On a frigid Sunday in early January, Tech Services’s Phil Nyman sat inside, warmed up his computer, and discussed personal computing safety with individuals across the world. Outside of his role as Principal Training Specialist at Technology Services, Phil Nyman is part of an international group called The Thousand. This group meets monthly to discuss various topics. Phil attends this group socially; the discussions and information shared with this group are not affiliated with the university.
During the group’s January 2023 monthly discussion, Phil volunteered to gather his thoughts and put together a presentation about personal computing safety. His goal was to bring greater awareness to the need for personal computing safety and to educate the international group about important information. The comments and questions from fellow members made it clear that this information was not as well-known as it should be and would benefit others, too.
What You Should Know
The following important personal computing safety tips are an overview of personal computing safety, not a comprehensive list. It can be used at work or at home to assess your current situation and make adjustments as needed. Be sure to contact an IT professional to help implement specifics if needed. Note: a few years ago, Phil provided a similar personal computing safety presentation to the university as a part of Training Services.
Phil split up his findings into three categories: Protect yourself, Protect your devices, and Protect your network.
- Make strong passwords using 10+ alpha-numeric sequences and special characters
- Don’t share your passwords
- Use different passwords for different accounts (use a password manager!)
- Change passwords annually
- Use Multi-Factor Authentication (MFA) wherever possible (i.e. Duo)
- If you have access to an administrator account, don’t use it for daily work; use a basic user account for daily work.
- If you manage others access to “resources,” offer the least-privileged access needed. (i.e. if someone only needs to read files from a Box account, don’t make them an editor)
- Develop a sense of computing awareness: we are all vulnerable to threats. (Go with your gut. If it doesn’t seem right, it probably isn’t.)
- If you receive a questionable request, check the source through another channel: try to call them, text them, etc.
- Be extra cautious when clicking on a link offered in an email. What you see in a message can be an alias to another URL. (Check the URL: Does it make sense? For example, if you are asked to check your bank records, the URL should not be “http://badguyenterprises.ru”)
- Check for a secure connection (SSL) “lock” next to the URL (a little closed padlock graphic next to the URL in your browser). This verifies the identity of the website and initiates a secure encrypted browsing session.
- Use “incognito” mode in your browser for additional security. Incognito/Private browsing creates a temporary session that is separate from the browser’s main session and your user data. History, cookies, site data aren’t saved.
Be aware of traps meant to get you to let the bad guys in.
- Baiting/Clickbait: Things like “click here for a great deal,” and then automatically downloads an infected file
- Scareware: False alarms and fake threats to get you to do something out of fear
- Pretexting: Impersonates a friend to trick you out of personal information
- Phishing/Vishing/Shmishing: Email/voice/SMS messages that create a sense of urgency, greed, or fear to trick you out of personal information
- Spear phishing: Clever phishing messages that specifically target you
Updates & Patches
- Keep your devices updated
Virus & Malware Protection
- Built-in protection into your computer
- Smartphones don’t typically need AV software, but viruses do exist
Backup your data and perform test restores
- If you don’t test data restores, you may not be backing up anything useful
- Backups are your last line of defense in case your system has been compromised or held for ransom (ransomware!)
- Encrypt drives onto portable devices (i.e. built-in Win BitLocker)
- Firewalls – Control access to your devices by restricting “ports.” (The goal is to minimize your “attack surface.”)
- Change the default wireless/router passwords on your home network regularly
- Check your Bluetooth-linked devices and make sure that you know what they are
- Disable unused Wi-Fi channels
- Disable old Wi-Fi networks (disable the SSID) you don’t actively use anymore. (This will prevent outsiders from even knowing that you have a Wi-Fi “hotspot.”)
- Use a Virtual Private Network (VPN) to create an encrypted channel to the Internet. (This is crucial when using Wi-Fi in public places: it will prevent electronic eavesdropping.)
Phil explains his motivation behind creating this list for others to use. He says that this list he put together “is all about awareness; I want to make people aware of what dangers are out there and how to be protected. My hope is that this list will help people assess where they are and decide their own course of action. Of course, talking to an IT professional to help you decide or implement is always a good idea, too. But asking somebody to fix an issue and remaining unaware of what’s happening or how you got there is what I want to change. I want to help people know what’s going on, accept responsibility, and take action for themselves.”
Phil believes that personal computing safety is “more than just technical issues. You could have the best password and firewalls, but if you are vulnerable to social attack — with phrases like ‘click here for a great deal!,’ you’re basically letting people in the front door. There’s no security in the world that will stop people from getting in this way. My hope is that this list will help people to be aware of both the technical and social sides of security—and ultimately, learn how we can stop them from taking advantage of us through both means.”
Want to know more?
Contact Phil Nyman at firstname.lastname@example.org if you want to know more about The Thousand or his presentation.
In addition, the Cybersecurity Training and Awareness Team offers regular training for faculty, staff, and students on these topics and more.
- Employee-required training is available at https://go.uillinois.edu/securitytraining (log in required). Quarterly training for faculty and staff helps to keep cybersecurity top of mind. Small, targeted, timely subject matter modules that can be accomplished in 20 minutes focus on practical knowledge that can be applied in work and personal situations.
- Additional training opportunities are available for those who want to delve deeper into a subject. To take an optional training, visit the cybersecurity training portal at https://go.uillinois.edu/securitytraining.
- Illinois students are invited to join a free, open training in Canvas at https://go.illinois.edu/cybersecurity-champion.