Stronger: HorsPerpleHatRunBayconShoos
• Strongest: HorsPerpleHat#1RunBayconShoos

3. Make them unique
Use a different strong password for each account. For example:
• Bank: k8dfh8c@Pfv0gB2
• Email account: LmvF%swVR56s2mW
• Social media account: e246gs%mFs#3tv6

It’s hard to remember all these long passwords and we don’t want to save them in a file on a computer. This is where a password manager comes in.

How to Choose a Password Manager

Password managers tell us when we have weak or re-used passwords and many of them can offer to generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.

There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you. When we use a password manager, we are much more likely to use a unique, strong password on every site. And that makes it much harder for someone to steal our valuable information!

To recap, when it comes to creating passwords:

1. Make them long
2. Make them random
3. Make them unique
4. Use a password manager.

Want to test your knowledge and learn more about passwords? Play this interactive game created by Know B 4.

Happy Cybersecurity Awareness Month! We’ve partnered again with the Cybersecurity and Infrastructure Security Agency (CISA), along with Know B 4, a well-known company in the cybersecurity field, to bring you resources all month long to help you keep your data safe.

Founded in 2004, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices. Cybersecurity Awareness Month is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations, tribal communities, and individuals committed to educating others on online safety.

Cybersecurity Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safer and more secure online. The Cybersecurity Education Program at Messiah University is proud to support this far-reaching online safety awareness and education initiative which is co-managed by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance.

For more information about Cybersecurity Awareness Month 2023 and how to participate in a wide variety of activities, stay tuned to this blog. The theme this year is Secure Our World. We will be posting weekly updates with tips, videos, and other resources to equip you in staying cyber secure. You can also visit cisa.gov/cybersecurity-awareness-month and staysafeonline.org/cybersecurity-awareness-month/, as well as following the hashtags #CybersecurityAwarenessMonth and #SecureOurWorld on social media throughout the month.

The Cybersecurity Education Program and the Department of Computing, Mathematics, and Physics are pleased to welcome Lynn K. Bigelow as the new Director of Cybersecurity Education.

Lynn comes to Messiah with 10 years of experience as Director of Finance and IT at a fintech company, as well as 10 years of experience in developing an endpoint protection product at a cybersecurity company. Additionally, he served as a School Director for 12 years in a school district in southeastern PA. Lynn is also the parent of three Messiah alumni.

As Director, he is committed to empowering the next generation of cybersecurity professionals. His goal is to ensure that our students are equipped with the knowledge and skills to protect against digital threats, making the digital domain safer for all.

Welcome, Lynn!

The Cybersecurity Education Program had the pleasure of hosting twenty-six high school students for our second annual Cyber Camp, June 12-14, 2023. Our goal for these three days was for each student to gain a solid understanding of the foundations for cybersecurity, to get a small taste of college life on Messiah’s campus, and to form friendships.

This year, we had several special guests join us from the cybersecurity industry. Ryan Donat, who works for Intuidex and is a Messiah Cybersecurity graduate, talked to us about web application pen testing. Evgueni Erchov, from Arete Advisors, spoke to us about ransomware incident response. We also had Messiah’s Director of IT Security, Allen Snook, give us a tour of the Security Operations Center, where our interns work each semester gaining real-world cybersecurity experience. Allen was joined by two of our cybersecurity students, Ben and Aiden, who spoke to us about their experience working in the SOC and guided us through several Graylog exercises to find network intruders. The Cyber Camp students loved getting this up-close exposure to working in a security ops environment.

Everyone seemed to really enjoy hearing from our guests, learning new concepts such as network mapping and intrusion detection, and working on picoCTF challenges. We also had a great time having lunch together each day as we navigated the wildness of summer camp season at Lottie Dining Hall! Students came away saying one of their favorite parts of the camp was meeting people and making new friends.

Thank you to the entire Cyber Camp staff for running the camp. Thanks also to the Events, Admissions, and Dining Services staff at Messiah for all they do to make camps like this happen each year.

A very special thanks goes to our students at Cyber Camp 2023 – you were what made this camp awesome. We enjoyed meeting you and look forward to seeing where your path leads you next!

We are already making plans for Cyber Camp 2024, so stay tuned to the blog and the Cyber Camp website for all the details once they’re available.

This is the final installment in our series on how to stay cyber safe during your travels. Many thanks to National Cybersecurity Alliance for partnering with us to provide you with resources on this topic. Catch up on Part 1 and Part 2 of the series if you haven’t already!

