Security Topics

Information security is an ever-evolving field. In an effort to combat security threats and disperse accurate, up-to-date information, we have compiled a list of glossary terms with which everyone needs to be familiar.

For more information on any of these topics, please get in touch with the information security team.

Phishing

Getting some "phishy" emails? Remember the mantra: STOP! VALIDATE! DELETE!

Learn more about phishing and what to look for here: A Deeper Dive: All About Phishing

 

Social engineering

Sometimes, hackers can get a little sneaky. Social engineering is when malicious actors forgo the use of complicated hacking techniques in favor of their own wits. So instead of using computing tools and technologies, they utilize psychological manipulation in order to get users (you!) to divulge personal information. Phishing is actually a form of social engineering.

Social engineering has been a wildly successful way to weasel money out of unsuspecting users. In fact, it is being used in more than two-thirds of hacking activities, according to numbers compiled by Social-Engineer.Org. And as more avenues of attack open up, humans have become the number-one target for hackers, displacing machines in the top spot.

Here are a couple examples of social engineering to become acquainted with.

Example 1: This is how hackers hack you using social engineering

In this video, a journalist has his cell phone account hacked during a demonstration at the DEF CON hacking conference. In a little under two minutes, the woman learns his personal email address, adds herself to his account, and changes the password. This is a stark example of just how easy it might be to trick telephone operators into giving your personal information away.

Example 2: CEO scam

This humorous video illustrates the craftiness of those malicious actors with a skit. Even though this video sets up a seemingly ridiculous and tongue-in-cheek premise of a hacker calling from his mom’s kitchen, the lesson behind it is real: Even if callers identify themselves as someone in a position of power, they could be trying to pull the wool over your eyes.

The best way to avoid the dangers of social engineering is to stay vigilant! If you experience anything suspicious (for instance, if you get an email from President Crawford asking for your bank account information), please contact InfoSec@MiamiOH.edu right away.

Ransomware

Ransomware is an important concept to understand within the information security field. This is a kind of malware that keeps users from accessing their systems by locking either the screen or files. A specialized kind of this family of malware is called ‘crypto-ransomware,’ in which the malicious program encrypts all of the user’s files, making it even more difficult to recover the data. These programs get their name from the fact that they hold data for ransom - asking for varying amounts of money in order to get the data unlocked.

Ransomware is a real threat. Research firm Cybersecurity Ventures predicted that in 2017, losses due to ransomware would skyrocket to more than $5 billion, up from $325 million in 2015. This exorbitant amount includes the cost incurred from lost productivity, lost files, and damage of reputation, among others.

To protect against ransomware, there are a few things you can do:

  1. Back up your data.
  2. Update your computer’s software.
  3. Be suspicious of links sent to you in emails or social media messages, even if they appear to come from trusted friends.

If you suspect your computer has been compromised, immediately disconnect from the wireless network in order to prevent a possible infection from spreading.

VPN

In order to access Miami University files and programs from a location off campus, you have to use what is called a ‘Virtual Private Network.’ This is essentially an added layer of protection on our proprietary data, keeping Miami information safe from anything malicious that may be lurking on outside networks.

When you sign in with your computer or mobile device, the VPN encrypts all data sent from your computer to Miami - meaning that even if a hacker were to intercept the information, it’s not that easily decoded. This comes in handy when you need to do some quick work from home or access a file (such as your W-2) from another device.

For more information about VPN, visit the Knowledge Base.

To learn about how to get the VPN client for your devices, read our helpful article in the August 2017 Tech Talk newsletter.

Password strength

Your MUnet password is used to log in to services like myMiami, Canvas, BannerWeb, Miami Directory, and email. We require that you change your password once every 180 or 365 days, depending on the complexity/strength of the code you choose. Essentially, the stronger the password, the more complex: For example, using letters, numbers, and special characters makes it harder for potential malicious actors to guess your password.

The full policy regarding how often, why, and when you change your password can be found in the Knowledge Base.

Check out our article on password security for some password dos and don’ts to ensure you’re making the best logins possible.

Two-factor authentication

This is an important concept when it comes to password strength. Two-factor authentication puts up another wall between your private information and would-be attackers. It requires users to fulfill a second step in order to log in to their accounts. Often, the service asks for a PIN or a temporary passcode that can be retrieved via an app or text message.

In order to strengthen our security practices even further, we are moving to Duo Security mandatory two-factor authentication on all protected Miami resources. Read more about that move and why we are doing it on the Duo frequently asked questions page.

Get to #KnowIT

What are we doing to improve information security at Miami University? Visit our Security Enhancements page to learn more about one of our Top IT Initiatives.

We have also dedicated an entire folder in our Knowledge Base to Duo two-factor authentication. If you would like more information about two-factor, how to enable it on various devices, or how to manage settings, please visit the KB and get to KnowIT!