December 2024

Cybersecurity Awareness Newsletter
Protecting yourself and information from cybersecurity threats.

Did you know that reading our newsletter complements formal cybersecurity training? Our goal is to provide valuable insights and practical tips to keep you informed about threats, trends, and best practices all year round. By staying informed, you're not only help protect yourself but also contributing to a safer environment for everyone.

As we wrap up 2024 we want to show our appreciation to our loyal readers with another luxury pen giveaway!

Majestic Jr. Antique Brass and Antique Pewter Rollerball

To be eligible for this giveaway, simply answer 5 challenge questions on topics covered in our 2024 Newsletters on the BSDIS website: https://bsdis.uchicago.edu/cybersecurity-awareness-newsletter  

To enter, send an e-mail to security@bsd.uchicago.edu with your name and a short answer to each of the following 5 questions:

  1. What is one risk of sharing sensitive information with an AI chatbot?
  2. What is one benefit of periodically rebooting your computer?
  3. Write your own title for a scam/phishing email. Be creative!
  4. Multifactor Authentication requires multiple "factors" to verify your identify before logging in. Provide an example of one of these factors (Hint: Use the format "Something you ...").
  5. What is one example of a common scam that occurs during the holiday season?

Thank you for being a part of our cybersecurity community -- here's to staying safe and secure together!

This month, we are sharing 10 essential cybersecurity tips for handling new tech gifts. Plus, we will explore some practical Cybersecurity New Year''s Resolutions to help everyone kick off 2025 on a safer and more secure note.

Getting new tech gifts

Got a new desktop computer, laptop, tablet or phone this year?

Here are 10 things to do when receiving new tech:

  1. Set a password for your account after logging in for the first time.
    Here is a great chart that shows how long it takes a hacker to compromise a password.
  2. Check to see what user accounts exist on the tech: Some tech has service accounts and other cloud accounts that automatically upload your data to online sources. The fine print on these online sources can sometimes state:
         a.   Data ownership and who has access.
         b.   Service availability and reliability, which could affect system stability when unavailable.
         c.   Hidden costs and fees.
  3. Disable and uninstall unnecessary/unused trial features: Remove any trial apps that are unused or unwanted, often referred to as "bloatware." These applications, typically included by the vendor, can slow down your system. By removing them,  you not only speed up your computer but also minimize your attack surface while also enhancing your device's security.

     

  4. Update the software and firmware: Most of the time, once you receive tech from a manufacturer there are updates, vulnerabilities and bugs waiting to be patched onto your device. Ensure you do the updates first before using your device. When you do updates, make sure you do them on a network you trust that won't compromise your system. Afterwards make sure you also enable automatic updates.

  5. Adjust your browser's security and privacy settings: It is always important to control what data is collected and shared with companies.
    Tips on how to do this for your browser of choice can be found here:
             https://www.staysafeonline.org/articles/manage-your-privacy-settings
  6. Enable device tracking features if it has it: In case of theft, you can enable device tracking features where you can use the web to track your device.
     

    Android Users:
    https://www.google.com/android/find/about
    Window Users:
    https://support.microsoft.com/en-us/account-billing/find-and-lock-a-lost-windows-device-890bf25e-b8ba-d3fe-8253-e98a12f26316
    iOS Users:
    https://support.apple.com/en-us/102648
    MacOS Users:
    https://support.apple.com/guide/findmy-mac/locate-a-device-fmmc6c7ef383/mac#:~:text=In%20the%20Find%20My%20app%20on%20your,device%20online%20in%20Find%20Devices%20on%20iCloud.com

  7. Backup your data: Setup regular backups for your device to ensure your data are safe in case of a compromise or failure.
  8. Sharing tech with others? Make sure to create separate accounts for each user.

  9. Thinking of throwing away your old device? If sensitive information is stored in it, then we recommend removing the storage if possible for secure destruction. The BSD IS periodically hosts Secure Destruction Events where these drives, or devices with non-removable storage, can be securely destroyed and recycled. We will provide updates on future Destruction events in this newsletter when they come!

  10. Extend the battery life of your device: To get the most of your battery on a mobile device (laptops, cell phones, tablets) you want to make sure you charge it completely to 100% the first time you start using it.
    https://batterychat.com/the-dos-and-donts-of-battery-charging-best-practices-for-longevity/

 

As a result of the recent telecom hack and advice from several federal agencies regarding SMS communications:

  1. Consider using secure communication applications like WhatsApp or Signal on your mobile device
    https://www.staysafeonline.org/articles/china-telecom-hack-how-to-protect-your-messages
  2. Add an extra layer of security to your accounts, like enabling 2 Factor Authentication or Multi-Factor Authentication wherever possible.
  3. Keep your operating system, apps, and other software up to date to protect against vulnerabilities.
  4. If you work remotely, Secure Your Home Network. Change default router passwords and use strong encryption (WPA3 if available or upgrade your router). Regularly update your router's firmware to patch any security flaws. Fore more advanced users, consider segmenting your network to separate work devices from personal ones, reducing the risk of cross-contamination.

    Legislators are becoming more concerned about the security risks associated with remote work, and there have been discussions about implementing stricter regulations to ensure that both employers and employees adhere to robust cybersecurity standards. Staying ahead of these potential regulations by securing your home network can help you:
            - avoid compliance issues
            - protect sensitive information from cyber threats
            - give you bragging rights for being proactive
  5. Backup your data: Regularly back up important files to an external drive or cloud storage to prevent data loss.
  6. Limit personal information sharing.
  7. Lookout for phishing scams. Scammers often target users with fake emails or messages. Verify sources before clicking on links or providing information.
  8. Check online to see if any of your accounts have been part of a data breach:
    https://haveibeenpwned.com/

Note: If your account has been part of a data breach, we have provided a graph from HIVE systems that shows the timeline in which your password will be compromised and how quickly it should be changed.

BONUS:

If you have managed to get to the bottom of this Newsletter you are in luck for a second entry to win another pen (yep there is a chance you can win 2 pens).

Send an e-mail to security@bsd.uchicago.edu and let us know:

  1. What you liked in this newsletter.
  2. What future topics you would like us to cover in a future Newsletter.
  3. What body color you want below if you win the pen (A, B, C, D, E, F, G, H, I)
    and you will be entered to win:

Hardware is gunmetal and chrome with a Swarovski crystal for the clip and the bodies are a diamond cast material which contains real diamond dust.

Thank you all, good luck, and have a safe and happy holiday!