What is a VPN?

A VPN (Virtual Private Network) can help provide users with an added layer of security when surfing the internet. They are used to create an encrypted tunnel that your data will travel through. This tunneled connection helps protect the data you are sending across the internet. It can help protect your identity by masking your IP address, making it harder for attackers to reach you. VPNs can also be used to mask your geographical location.

When working remotely, there may still be a need to access sensitive information that is stored locally at the business. Protecting that data while it’s being sent to the remote location can become an issue as it needs to be sent across the open internet. Businesses will often employ the use of VPNs to help secure that data as it travels to the remote worker.

Another popular reason people use a VPN is that it can add a layer of security when using public WiFi connections. Public WiFi that is open to everyone and should never be treated as a safe connection. It should never be used for doing anything sensitive. However, by using a VPN you are encrypting the traffic being sent out from your device, which makes it harder for others to intercept useful information. 

Some things you may wish to consider when choosing a VPN:

  • Free VPNs aren’t really free.

    •  They usually require watching ads and may collect your personal data.

  • The reputation of the provider.

  • What country is the provider from?

  • What types of encryption protocols do they support?

  • How many servers do they have and where are they located?

  • Do they have data limits that may lead to throttling?

Choosing which VPN to use can be a daunting task as there are so many different ones to choose from. Each user needs to identify what exactly they want to achieve when using one. Whether it’s security, anonymity, or shifting their geo-location, a VPN can help. 

 

Multi-factor Authentication

 

Usernames, passwords, and PINs, we are all used to the usual forms of getting into our accounts. However, there are some additional measures that you can take to add  an extra layer of security.

The most common forms of multi-factor authentication, sometimes known as two-factor authentication, ask the user to enter in a code or answer a call in order to finalize their login attempt. The purpose is so that if your username and password are compromised in a breach, then you have a safety net to keep the bad guys out. Another form of MFA is a token that has a one-time password, usually associated with time, that appears at the push of a button. You can also have a physical device that plugs into a USB port on your computer or phone. 

MFA settings are usually found in your account settings under privacy & security. In order to enable MFA for the first time, you will be prompted to either use a telephone number or application. A text message or phone call will verify you have the phone, or a one time password will need to be entered if you use an application. Now, when you go to login, you will be prompted for that verification to ensure you are the one requesting access.

Accidents happen; you can forget your phone at home, or it could break. This is why it is highly recommended to have two types of MFA on your account. If you have a text message set up for your smartphone, a physical token that doesn’t use your phone would be a good secondary method. When setting up your MFA for the first time, you will be prompted with saving a backup code. 

Taking this extra step will help bolster your account security and keep you safer!

 

Google Drive Security Awareness

 

Do you know who you are sharing information with? Take these steps to have more control over who can access, edit, and share your files within Google.

 

Sharing documents from Google programs such as drive, docs, or sheets is one of the primary ways to collaborate in the current work environment. However, if you are not careful you can end up sharing files with THE WORLD. Accidentally disclosing confidential information in this manner could have a wide-reaching impact on both you and your organization. The three ways of sharing Google files are: 

 

  • Restricted: Most Secure Option - Allows only people who are directly invited to collaborate to access the file

  • Baker College: Second best option - Allows anyone with a Baker email address to access the file

  • Anyone with a link: Only use this when necessary - Allows anyone who has the link to access the file even if not directly shared with them

 

It is always a good idea to double-check your share settings. Knowing the different sharing options can drastically increase the security of your documents. For additional information on how to share files, please refer to Share files from Google Drive. To learn how to stop, limit, and change sharing, please visit here.

 

Phishing Safety on Mobile

Smartphones have made it increasingly easy for us to have access to all of our information at the drop of a hat. Emails, instant messaging, texts, phone calls, all in a one-stop-shop; however, this ease of access has a downside. With quick access to our emails, we are more susceptible to phishing attacks that hit us with sensationalized content to spur us to click links. Cable bill suddenly ten times your normal rate? Missed a potentially important shipment? Someone just logged into your account? All of these strike us with a sense of urgency and spur us to knee-jerk click. We want to figure out what is happening, but this puts our information at risk. Do not worry though, there are some steps that you can take while on a smartphone to protect yourself and your data.

