Newsletter Phishing

Device Security for the Entire Family

By

The holiday season is here!

As we prepare our hearths and homes to celebrate the holidays with friends and family, we sense that this season will be different. According to the National Retail Federation (https://nrf.com/media-center/press-releases/nrf-expects-holiday-sales-will-grow-between-36-and-52-percent ), online sales are expected to grow by at least 30% this year, adapting to the constraints of a pandemic holiday season. In an effort to bridge the distance that COVID-19 imposes on all families, many of us will purchase “smart” or internet-connected devices as gifts for our dearest loved ones so that we can enjoy easier communication from a distance. And as always, whether via Zoom or around the kitchen table, many of us will encounter opportunities to help our friends and family engage with technology, troubleshoot existing problems, and help set up new devices.

Although these holidays may be different, the need for information security is always present. The holidays pose additional risks, as criminal opportunists seek to exploit vulnerabilities in our knowledge and systems during a season of heightened online traffic.

As you celebrate this season, protect yourself and those you love by employing these simple security strategies. Please follow these recommendations for your own devices and accounts, and as you engage with friends and family about technology, remember to help them protect themselves, too.

  • Be Aware of Social Engineering, Phishing, Vishing, or SMiShing
    • Cybercriminals use several tactics to elicit a hasty response from their victims. In social engineering campaigns, cybercriminals play to their victims’ emotions to encourage the surrender of personal information, financial information, or credentials. Find out more about social engineering and ways to protect yourself in our article, “Protect Yourself from Social Engineering”: https://informationsecurity.wustl.edu/protect-yourself-from-social-engineering/.
    • Phishing, Vishing, and SMiShing are also common scams. These may involve impersonations of influential people (e.g., deans and directors), businesses, or institutions. These scams may appear in e-mails, voicemails, and text messages. Learn how to protect yourself from these scams in our article, “Whaling, SMiShing, and Vishing…Oh My!”: https://informationsecurity.wustl.edu/whaling-smishing-and-vishingoh-my/.
    • When in doubt, slow down, don’t panic, and verify the source of the message using known contact information (e.g., the phone number on the back of your credit card), rather than the information contained in the suspicious message.
    • If you receive any suspicious messages, please notify The Office of Information Security by forwarding the message to infosec@wustl.edu.
  • Device Passcode
    • Whether you have a new phone, computer, or another connected device, it’s always a good practice to set a password (or passcode) to avoid unwanted access. Setting a password or passcode can also trigger other essential security features.
    • On most devices, passcodes can be created in the Settings menu.
  • Securely Manage Passwords
    • Strong passwords and multi-factor authentication are vital to maintaining information security. The strongest passwords are composed of upper- and lower-case letters, special characters, and numbers. Long and unpredictable passphrases and passwords are ideal. Passwords should be unique to each site, and, contrary to previous guidance, they don’t need to be changed regularly, rather only after a suspected security breach. Please remember that writing down passwords is a security vulnerability, unless the password document itself is secured.
    • Easily manage your passwords using the encrypted password manager on your browser (e.g., Safari “keychain”), or use a password manager such as LastPass, KeyPass, or 1Password.
    • Don’t worry about changing all your passwords at once. Instead, after you install your password manager, change the passwords of the accounts you use the most, which are probably also the most important ones.
    • Refer to our “Ask the Experts” article on password management for additional information and tips: https://informationsecurity.wustl.edu/ask-the-experts-password-management/.
  • Enable Two-Factor (2FA) or Multi-Factor Authentication on all accounts, but /especially/ on accounts connecting to financial institutions, social media, stores, and personal email.
  • Encryption
    • In our personal lives, encryption can help us to retain ownership of the information that we store and share. Encryption works by taking a plaintext message and translating it into another form that cannot be read without a decryption key. Only those who possess this key will be able to decrypt and access the information contained in the file or message. Typically, very minimal user configuration is necessary because these keys are automatically generated and delivered in the background.
    • On iOS devices (iPhones and iPads) and newer Android devices (Marshmallow and later), encryption is enabled by default when a passcode is used.
    • On Apple computers (macOS), turn on FileVault (System Preferences > Security and Privacy).
    • On Windows computers, use BitLocker to encrypt your computer. If you are unable to use BitLocker on your computer, try Veracrypt ( https://www.veracrypt.fr/en/Home.html ). More information about these services is available on the Information Security website: https://informationsecurity.wustl.edu/services/encryption/.
    • Send encrypted e-mails using Outlook by typing [PRIVATE] into the subject line.
