Audrey Williams: Cyber Security Awareness Month

I love October. The leaves are changing color. The sky takes on that spectacular blue. But, October is also Cyber Security Awareness Month. I know, I know … that is sooooo very exciting (insert eye roll here). But, please put down your pumpkin spice latte for a second and spend a few minutes learning how you can make the Internet safer for everyone.

I will be sharing several blog posts this month on topics of cyber security, as well as what we do here at Pellissippi State to help make our network and data more secure, so be sure to check them out at http://blogs.pstcc.edu/cio/. But, today, I want to share some information about how you can be more secure online.

There are LOTS of ways to help make your identity, your money and your data more secure. The basics include keeping your computer and smartphone up to date, running security software, deleting unused/unwanted applications, and being smart about using public Wi-Fi in your favorite coffee shop and other locations. Another method to stay two steps ahead of cyber criminals is to use “two-step authentication.” It is also called “two-factor authentication,” or 2FA, which is a VERY fancy technical term for a pretty easy-to-use security option. Here is how it works:

We are all used to websites and services that require a username and password for our security. It is a big part of how we protect information here on campus as well. With about 28 percent of all identify theft in 2013 being account takeovers (where the intruder cracked the account password and got into the account), it is important to have a secure password. And we all know that it is important to use a different password for EVERY account, right? (I will wait for the laughter to subside.) It really is, though, and there are simple ways to help you keep up with all of those passwords. Don’t worry; I will cover that in a blog post soon.

Back to 2FA. When it is implemented into a system, you must use two things to log into your account:

  1. A password, passphrase or something else that you KNOW, and
  2. Something that you HAVE, usually a physical device, but it can be an alternate email address.

Businesses and organizations (like the Oak Ridge National Laboratory, for example) will provide employees with a fob that serves this function. But, for personal two-step authentication, the one physical device most of us have all of the time is — you guessed it — our cell phone!

Unfortunately, there is no universal way to enable two-step authentication, but it does work in a similar manner for many services. After you enter your username and password at a site that uses 2FA, you are prompted to then enter a phone number or email address as well. The service creates a code that can be used ONE TIME and sends it to you as a text or email. You enter that code and the access is given. Some services, like Google and Facebook, now offer an app for your phone that generates the code so you don’t even have to wait for a text or email to log into their service. I use the Google Authenticator app for my personal account, and it works very well. And if you don’t have your phone, Google can provide you a list of one-time use codes you can carry with you, which is handy when you are traveling and your phone battery dies.

Not every service offers 2FA, but many do:

  • Email providers like Google, Yahoo! and Microsoft Outlook
  • Social media like Facebook, Twitter, LinkedIn and Tumblr
  • Banks like USAA, Ally and Bank of America

If you would like to learn more about 2FA or see how to implement it with some of the services listed above, I found a great page that gathers lots of the “how-tos” in one location at the cyber security awareness site Stop. Think. Connect.

Have a safe and happy Cyber Security Awareness Month!!

Audrey Williams
Vice President of Information Services 

Source for Data: https://www.javelinstrategy.com/news/1467/92/1