ISSUE

::::~~1; TechnologyToday

Social Engineering Red Flags

►

►

►

►

►

►

In th is issue Social Engineering & Backups P .1

Cell Phones & Passwords P .2

Wi-Fi & Smart Speakers P.3

Reminders P .4

Keep Calm and Do Backups

When was the last time you backed up your important documents and files? If your computer crashed and you lost everything, what would you do? Please note that it is your responsibility as a GNTC employee to keep backups of your important documents and files. You can backup to an external drive, but due to the threat posed by ransomware, you should always disconnect your backup device and store in a secure location when not in use.

If you are storing personally identifying information, or confidential user information to an external drive, it must be an encrypted drive per TCSG policy.

You could also keep your important documents in your Office 365 OneDrive account for extra security. ◊

We have provided a list below from KnowBe4 that explains items you should watch out for every time you receive an email. You should also pay attention to any Microsoft warnings and informational messages that may appear at the top of an email. We easily dismiss many messages that may be warning us. Being hyper vigilant will help to protect us all from Malware and Phishing attacks.

From • I don't recognize the sender's emailaddress as someone I ordinarilycommunicate with.• This email is from someone outside myorganization and it's not related to my jobresponsibilities.• This email was sent from someone insidethe organization or from a customer,vendor, or partner but is very unusual or outof character.• Is the sender's email address from asuspicious domain (like micorsoft-support.com)?• I don't know the sender personally andthey were not vouched for by someone Itrust.• I don't have a business relationship norany past communications with the sender. This is an unexpected or unusual emailwith an embedded hyperlink or anattachment from someone I haven'tcommunicated with recently.

To

• I was cc'd on an email sent to one or morepeople, but I don't personally know the otherpeople it was sent to.• I received an email that was also sent to anunusual mix of people. For instance, it mightbe sent to a random group of people at myorganization whose last names start with thesame letter, or a whole list of unrelatedaddresses.

Hyperlinks • I hover my mouse over a hyperlink that'sdisplayed in the email message, butthe link-to address is for a different website.(This is a big red flag.)• I received an email with a hyperlink that is amisspelling of a known web site. For instance,www.bankofarnerica.com - the "m" is reallytwo characters - "r" and "n."

Date • Did I receive an email that I normally wouldget during regular business hours, but it wassent at an unusual time like 3 a.m.?

Subject • I Did I get an email with a subject line that isirrelevant or does not match the messagecontent?• Is the email message a reply to something Inever sent or requested?

Attachments The sender included an email attachment

that I was not expecting or that makes no

Continued on page 2…

-

How to Restart in Windows 10

Password Security

Social Engineering Red Flags (cont. from pg. 1)

sense in relation to the email message. (This sender doesn't ordinarily send me this type of attachment.) I see an attachmentwith a possibly dangerousfile type. The only file typethat is always safe to clickon is a .txt file.

Content • Is the sender asking me toclick on a link or open anattachment to avoid anegative consequence or togain something of value?• Is the email out of theordinary, or does it have badgrammar or spelling errors?• Is the sender asking me toclick a link or open up anattachment that seems oddor illogical?• Do I have anuncomfortable gut feelingabout the sender's requestto open an attachment orclick a link? Is the email asking me tolook at a compromising orembarrassing picture ofmyself or someone I know?©KnowBe4

Protect Your Cell Phone Cell phones need to be password protected because they can provide access to most all of your accounts, including banks, emails, social media, etc. Also, be sure to have a backup of the data from your phone. It is a best practice to sync your phone data to cloud storage or your computer, which also should be secured, updated, and password protected. Never put personal data on a GNTC

First -Click on Windows icon

Second -Click on the power

Lastly, click on Restart

Your username and password is a gatekeeper to our network and the information within. You simply MUST protect that credential to avoid network and/or data compromise.

Below are some excellent guidelines for both GNTC password security and password security in general.

Today, you simply must use more complex and lengthy passwords: 12 characters should be a minimum… and 15+ characters is better.

Use different passwords for your various accounts. A suggestion might be: use 1 PW for your

business (GNTC) account another PW for your

bank account another PW for your

Credit Card Another PW for your

social media accounts This way, if someone gets your Facebook password, they won’t have the password to your bank account, or our GNTC domain.

Always keep your personal passwords separate and different from your GNTC passwords.

Update your passwords periodically – TCSG and GNTC policy requires changing your network/ email/domain password a minimum of every 90 days and our system will automatically require that; however, some other systems you use may not automatically enforce periodic password changes— change them anyway periodically!

Every Monday Please restart your computer every Monday, or at least the first day of the week that you are on campus. We release computer updates every Friday. Often these updates need a restart to complete installation. By restarting your PC, you can eliminate many of the ‘weird’ errors that updates may cause. ◊

We also suggest using a software program to store your passwords; some phones have these apps included by default. Always password protect your device that has password software or a password app! You can research password managers for one that suits you. LastPass and KeePass are two top rated apps that are free. We offer these as suggestions to help keep you secure both at work and away.

Finally, never share your password with anyone else or use another person’s password. It is a violation of GNTC and TCSG policy as well as generally accepted security practice. If you must keep a password written down, you must keep it secure as you would a credit card (please consider a password keeper program/app as mentioned above). ◊

owned device. ◊ GNTC is a Unit of the Technical College System of Georgia and an Equal Opportunity Institution.

