Cyber Security Clinic

What is malware and how do I protect myself from it?

Malware (MALicious softWARE) is a generic term covering a range of software programs that are designed to damage computers or to obtain unauthorized information from computers. Some specific types of malware include viruses, worms, and Trojans.

To best protect your device from malware we suggest you make use of anti-virus software. This type of software is designed to detect and destroy computer viruses. Anti-virus should be updated frequently, and scans should be run regularly.

Additionally, make sure you have the latest software versions, minimise the number of downloads you do from the internet, and don’t automatically click on links within emails.

How do I secure my home router?

If you have WIFI at home you will have a wireless router, sometimes referred to by companies as a Hub.

One of the key things you should do is change the default username and password because they are often well known and easy to guess. Some manufacturers might not allow you to change the username, but at least the password should be changed.

This will help prevent unauthorised individuals accessing your network.

How can I make my password stronger?

The strength of your password directly affects how easy it is to guess that password or how long it takes a hacker to crack it. In many cases, hackers gain access to an account because the account’s owner set a weak password.

To set a strong password:

Create a longer password. The more characters you use, the harder the password will be to guess and the longer it would take to crack. UDelNet passwords must be between 12 and 30 characters long.
Never use a single dictionary word or name as your password.
Use a variety of characters, including uppercase letters, lowercase letters, numerals, and special characters like punctuation marks.
Never choose an obvious password like “password,” “password1,” “12345,” or “00000.”

What is Two-factor authentication (2FA)?

Two-factor authentication (2FA) is a means of protecting your digital accounts from unauthorized access and use.

Typically, you log in to an account by providing your username and password. This is a quick way to log in, but hackers can easily access your account if they steal or crack your password.

If your account is protected by 2FA, then you will need to provide the standard username and password combination and then a second authentication factor (such as a temporary security code or the answer to a security question) to log in. Even if hackers steal or crack the password to a 2FA-protected account, they still can’t log in to it without the second factor.

How do I know if a website is secure?

Firstly, you need to ensure that the web links that leads you to the website is obtained from legitimate publications of the website owner or other trusted sources. Do not follow the web links provided by untrusted sources (e.g. Internet mails) without careful checking.

If the website requires you to enter sensitive information, it should provide a ‘server certificate’ for you to verify its authenticity. You can examine the content of the certificate, the issuing certification authority (the green lock, the validity period and whether the certificate has been suspended or revoked.

If you are in doubt, leave the website and contact the related website owner or organisation for further information.

How do I prevent spam?

Spam is any kind of unwanted and unsolicited communication through an online medium. That could be unwanted email, instant message, text message, or social media message, among other forms of internet communication.

One of the most effective ways to control spam emails is to use protective software known as filters. While you cannot stop people from sending spam emails to you with anti-spam filters, you can stop the messages from showing up in your inbox and have them deleted automatically. Filters allow you to easily block any email messages carrying specified addresses, domains, subjects, or text from entering your inbox. Some popular email programmes already offer spam-filtering features. A number of separate filtering tools that work with popular email packages are also available on the market. However, filters may sometimes fail to identify spam emails, or (less likely) classify legitimate emails as spam messages.

What is Phising and how do I identify phishing emails?

Phishing is a cyber-attack in which scammers send fake emails with intent to steal your personal information or get you to download malware. Common examples of phishing emails include unexpected “special offers,” notifications that your email account is reaching its quota or may be suspended, or classic scams like the Nigerian advance fee fraud.

Most phishing emails use common tactics:

A fake or spoofed sender to create a sense of legitimacy. For example, “IT Help Desk” or a name from your contact list.
A sense of urgency. For example, “Your account will be deactivated in 24 hours.”
Typos, poor grammar, unusual wording, or other obvious errors.
Links that don’t go to real or legitimate websites. For example, “udel.com” or “udel.edu.biz.”
Suspicious attachments. For example, an unexpected “court summons” or “the files you asked for.”

Avoid falling victim to phishing scams. Always verify that the sender is legitimate and that the links go to trustworthy domains. Look for mistakes in the information or wording of the email. If you have questions about the email’s content, contact the alleged sender through a separate channel.

How do I protect myself on social networking sites?

When you use a personal account on a social networking site, you are in control of the information you share, including what you share and who can see it.

Limit the amount of personal information you share through your social networking sites. For example, consider whether you need to share your date of birth, hometown, birth town, the names of pets, etc. While this information may sometimes be interesting to friends, it’s also the kind of information most often asked for by security questions, and attackers can potentially use the information you post on your social media accounts to impersonate you or bypass some kinds of authentication procedures.

Remember, too, that any information you share on the internet can be shared by others. Once you post something, you can’t necessarily delete it; sharing and archiving features make it so that your information persists online, sometimes in unsafe locations. Personal photos in particular are often propagated, so think twice before posting a picture of yourself that you wouldn’t want friends, family, or employers to see.

Check your account’s privacy and sharing settings and limit who can see your posts and personal information. For example, you may choose to censor certain personal information such as your birthday so that only people on your friends list can see it. Think about whether you need location services turned on or whether you want other people to be able to tag you in photos.

How can I secure my mobile?

Back up your mobile device’s data to protect yourself from data loss or corruption.
Encrypt your mobile device with whole-disk encryption to protect its data from being read or misused if the device is lost or stolen.
Password-protect your mobile device to prevent others from accessing its data and apps.
Regularly patch your mobile device’s software and firmware to protect it against the newest vulnerabilities.
Physically secure your mobile device in locked offices or cabinets when possible. Never leave mobile devices unattended in public locations.
Configure your mobile device for remote management. Enable it to automatically erase data after ten failed password entries in a row and to be remotely locked, located, or erased at your request.
Configure your mobile device to automatically lock after five minutes of inactivity.