Do You Know Where Your Data Is?

We keep pretty good track of our paper lives. We can quickly locate driver’s licenses, birth certificates and wedding albums. We know what’s in the family lock box or file cabinet. Our online stuff, however, can be trickier to pin down. Was that file on my desktop or in Google Drive? Did I download those pictures to my laptop or are they still on the digital camera? There’s a lot of cyberspace out there, and it’s easy to lose track of what went where.

Sometimes that’s ok - most computers are littered with abandoned, half-finished documents and spreadsheets. But there’s some stuff we really want to keep tabs on, like sensitive work information or important personal data. The rising threat of ransomware makes this even more important: one bad phish-click could lock us out of all our data - junk and treasure.

This month, take a few minutes to assess what you’ve got where and protect yourself from a potential ransomware or hardware disaster by backing up the good stuff.Man looking at storm and talking to son saying: It's nothing to be frightened of, it's just nature's way of reminding us to back up our data.

Where Your Data (Probably) Is
First, a quick overview of common storage options at UD and where they leave us with regard to data backup and recovery.

  • Novell: These shared UD network drives are perfect for highly sensitive or critical work information. Data you store here is very secure and saved offline by our IT techs daily - you don’t even have to think about it.
  • Google Drive: A convenient tool for collaborating and sharing documents. These aren’t backed up, per se, but if you delete something it stays in the “trash” until you intentionally empty it. For several reasons (available upon request), UD’s Google Drive isn’t particularly at risk in a ransomware attack. Of course, if there’s anything absolutely critical stored here, you’ll still want to have a backup copy somewhere else. Just in case.
  • Computer hard drive: Saving files to your office workstation is easy and secure (assuming you don’t walk away while you’re logged in). But things stored here are at risk of both ransomware and good old fashioned hardware failure. So save important files to an offline external hard drive periodically.

Cartoon of floppy disk talking to USB flash drive saying: I used to have your job. Now I'm lucky if I can find work as a drink coaster.

On the virtues of an external hard drive
It’s a good idea to invest in an external hard drive. They’re like a USB drive, but bigger, faster and less likely to fall out of your pocket. Periodically plug it into your computer and copy over the files/documents/pictures you want to keep safe. Then unplug and put it away somewhere else. This way if your computer has problems (self or hacker-inflicted), you’ll have an “off-site” copy of your most important stuff.

NOTE: The “unplug and put it elsewhere” is key - in a ransomware attack, anything “attached” to your computer will be affected (including other external media - like a USB drive - plugged in at the time) . So make sure your off-site backup is truly off the site.

These beauties aren’t too pricey, either. We found a 1 terabyte drive for $50. That’s a pretty decent size. Take a look:Infographic showing how much storage 1 terabyte holds

Free Computer Equipment Disposal Event

A Wiping, Disposing & Recycling Event
May 22-26, 2017
Drop-off Hours: 8:30 am to 4:30 pm
Drop-off location: UDit Service Center (43 Anderson Center)

Back by popular demand, our IT Service center is once again offering FREE disposal for your personal computer equipment.

Technicians will:

  • Wipe stored data from computers/drives or destroy unwipable hardware
  • Reset devices back to “factory settings” to remove stored data
  • Dispose of un-recyclable materials according to legal standards
  • Recycle phones, batteries, cords, and computer components

Bring Your:

  • Personal computers (towers, CPUs, all-in-ones)
  • Monitors under 22”
  • Laptops
  • Tablets
  • Cell Phones
  • Hard drives
  • External drives
  • Printers
  • Scanners
  • Modems
  • Cameras
  • Cords, adapters, electronics accessories
  • Batteries

Sorry, we cannot accept:

  • Monitors larger than 22”
  • TVs
  • DVD/VHS devices
  • CD Roms, diskettes, flash drives

Taking Control of Passwords: Password Management & Managers

Cartoon boy talking to brain saying: Hey brain, do you remember my password for this?Perhaps you’ve heard tell about a magical tool called a “password manager,” software you download to your computer, phone and/or web browser to store all your passwords and regurgitate them as needed to painlessly log you into your various stuff. The password manager itself is secured by one super-duper secure password - the only one you’ll ever need to remember again.

Password managers attempt to address the following password perplexities:

  • Remembering the millions of username/password combinations you’ve created for web sites and services
  • Generating new, complex passwords as needed
  • Facilitating ICE (“in case of emergency) password handoffs so loved ones can access your accounts if something happens to you
  • Changing a password in the event it’s compromised (and everywhere you may be using it)

Two people waving saying: Have fun remembering your password! Think they'll remember it? It'll take a miracle.

Are Password Managers Safe?

This may sound reminiscent of the old adage about eggs and a basket. Earlier this year, LastPass, a prominent player in the password manager market, was compromised by hackers. Other password management services have reported similar kinds of exploits and breaches.

