Dear Sirs and Madams,
Welcome to your July Savvy Cybersecurity newsletter. Read on to learn more about:
- It's time for H4CKTIVISM
- DOD increases their focus on cybersecurity compliance
- Apple to help protect the highly vulnerable
- And more
3 Cybersecurity Tips for College Students
Going off to college for the first year is an exciting time for students. There are a lot of things to take care of before arriving on campus—finding a roommate, picking classes, and buying books. Amid everything going on, students also need to be aware of new cybersecurity threats they will face on campus. These tips can help protect students from hacks, scams, and thefts.
- Beware of public Wi-Fi
While on campus, students will have access to Wi-Fi nearly everywhere. But not all Wi-Fi is created equal. Since all students and visitors to campus can likely access these networks, it is important to be cautious when sharing personal information online such as credit card numbers.
Unless a student lives off-campus, it is unlikely they will have their own private Internet network. A good alternative for students is to invest in a VPN, or Virtual Private Network. A VPN is an app that will create a private Internet connection for its user on any public Wi-Fi network. The VPN essentially creates a private tunnel between your device and the network. When connected to a VPN, you can feel more confident logging onto your online banking or submitting your credit card number online.
Students should consider investing in a VPN when going to school (some schools may even provide one). There are free and paid versions of VPNs, but the paid versions are more comprehensive and are reasonably priced. Some highly rated VPNs include NordVPN, ExpressVPN, and CyberGhost.
- Choose strong passwords
Students should also up their password game before heading to school. Email accounts, financial accounts, and any school accounts must be protected with strong, unique passwords.
You may want to share some of these password techniques so students can begin creating their own unique passwords that are tough to crack but memorable.
- Mnemonic device password: Your child is likely already familiar with mnemonic devices to remember the order of the planets or the colors of the rainbow. They can use this same technique to create a strong password. Encourage them to take a line from a favorite song or book and use the first letter of each word to create a password. This will be easy for them to remember, but tough for a hacker to crack.
- Goal setting password: Does your student have a goal for the school year? Maybe they want to get straight A’s? Keep this goal front and center by turning it into a password! Every time they type their password, they’ll get a boost of motivation towards that goal.
- Lock your devices
Students may find themselves doing work in public places like the library, lounge, or dining hall. They may need to step away from a device in these places which can leave them vulnerable to physical theft or identity theft. Even if a friend is watching the device, students should get into the habit of locking or logging out of their devices before stepping away.
Students should also ensure they have a passcode on their smartphone and tablet. These items can easily be lost or stolen. A passcode will help protect all the data on the device from being accessed. It is also good to enable the "find my device" feature on all devices in case they are lost or stolen.
College is an exciting time for young adults. These tips can help ensure students don't need to deal with identity theft while on campus.
Department of Defense increases focus on cybersecurity compliance
In June, the Department of Defense issued a memorandum reminding contracting officers of their ability and obligation to enforce cybersecurity requirements under the DOD contracts. Failure to take these steps could result in the termination of existing contracts or loss of future opportunities. Read more about the memorandum in detail here.
Apple to release security feature to protect the highly vulnerable
Apple announced that they will be introducing a new security capability known as Lockdown Mode that was created to protect highly vulnerable targets like political activists, journalists, and others who may be targets of government surveillance. The company plans to roll out Lockdown Mode features in fall 2022 as part as iOS16, iPadOS16, and macOS Ventura.
Why employees violate cybersecurity policies
Over the last couple of years, there have been many cybersecurity policies put into place. A National Science Foundation research study of remote, diverse, employees had found that most cybersecurity compliance failures result from intentional but harmless attempts by employees who are only trying to perform their work-related tasks. Learn more about how this happens here.
Why quantum hacking may be the next big cybersecurity threat
Scientists are getting much closer to developing a quantum computer, which is a new kind of system that can execute in minutes calculations that today would take hundreds of years to complete. Research on quantum computing hardware is growing quickly. With more developing knowledge, quantum computers will also revive the risks from past breaches, because hackers will be able to use the hardware to decipher data they've already stolen. Read more about what quantum hacking is, and why it's likely to become the next big threat.
Biden Administration signs two bills into law
At the end of June, President Biden signed two bills to combat the war on cybercrime. These two bills are the "Federal Rotation Cyber Workforce Program Act" and the "State and Local Government Cybersecurity Act" (2). The first will create a rotating program for cybersecurity and information technology professionals to have the opportunity to work in various federal agencies. The second looks to improve coordination between DHS and local governments.
Time for some H4CKTIVISM
As the Supreme Court has overturned Roe v Wade, state and local governments must prepare to respond to a new round of cyberattacks coming from groups claiming to be protesting the ruling. SiegedSec, a ransomware group that came onto the scene coincidently days before Russia's invasion of Ukraine, publicly announced that it had breached the servers in Arkansas and Kentucky state governments as a response to the supreme court's decision, stating "Time for some H4CKTIVISM!"
Google: Google Chrome confirms their fourth zero-day exploit in 2022.
Apple: This month, Apple expanded its industry-leading commitment to protect users from highly targeted mercenary spyware.
Microsoft: Microsoft has released updates to address vulnerabilities in Microsoft software.