    • Please refer to the WashU Office of Information Security article, “Better Protection with Encryption” article for guidance: https://informationsecurity.wustl.edu/better-protection-with-encryption/.
  • Idle Screen Timeout Lock
    • To protect your privacy, set your screen to timeout and lock after a short period of inactivity.
    • On an iOS device, adjust your idle screen time out by visiting Desktop and Screen Saver in System Preferences.
    • On an Android device, go to Display in Settings and adjust your timeout in the Sleep or Screen Timeout area.
    • On Apple computers (macOS), adjust your idle screen timeout settings by visiting Desktop and Screensaver in System Preferences.
    • On a Windows computer, adjust your idle screen timeout settings by visiting the Power Settings in the Control Panel in the Desktop Personalization menu.
  • Turn on Automatic Updates for the operating system and application software on all devices. These updates often contain security patches. Please be aware that to protect yourself, your information, and your device, you should /only/ download apps from trusted sources such as the Apple App Store, the Google Play Store, and the Microsoft store.
    • On iOS devices, go to Settings > General > Software Update and select “Automatic Updates” to ensure your system is always up-to-date.
      • To ensure your apps are automatically up-to-date on your iOS device, go to Settings > App Store, and toggle on App Updates in the Automatic Downloads section.
    • To keep your Android device operating system up-to-date, go to Settings, tap “Software Update,” and select “Download updates automatically.”
      • To keep your apps up-to-date on your Android device, go to the Google Play store. In the menu on the top left, click on Settings. Then, select “Auto-update apps” to adjust your preferences.
    • On Apple computers (macOS), go to System Preferences > Software Update and check the box next to “Automatically keep my Mac up to date.”
      • To keep your apps up-to-date on your Apple computer, open the App Store. Click on Preferences in the App Store menu (top left of screen). In Preferences, click the box for automatic updates.
    • On a Windows computer, keep your operating system up-to-date automatically in Settings. Go to Settings and click on Update and Security. Automatic Updates are typically turned on by default, but you can check to be sure you’re up-to-date by clicking “Check for Updates.”
      • Set your apps and programs to update automatically by clicking on Advanced Settings in the Update and Security area.
    • For all other Internet-connected devices – TVs, cameras, light switches, door locks, speakers, etc. – make sure that automatic updates are enabled.
  • Enable an operating system firewall to protect your device’s connections from other devices on the network. Using a firewall hides information about your computer’s network configuration from attackers. If your home network is configured correctly, your router likely contains protection against intruders. If you’re computing away from home and using unfamiliar networks, firewall protections become more critical.
    • On an Apple computer, go to System Preferences and click on Security or Security and Privacy. Click on the Firewall tab and click on “Turn on Firewall” or “Start” to enable firewall protection.
    • On a Windows computer, press the Windows key and type Windows Defender Firewall, and press Enter. On the left side of the screen, under Control Panel Home, select Turn Windows Defender Firewall on or off. Adjust your settings in the Customize Settings window.
  • Browse Safely
    • Most modern browsers have built-in tracking protection and can display rich information about the data websites attempt to collect. To ensure you are always protected, keep your browser software up-to-date by using automatic updates as described above and check your browser security settings to be sure the browser is blocking the transfer of any data you do not want to share.
    • Use OpenDNS to protect your devices from known and emergent threats such as malware, spyware, adware, and phishing. Open DNS will identify potentially malicious websites for you. When you attempt to visit a malicious site, you will be directed to an alert page that provides information on how to proceed. WashU offers OpenDNS to our community members for work and personal use. Find out more here: https://informationsecurity.wustl.edu/services/opendns/.
  • Scan and Remove Malware
    • Detect and eliminate malicious software (malware), adware, and spyware using Malwarebytes ( https://www.malwarebytes.com/ ) and/or Windows Defender.
  • Install Antivirus software such as Cisco Immunet ( https://www.immunet.com/index )
  • Back Up Files to avoid the accidental loss of important data and files. Use the Code42 CrashPlan ( https://it.wustl.edu/items/code42/ ), Carbonite ( https://www.carbonite.com ), Office 365 OneDrive ( https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage ), Google Drive ( https://www.google.com/intl/en_in/drive/ ), Dropbox ( https://Dropbox.com ), or Box ( https://www.box.com ).

By following these recommendations, you can protect yourself and your loved ones from unexpected data loss and from criminals seeking to exploit the generosity of the season. Please be on the lookout for additional guidance from our office about these and other security strategies.

The Office of Information Security is here to help you stay safe online this holiday season and always. Thank you for all that you do to help us keep WashU secure. We wish you a happy and safe holiday season!