Be calm. If an email says URGENT, uses a lot of capital letters to point out that SUDDEN actions are going to be taken unless you IMMEDIATELY respond, then the attacker is trying to trick you into acting first and thinking second. Look for these senses of urgency and think twice before clicking.

Be aware. On most mobile email systems, you are able to tap on or near the name to reveal who the email is from. Look to see if there are any misspellings of common organization names. Zero’s instead of O’s, hyphenated addons like .com-help.ru, or even blatantly wrong names could be an indicator it’s not a real email.

Be sure. Some email apps allow you to tap and hold on a link in an email to give you a full preview of where the link goes. A pop-up window will show you what the full URL is. If the link says it’s taking you to Google in the email, but is actually taking you to g00gle.com-security.ez then it is a phishing attempt. If your email app or phone does not allow this, check the email on your computer so that you can hover over the link instead.

Be safe. If you are receiving a notice from a shipping company, an online store, or a phone or internet company, you can always validate that the information is truly theirs by going directly to their website to verify the information. You can write down a tracking, billing, or order number and visit their website to see if it is a real charge or notice.

With these few steps, you and your information will be safer from the bad guys.

 

Social Media Apps Security

Social media has created a way for people to share what they are doing, important life updates, and sharing funny things or breaking news. With the far reach that it has, bad guys have learned ways to collect your data without you even being aware of the dangers.

A recent trend is the inclusion of apps and connected sessions on social media accounts. You can use them to stay logged into a game or another app across multiple devices, or even use it to create a fun little picture for your profile; however, these connections could have serious security issues tied in with them. 

One such trend was to create a family based on who you interacted with on the social media platform, creating a unique and fun way to connect with your friends. What wasn’t clear to most until further inspection was that the app also took a few extra liberties with permissions the user granted. The first was that it allowed the ability to see your follower list as well as follow accounts on your behalf. This had a two-prong approach - first it allowed the app creators to circumvent the “private” account settings to see what was being posted from accounts as well as see a list of followers. Secondly, it allowed the creator to use the website settings to follow another account, and in private  by muting the account in an attempt to cover its tracks. 

It took a savvy user to realize that they had a list of new followers not connected to their normal trend, and then upon closer inspection of their own account to see the muted account that they had no recollection of ever dealing with.

The best way to safeguard yourself from data collection like this is to review app permissions before granting them access to features on your account. Question why an app that simply changes your profile pic needs access to your follower list or to be able to tweet and follow accounts on your behalf. If something seems to be amiss, don’t allow it access. Next, review your account regularly to make sure that there are no odd posts or people you don’t recognize on your timeline or follower list. By removing these accounts and posts, you have taken steps to secure your account if anything goes wrong. Third, be wary of popular trends. They may seem innocent at first, but it takes very little effort for a viral campaign to generate loads of data for bad guys to collect and sell or misuse themselves.

 

Text Messaging Spam

We are all familiar with spam emails or at least should be. Whether it’s an inheritance from a long-lost relative that requires personal information to process or the Nigerian prince who needs your help getting his money out of the country, at some point, everyone has received a spam email.  Spam however is no longer just an email issue, it has followed technology and is now often showing up in the form of text messages. 

The goal of any scammer is to reach as many people as possible in the cheapest most effective way available and text messaging offers just that. As people have become more dependent on cell phones, texting has in many cases replaced email. This has opened up a new potential delivery method for scammers to take advantage of and it isn’t going away any time soon.  

To help protect yourself remember the following:

  • Delete suspicious messages without opening them

  • Do not click on any links contained in a text message

  • Do not reply to suspicious messages

  • Do not provide any personal information

  • Block numbers that repeatedly send unwanted messages

  • Use an app that filters/blocks spam

  • Report the spam by forwarding it to 7726 (supported by Verizon, AT&T, TMobile, and Sprint) ***Be careful not to click on any links while doing this***




Baker College's Cyber Awareness Committee has assembled this informative PDF document to help raise awareness of Cyber Security among Faculty, Staff, and Students.