X Close

Risky Business

Home

Tips and tricks for securing information

Menu

National Cybersecurity Awareness Month – Week Three

By Daniela Cooper, on 16 October 2019

Secure IT: Secure your Digital Profile

Week Three of the National Cybersecurity Awareness Month is Secure IT: Secure your Digital Profile. It’s important to secure your digital profile by using strong passwords with good password management, use multi-factor authentication where possible and to look out for phishing emails trying to steal your passwords.

Creating Strong Passwords

Using strong passwords is important in helping you to keep your accounts secure, but it won’t help if you have a key logger on your machine, so it’s really important to keep your machine free from malware. The other thing to consider is making sure that all your accounts have different passwords, if one of your accounts becomes compromised you do not want all of your accounts becoming compromised.

There are many ways to create strong passwords, some ideas include:

  • Using a password generator that uses complexity such as upper- and lower-case letters, numbers and symbols to create a random password.
  • Combining words numbers and symbols to make a long sentence-like password – these tend to be easier to remember and due to the long length harder to crack.
  • A good way to combine creating strong passwords and ensuring that you have different passwords for each account is to use a password manager such as LastPass. These can help you generate strong passwords with an inbuilt generator and also means you only need to remember the one password instead of hundreds. Again, it’s no use having a strong password if you have a keylogger on your machine so make sure that whatever device you use to enter your password is malware free.

Multi-factor Authentication

You’ve probably already come across multi-factor authentication when using internet banking, where your bank sends you a text message to your mobile phone with a code to enter on their website so that you can complete the login process. When using multi-factor authentication, if your password was captured by a key logger, then it wouldn’t work as to log in the 2ndfactor also needs to be used. Office 365 has the option to use multi-factor authentication, however it may only be available to certain groups of staff at the moment. Where possible, consider turning multi-factor authentication on.

Protecting Against Phishing

You are all probably sick of me bleating on about this topic, but it doesn’t hurt to remind you what to look for in a phishing email and how you can avoid being phished.

When reading your email, look out for the following:

  • A sense of:
    • Urgency– makes you feel like you have to do something quickly, so you don’t take the time to wonder if the email is suspicious.
    • Fear– for example, if you don’t click on the link, your account will be deleted, or you will be fined.
    • Promise of reward– lottery win notifications, or “I am the widow of a rich person” type of email.
    • Guilt or sympathy– “I am dying of…” type of email.
    • So, if an email makes you feel: guilty, panicky, afraid, or greedy, stop and ask yourself why. It’s probably a phishing email.
  • To’ and ‘From’ address – these can be trivially forged and show false information. Often the ‘To’ address isn’t even your email address; a legitimate email would be addressed to your actual email address.
  • Web link– check to see if the link is in the UCL domain (ucl.ac.uk), it could look like a legitimate UCL URL but check by hovering over it as it could be going somewhere else entirely.
  • Asking you to respondwith your usernameand/or password– no legitimate email will ask you to do this.
  • Unexpected attachment– some phishing emails come with attachments that when opened will compromise your computer.
  • Headersand signatures– these can be forged; phishing emails often use them to appear more legitimate.

The consequences of responding to a phishing email (or opening an attachment in a phishing email) are that an attacker can steal your information and/or take control of your machine.

If you are ever unsure whether an email is a phishing email or not, before you click or respond, just ask us – isg@ucl.ac.uk.

Week Three Quiz Question

Which password manager is mentioned?

Please send answers to isg@ucl.ac.uk with the subject line of “NCAM – Week Three“.

The winner for week two will be contacted on Friday.

 

Don’t forget to check back for next week’s edition – Protect IT: where we’ll be looking at cyber hygiene, and researching and assessing your digital profile.

Leave a Reply