Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

At Home

  1. When possible, use separate devices for work and personal use.

    1. Separate devices reduce the risk of work-related data loss or compromise.

  2. Firewalls and Anti-Virus - use the Microsoft firewall & anti-virus (or purchase a 3rd party anti-virus)

    1. Firewalls prevent internet-based attacks from hacking into your computer

    2. Anti-Virus prevents malware infections of your computer (Note: Ransomware can evade AV detection)

  3. Wireless router - at a minimum, use WPA2 (Wi-Fi Protected Access 2) to keep wireless traffic secure

    1. Secure wireless connections prevent others from unauthorized use of your wireless network.

  4. Keep wireless router and modem firmware up-to-date

    1. Out of date wireless routers or modems expose them to online takeovers or compromise

  5. Secure IoT devices (smart speakers, doorbell camera, etc) - use strong, unique passwords

    1. IoT devices ship with weak passwords (admin/password, etc) that are widely known by hackers.

Traveling

  1. Caution with free Wi-Fi when accessing email/bank accounts in public spaces (airports, coffee shops)

    1. Fake public Wi-Fi access points will intercept wireless traffic and collect email/bank IDs/passwords.

  2. In public spaces, use a VPN (Virtual Private Network) to access email/bank accounts.

    1. VPN encrypts wireless network traffic and prevents interception of network traffic.

  3. Keep devices secure and accounted for at all times.

    1. Small devices (cell phones/tablets) are targets for thieves for reselling or extracting data.

  4. Don’t use borrowed chargers or public charging stations. Use your own charger.

    1. Unknown chargers may contain malware installed to collect email/bank IDs and passwords.

Online

  1. Practice good password hygiene

    1. Do not share your password or write it down.

    2. Where possible, use 8-16 characters; mix of upper-lower case letters, numbers, and symbols.

  2. Do not save passwords in your browser.

    1. Browsers will autofill a password, which is a financial risk for online bank accounts.

  3. Ransomware (Think before you click!)

    1. Email is the major source of ransomware infection and compromise (90% of infections)

    2. Tricks user to click on a malicious link or attachment (known as social engineering)

    3. Ransomware is embedded in a link or attachment and infects your computer.

    4. Encrypt/exfiltrate data, cripple computer, ransom demand (Bitcoin) displayed on monitor screen

    5. Hackers: lucrative income, Bitcoin is untraceable, low entry cost, prosecution rate low, black market

  4. Scams

    1. Emails/phone calls are sources of scams (Fake virus infections, blackmail, unpaid bills, repairs)

    2. Scare tactics used to cause a user to comply with payment demand (social engineering)

    3. Causes a user to click on a link or call a number to make payment (typically credit/debit card)

    4. Impacted users must contact their financial institutions to protect their bank/credit/debit accounts.

ID Theft

  1. Unauthorized access to personal financial information (ransomware, scams, hacking, dumpster diving)

  2. Use of financial information: bank account withdrawals, loans, purchases, mortgages, illegal activity

  3. Financial institutions & credit reporting agencies contacted right away to prevent further damage

  4. Change logins, passwords, and PINs for financial accounts immediately.

Adapted from sources: FBI, FTC, KnowBe4, Infragard, American Bankers Association (ABA)
Resource: FTC - ID Theft Recovery Guide - https://www.consumer.ftc.gov/articles/pdf-0009_identitytheft_a_recovery_plan.pdf

Department of Information Technology - Kirk Kerkorian School of Medicine at UNLV