But this isn’t surprising. Of course hackers are going to target these services - they’re little password gold mines. But as long as the technical teams are on the ball in correcting and communicating problems as they occur, this shouldn’t be a deal-breaker. Monica Eaton-Cardone, chief information officer of an international technology firm specializing in risk mitigation, offers her perspective on this matter in this recent article:

"Internet breaches have become the third certainty of life [. . . .] At the end of the day, everything gets hacked. I look at it this way [. . . .], if I have a third-party vendor, this vendor is taking on such liability they have a lot more to lose if they experience a hack than I do."

That seems fair, but still doesn’t mean a password manager is the best (or only) answer to our password management needs.

What’s Your Computing Lifestyle?
Like driving over the speed limit, we’re constantly weighing risk and reward. Password management is an insurance policy and each of us have a different tolerance for and susceptibility to risk.

Sticky note that says: the faster I type in my password, the more secret-agenty I feel.

So, take a minute and consider - what risks are most likely with your computing habits? Are you concerned about internal risks like nefarious office visitors, or the kids buying stuff on your Amazon account? How easy is it for unauthorized folks to get their hands on your actual computer or phone?

Are you concerned about external risks like a hacker in North Dakota cracking into your bank account or data? Do you frequently use public wi-fi? Does your job require you to access financial systems or transmit sensitive data, making you a more attractive target for spearphishing?

Your answers to these questions may help determine which password management style is best - and safest - for you.

Zen and The Art of Password Management
What are our options for password management? They seem to fall into four categories:

  1. Software-based (e.g. password managers)
  2. Browser-based (e.g. “saving” passwords to a web browser)
  3. File-based (e.g. a document stored on your device’s hard drive)
  4. Paper-based (e.g. post-its, notebooks, etc.)

Our research so far suggests that, employed wisely, any one of these four can do the trick. It all depends on what you’re looking to accomplish.

Next month, we’re going to figure out how a body should grab this password bull by the horns. We’ll go into more detail about each option and provide suggestions from our research on the topic.

In the meantime, shoot us a line with any questions, comments or experience you have regarding password managers/management (some swag may migrate your way). We’ll try to work these into our June round-up.

The Phish Commish Says: Attachments Can Attack

Attachments are like candies: be wary about accepting them from strangers. Case in point: A phishing message convincing thousands of Ohioans to click on an attachment last month won hackers up to 35 million dollars (read more >>).

That said, many of us on campus receive unsolicited attachments as part of our work corresponding with potential students, parents and other external parties. In this case, the best defense is a good . . . defense. Keep your anti-virus (and other software) updated so your computer has the best self-protection tools at the ready.

And if an attachment asks you to “enable macros,” just say NO. Malicious macros have become an increasingly common way of delivering ransomware. Here are a few other red flags to watch for:ATTACHMENTS: #1. The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me this type of attachment.) #2. I see an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.

April Phish Training Rundown
Curious about last month’s phishing exercise? You’ll see the click landing page below. Though, based on the click stats, over 1 in 5 of us already saw it (whoops). Scammers know these kinds of ploys are temping (“curiosity gets the cat” and all that). If you can’t easily verify the actual sender, be sure to check for other red flags before clicking. Oops! You clicked on a simulated phishing email message. These are some of the RED FLAGS you missed: SENDER: 1) Gmail Warning Icon: Gmail is not able to confirm that the email is coming from whom it says it's coming from. Although this isn't always a problem, it is certainly something you should consider as a possible warning. LINKS: 2 and 3) Hovering on the link reveals a suspicious destination unrelated to the content: http://kn0wbe4.compromisedblog.com/XcmVPjaXBpZWv50X2lkPTmI5NzA3gNMzc3YNCZjYW1w= PERSONALIZATION 4) Personalization is no guarantee of a safe message. Phishing emails often contain easily obtained personal information such as name or job title. For more information, contact the IT Service Center, itservicecenter@udayton.edu, or visit go.udayton.edu/safecomputing.

Reading Room

  • Here’s a new Pandora jewelry scam just in time for Mother’s Day
  • Looking online for a furry friend to add to your family? Don’t fall for this puppy fraud.
  • The Pew Research Center put together a 10 question cyber-security quiz. Test your skills! (And if you reply with your score, we’ll send you a little something.)
  • Scammy text messages? As if we didn’t have enough to worry about already. . .
  • After all those warning about tax scams, now the IRS might *actually* be calling you to collect. Read more (including comment by UD’s own Dr. Randy Sparks).
  • Don’t Become a Data Point. Data about you is being collected in many places whether you realize it or not. Info security expert Bruce Schneier gives 4 ways to protect your personal data and defend against unwanted surveillance including an easy to use browser add-on called “HTTPS Everywhere” that encrypts everything you do online.