Cybersecurity Tips to Keep Your Data Safe

The recent data breach involving Anthem, Inc., which affected over 80 million customers, is just one in a growing number of incidents targeting personal data. While it is virtually impossible to prevent all data breaches, it’s still a good idea to heed cybersecurity tips to reduce the possibility of damage from such breaches. Georgia Tech’s cybersecurity experts Jason Belford and Jimmy Lummis from the Office of Information Technology recommend the following:

Use Strong Passwords and Safeguard Them

• To keep data secure, create strong passwords using a series of letters, numbers, and special characters. Don’t use common pieces of information, such as the names of family members, old and current addresses, schools attended, etc., that cybercriminals can find from social media sites or from public data. Become familiar with Tech’s policies on strong passwords at http://www.policylibrary.gatech.edu/information-technology/passwords.
• Use a variety of passwords to prevent hackers from accessing financial, medical, and social sites with one password.
• Don’t forget about online email sites. If an email account is listed in an online banking profile and that email account is hijacked, a cybercriminal can click “Forgot Username/Password” to gain access to your banking data.
• Don’t store passwords online in a browser or enable the browser to “remember” a password. If the password is stored in a browser, this creates easy access for hackers.
• Change passwords every three months, and use password managers such as Lastpass to help generate and store passwords. Georgia Tech offers Lastpass to students, faculty, and staff. Visit https://faq.oit.gatech.edu/content/lastpass-faq for more information.
• Use a dual, or two-factor, authentication for a second layer of security. Many websites, including Gmail, Amazon, PayPal, and Twitter, now offer two-factor authentication. The second level of protection, often a randomly generated number, creates a second wall of protection against cybercriminals.
• Create tough security questions that link your password to your identity. Georgia Tech’s Passport (Personal Account Self-Service Portal www.passport.gatech.edu) offers the option to set up a series of questions that a user is required to answer in the case of a forgotten password. These questions, called “hints” on Passport, offer additional levels of security. 

Recognize Phishing and Spoofing Attempts

• Phishing occurs when a cybercriminal attempts to get a user to submit personal information online. This can take the form of email messages asking for money; a link that, when clicked, downloads a virus; or spoofed websites or login pages designed to look like the real thing. To avoid falling prey to phishing or spoofing schemes, check all URLs by hovering over the link or Web address to see the full address. A secure site always includes an https in the address bar and a reputable site name. Be wary if, for instance, an email from someone who appears to be from Georgia Tech has a click here in the body that reveals the here as http://gatechupgrade.dfjsdh422tgs.com. That’s clearly not a sanctioned Georgia Tech site because an authentic Tech site will always contain the “.gatech.edu” in the URL. Keep in mind, there may be some instances in which a site is simply changing its look — in which case the URL remains the same, so that’s safe. For example, even though Passport recently upgraded to a new look, the URL address remained the same.

Limit Data Shared on Social Media Sites

• Never put anything online that you do not want everyone to know, and check privacy settings regularly. Social sites often change privacy settings, and it’s not uncommon for previous settings to be reset to their default status, so check them often and make sure to check all of them. For instance, Facebook has a Privacy setting, but it also has a Security setting. And there’s a separate site for mobile devices that are linked to social sites.
• Don’t view videos or download software from sites that aren’t secure or haven’t been vetted by the social community. For example, YouTube is safe as a portal, but a cybercriminal can set up a channel to lure users to click on a link designed to unleash malware (malicious software) that can infect a desktop, laptop, or mobile device.

Beef up Physical Security

• Keep your PCs, tablets, mobile devices, software, external drives, etc., in your possession to prevent data from being stolen. This includes locking up devices or hiding devices if left in a car or an area frequented by others.
• Georgia Tech students, faculty, and staff are also encouraged to register valuable items, including laptops, tablets, and other mobile devices containing serial numbers with the Georgia Tech Police Department. This allows for the owner to retrieve the item quickly in the event that property is recovered after being lost or stolen.
• Install secure passwords and PINs on mobile devices and tablets.
• Update software often, including updates to Windows and Mac operating systems.
• Turn off geolocation apps on your mobile phone, and make sure your Wi-Fi settings are secure. Try not to use public Wi-Fi spots, as these are not secured locations.
• Back up data on an external drive and store it in a separate location.
• Encrypt software when possible, clear cookies from Web browsers, and never use a “found” USB drive — you don’t know what’s on it. 

Trust Your Intuition

• When in doubt, don’t click on a link or reveal any personal information unless the source is verified.
• Contact OIT’s Support Desk at support@oit.gatech.edu with any suspicious emails, links, or websites.