’

Best Practices for Wi-Fi WebEx Unencrypted Public Wi-Fi Best Practices: don’t use it. If you have to, there are some things you can do. First, make sure that your laptop/device is up-to-date, including operating system, anti-virus, and anti-malware software. Surf smart and never access sensitive data such as your bank account or shop on public Wi-Fi (or access any accounts where you have to enter a password in general.) Make sure that you have the firewall turned on. Turn off file sharing and AirDrop options. A better option would be to use your own Wi-Fi by using your smart phone as a mobile ‘hot-spot.’ Encrypted Public Wi-Fi: commonly found in places

such as hotels, and requires that you enter the encryption password. While this is a much safer alternative, they are still subject to man in the middle attacks. Verify the true name of the SSID with the hotel staff before connecting, and don’t proceed if you encounter any certificate error messages. Home Wi-Fi best practices: password protect your router with a strong security key. Do not keep the default password, and use a good Wi-Fi security standard and encryption protocol (i.e. WPA2-AES) with a really strong security key/ passphrase (pre-shared key). If you want to go a step further, you could configure your wireless network to allow access only

to the MAC addresses of your specific devices. GNTC Wi-Fi: you can connect to our Wi-Fi on campus without using a password by connecting to the open, non-encrypted wireless ‘GNTC Guest’. You can also connect to the encrypted ‘GNTC Faculty/ Staff’ network using your network credentials. It is best to use the GNTC Faculty/Staff, if possible. However, please do not slow down our Wi-Fi by streaming media (including music, movies, and videos) on your device. For more information, please visit TechServ – How To’s from the Faculty & Staff Resources page.

PS: You might want to turn off your Wi-Fi on mobile devices when not in use.

Artificially Intelligent Smart Speakers

Smart Speakers such as Google Home and Amazon Echo are all the rage right now. These wireless devices use voice controlled AI assistants to interact with various systems locally and online. While very cool, convenient, and ‘Jetson-like’ you should be aware that there are security issues that come with this kind of technology. It is a good idea to research the security issues of your particular device. Symantec recently published an article ‘A guide to the security of voice-activated smart speakers’ that sheds light on some of the particular security issues so that you can avoid them. ◊

Did you know that you could attend a meeting from your office using Cisco WebEx? You do need an account if you plan to host a meeting. Otherwise, the meeting host will send an email to the participants with a link to join the meeting. If you need a WebEx host account, please submit a Support Request, and we will create one for you. An account is not necessary just to join a meeting.

This collaborative software program is available for your use at GNTC for the purpose of web conferencing with other campuses or with external contacts. TCSG has purchased Cisco s WebEx software as our agency web conferencing standard. Therefore, we do not recommend use of other similar software such as Skype, GoToMeeting, etc.

For more information visit the WebEx page located on the Technology Services website. ◊

Intranet Resources: Support TechServ vWebReports GNET2 MyGNTC

L~ NORTHWESTERN TECHNICAL COLLEGE

All_GNTC and Off-Campus Access with VDI Reply All Faculty/Staff: As the saying goes, You may be familiar with using our VPN (Virtual Private Network) for off-campus access, but ‘Nothing Good Ever there is another way which offers some security advantages. Using our VDI (Virtual Desktop Comes From Hitting Reply Infrastructure) technology gives you access to a clean, virus-free, virtual Windows 10 comput-All’. This holds true er that is on our network, so you can access the internal resources you need. Using VDI helps especially on emails that protect our network by preventing the potential transmission of malware from your personal were sent to the All_GNTC computing device to other systems at GNTC. Please view the GNTC website and click Faculty & group. So if you send an Staff Resources at the bottom for more information, including links to connect to the VDI. email to All_GNTC, put it While VDI is a great option for Faculty & Staff from personal devices, if you have a GNTC laptop in the Bcc field. assigned to you, you should probably just use the VPN.

Students: The Student VDI is also a great option for students to use! They will have the same Windows 10 with Office experience that they have on campus. This is great if their computer has some issues or does not have the correct software installed. Please encourage your students to use this option for off-campus access. It works GREAT! For student VDI information click on the Email page, then click ‘Student VDI’. ◊

If you want to reply to an Laptops and Mobility Devices email, please click ’Reply’, Some of you may not be aware of this, but it is required for you to bring in your GNTC laptop not ’Reply All’. Unless it is or tablet to Technology Services every 3 months in order for us to run updates and check the absolutely necessary to all device for malware. To setup a time to bring in your device, please submit a Support Request. involved. In the request, choose the ‘IT Support Issue Type’ named ‘Laptop/Tablet Updates or Issues’. ◊

TechnologyToday - Issue 2018

Security Reminders At A Glance You must enter each request for Back up your data often Never give your account

IT support in our Support If you have forgotten your credentials to anyone or sign in System. Please do not email password, you should go to Office for someone else to use your Technology Services personnel 365 online and click ‘Can’t access account. with support type issues and your account’. questions. You are responsible for locking

Make sure to be vigilant of your computer when you step Please do not eat or drink potential phishing emails. Do Not

away from it. around computers click links in emails, unless you are

expecting it, even if it is from In a classroom, instead of locking

Restart your PC weekly someone you know. Always hover the computer, log out. Otherwise over a link to see the URL. you can tie-up resources and

Do not connect your personal possibly cause issues for others laptop to a wired Ethernet port Turn in your laptops for updates! using the PC. at any GNTC campus; use Wi-Fi

instead Family members or any other non-

GNTC employee should never be It is your responsibility to keep using your work devices such as

your PC and mobile compute laptops, tablets, computers, or devices clean, and free of dust phones. and debris.