October is Cyber Security Month
By: Haley McCoy
The entire month of October has been dedicated to spreading awareness of cyber security now that this generation is built around the use of internet and technology.
Mark Gonzales, Information Security Manager of CSU-Pueblo, shared his knowledge about cyber security and said, “Cyber security is protecting ourselves from outside threats, meaning someone on the outside of the internet trying to come into our internal network.”
Gonzales said it is important to try and protect our infrastructure and data, data being the most important because the infrastructure (cabling, firewalls, servers and hardware) can be replaced, but your data can not be.
Michael McNeill, third year business finance major, said, to him, cyber security means protecting yourself from potential threats or hackers and keeping your information safe and secure.
“Cyber security can ensure your identity doesn’t get stolen,” McNeill said, “and for businesses it means protecting data, inventions, and preventing hackers from shutting down a company website or releasing private company information.”
“If Amazon were to get hacked and their website was shut down, the owner, Jeff Bezos can potentially lose $149,353 every minute the website is down, and that’s why cyber security is important” McNeill said.
Gonzales said we have so many different devices that we use, such as phones, laptops, tablets, desktop computers and certain employees have computers for work. To ensure safety on these devices, he said it is important to be aware of a hack known as “fishing emails,” that is the biggest cyber threat today.
“Fishing emails will look legitimate and like they are from a trustworthy source, such as someone you do business with or even a friend,” Gonzales said, “it will try to get you to click on a link, it is usually a call for help because as humans we want to try and help.”
“The most dangerous fishing emails are the ones that tug at your heart,” Gonzales said. Clicking on these email links may take you to a website that looks exactly like the real one, but it is a false website that is downloading malware onto your device, he said.
Gonzales said to check if it is a fishing email, before you click you can hover over the link with your mouse and it will show you the actual address of where the email is coming from. “The golden rule is to never click on those links,” he said, “type in URLs yourself.”
“Spear fishing” describes when a hacker wants to hack into a specific person’s account trying to do them harm, Gonzales said.
McNeill said he also avoids opening any sensitive or private accounts on any public Wi-Fi domains, including bank accounts or email, because it’s easy to backtrack the account information.
Gonzales said Facebook quizzes and games can also be a threat, especially the quizzes you enter personal information in. “Be careful with information you share,” he said, “the more you put into Facebook, the more information is collected, and a profile will be created about you and know how to attack you.”
“It’s not even a matter of who we are personally, it’s more about these ‘Bots’ sent from all over the world being able to find security holes in your devices,” Gonzales said. IOT devices (Internet Of Things) can also be a way hackers get through he said.
To ensure he’s protected, McNeill said he never saves his passwords on any internet engine, even in his own computer. Also, he said to use different passwords for all accounts, because if they are all the same and someone knows one password, they know them all.
Gonzales said to never write your passwords down and don’t save them anywhere in the cloud. Secure AES 256 encryption USB drives are available and today we cannot break into these, making this device a safe place to store personal information and passwords.
Security is a serious numbers game: 256-bit encryptions have 2 to the 256 power possible combinations or 115,792,089,237,316,195,423,570,985,008,687,907,853,269, 984,665,640,564,039,457,584,007,913,129,639,936 combinations, taking even a supercomputer thousands of years to crack, according to Patrick Nohe of the cyber security industry.
A Lexar AES 256 encryption drive with 64GB goes for $18.80 on Amazon. “It’s all about how valuable the data is that you’re trying to keep safe,” Gonzales said.
On secure passwords, Gonzales said, “A good Password is something easily memorized but difficult to reproduce.”
Here are a few tips:
The Institute of Standards and Technology (NIST) suggests the following for a secure password:
– The use of any ASCII characters (character, numbers, and symbols on your keyboard)
– 8 character min. and 64 character max.
– The use of at least one special characters (e.g. #, @, !, &, $)
– The use of at least one number
– No dictionary words
– No password complexity requirements (something easy to remember)
– No knowledge-based authentication (e.g. who was your best friend in high school?)
McNeill said those who are not aware of how easily account information can be retrieved by hackers are in danger and they need to be careful. “That’s how identities get stolen and cards get used to buy hundreds of dollars’ worth of nonsense in other countries,” he said.
Gonzales said for more information and higher education on cyber security visit Educause.edu.