In today’s post, we’re bringing you a webinar featuring speakers who work on the front lines of data protection in Southwest Airlines, Marriott, the Department of State, and AARP. You’ll hear their expert tips on keeping your identity safe when traveling, what to know about public wi-fi, and when to use your device’s location settings. They answer some great viewer questions at the end (such as what to do if the rented home you’re staying at has cameras everywhere). It’s a fascinating and informative discussion!

Featured Speakers:

• Liz Buser, Senior Advisor, Fraud Prevention Programs, AARP
• Nick MacDiarmid, Director, Cyber Incident Response, Marriott
• Jessica Willingham, Senior Analyst, Cybersecurity, Southwest Airlines
• Lindsey Carraher, Interagency Liaison, Office of Cyber Threat and Investigations, Department of State

We are linking up again with The National Cybersecurity Alliance to bring you a series of posts on remaining cyber safe as you embark on your next travel adventure.

If you followed our tips from Part 1 of this series, you know that there are steps you can take before you leave for vacation to help you remain cyber secure. This post covers best practices for keeping your devices, data and accounts safe during the travel portion of your journey, as well as once you’ve arrived to your destination. Here we go!

Actively manage location services

Location tools come in handy while navigating a new place, but they can also expose your location ‒ even through photos. Turn off location services when not in use, and consider limiting how you share your location on social media.

Use secure wi-fi

Do not transmit personal info or make purchases on unsecure or public Wi-Fi networks. Don’t access key accounts like email or banking on public Wi-Fi. Instead, use a virtual private network (VPN) or your phone as a personal hotspot to surf more securely.

Think before you post

We mentioned this in our last post, but it’s worth repeating. Think twice before posting pictures that indicate you are away. Wait until you getting back to share your magical memories with the whole internet. You might not want everyone to know you aren’t at home.

Protect physical devices

Ensure your devices are always with you while traveling. If you are staying in a hotel, lock them in a safe if possible. If a safe is not available, lock them in your luggage. Don’t leave devices unattended or hand them over to strangers. Using your device at an airport or cafe? Don’t leave it unattended with a stranger while you go to the restroom or order another latte.

Stop auto connecting

When away from home, disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to. If you do not need them, switch them off. While out and about, these features can provide roving cybercriminals access to your devices.

If you share computers, don’t share information

Avoid public computers in hotel lobbies and internet cafes, especially for making online purchases or accessing your accounts. If you must use a public computer, keep your activities as generic and anonymous as possible. Avoid inputting credit card information or accessing financial accounts. If you do log into accounts, such as email, always click “logout” when you are finished. Simply closing the browser does not log you out of accounts.

In summary, below is a handy infographic from our friends at the National Cybersecurity Alliance that highlights their top five cyber safety tips for travelers. Hopefully this information, along with everything else we’ve covered in the last two posts, will help you enjoy your summer getaways even more.

Our final post in this series will be next week, when we bring you a webinar featuring speakers who work on the front lines of data protection in Southwest Airlines, Marriott, the Department of State, and AARP.

We are linking up again with The National Cybersecurity Alliance to bring you a series of posts on remaining cyber safe as you embark on your next adventure.

We’re coming up on peak vacation time in the Northern Hemisphere, so we wanted to send a checklist to help you remain cyber safe during your travels. In this first part of our series we’ll cover some tips for the preparation phase of your trip, as you’re packing and getting ready to go. Bear these tips in mind to keep your vacation plans free from cybercriminal meddling.

Travel lightly

Limit the number of devices you take with you on your trip. The more laptops, tablets and smartphones you take with you, the more risk you open yourself up to.

Check your settings

Check the privacy and security settings on web services and apps. Set limits on how and with whom you share information. You might want to change some features, like location tracking, when you are away from home.

Set up the “find my phone” feature

Not only will this feature allow you to locate your phone, it gives you the power to remotely wipe data or disable the device if it gets into the wrong hands.

Password protect your devices

Set your devices to require the use of a PIN, passcode or extra security feature (like a fingerprint or facial scan). This will keep your phone, tablet or laptop locked if it is misplaced or stolen.

Update your software

Before hitting the road, ensure all the security features and software is up-to-date on your devices. Keep them updated during your travels by turn on “automatic updates” on your devices if you’re prone to forgetting. Updates often include tweaks that protect you against the latest cybersecurity concerns.

Back up files

If you haven’t backed up the data on your devices, like photos, documents or other files, do so before heading on vacation. If your device is lost, stolen, broken or you otherwise lose access to it, you won’t lose all your data. You can back up your data on the cloud, on an external device like a hard drive or, preferably, both.

One More Thing

We’ll just let this image speak for us. 👇

Seriously. Think before you post.

Next time: Cybersecurity tips for when you finally reach your destination!