cyber safety month summary
TRANSCRIPT
All of this information and more is available on the ICTS website at www.icts.uct.ac.za | Anti-Virus & Security | Cyber Safety Month, as well as on our Facebook account at www.facebook.com/icts.uct
CYBER SAFETY MONTH HIGHLIGHTS
This slideshow outlines and summarises the most important lessons we hope you took away from our cyber safety month
DID YOU KNOW?
• 1 in every 436 emails are malicious
• 1 in every 1.48 emails are spam (67% of all emails)
• 1 in every 171.2 emails is a phishing attack
• 1 in every 340.9 emails contains malware (malicious software)
• 2200 malicious websites are blocked by ISPs per day
Do you ever think twice about what you do or say online? Do you know what phishing is?Hacking? Identity theft?
As of 2012, it is estimated that 10.8% of the South African population is online, a 100% increase over the last 4 years. This means that many people are still new to the Internet and can easily fall prey to scammers.
CYBER SAFETY MONTH PART 1:SOCIAL MEDIA
SAFETY
Facebook, Twitter, and other social media are great for keeping up to date with your friends and family, but it isn't always wise to post or share everything you think others would be interested in.
Here are some common sense guidelines that can protect you against harm when sharing online:
• Follow the golden rule: If you're not comfortable having the whole world know about something, don't post it.
• Assume your mother and your boss are reading what you post: the things you write or show can come back to haunt you, so be careful of what you say.
• Regardless of your privacy settings, some people may still be able to
access content you've restricted.
• Remember that everything is permanent: Once you post something, consider it permanently published.
• Be cautious of predators: Don't post revealing photos, updates, or content that would make you a target of sexual predators and other criminals.
• Never share information that could endanger yourself or your posses-sions - such as details of your daily schedule, dates when you'll be going on holiday, and what security precautions you're taking.
• Protect sensitive information: Never reveal sensitive information regarding your finances or banking.
• Never share your passwords, or information that could give clues to your passwords.Never betray the confidentiality of others.
• Know who your friends are – it is unwise to make friends with complete strangers on social media sites - you can never be sure what their motives are.
• Always beware of posting your location. Many apps have location settings, which can be turned off. These location settings can show your exact location to within a few metres. Especially don’t check in on social media when you’re by yourself and/or in a remote location.
• Beware of what you share. Sharing your cell number and address online are risky things to do - you should limit who sees your information.
• Know how to use the security settings on all the sites you have accounts on. It may seem like a drag, but it could save your life. Make sure strangers can’t harvest your details and use them against you.
• Assume the world is watching is watching you. If you don’t want something widely broadcast, don’t post it. Everything that gets on the web, stays on the web. It can be in caches, cookies or saved to someone else’s computer, once you post something, consider it permanently published, even if you delete it.
• Don’t share photographs of yourself in compromising positions, and never post extreme views related to race, religion, or politics.
• Also, don’t publically air complaints or extreme views relating to your academic or professional career, your job tasks, employer, employees, colleagues, rivals, or anyone in your professional life. Always think first and then post only if you’re sure that there won’t be negative repercussions later on.
• Beware of clickjacking on social media.
CYBER SAFETY MONTH PART 2:
PERSONAL CYBER SAFETY
PART 1: ONLINE SAFETY
Identity (ID) theft is one of the fastest growing crimes worldwide – with millions of people having fallen victim to it, and financial costs of the crime running into billions of dollars.
ID theft occurs when criminals steal your personal information and use it for their own benefit – without your knowledge or permission.
However, there are guidelines you can follow to severely reduce the chances of becoming a victim:
• Always keep your sensitive documents(e.g. ID document, passport, driver's licence) safe.
• When any of these documents, or your credit or debit cards, expire or are replaced, immediately destroy the old version by shredding or destroying papers before disposal.
• Do not ever hand your password over to anyone
• Consider using an identity theft protection service to protect yourself online.
• Always use different passwords for all your different accounts. If one account is compromised, the other accounts remain safe, if all your passwords are different.
• Google ‘Password manager’ on Google. You can find a tool which allows you to store all your passwords safely using one master password to access them.
• Make your passwords long and strong – Use numbers, characters and for the best passwords, use a passphrase.
• Ensure that your bank sends you SMS alerts when transactions occur in your bank account.
• When a bill doesn't arrive on time, contact the service provider to check if they've sent it to you.
• Check your credit rating at least once a year to see if you've unknowingly been blacklisted or are at risk. South Africans can get a free credit report once a year from bureaus such as TransUnion or Experian.
• No reputable organisation will everask for your password, but scammers have been known to go as far as emailing, phoning and disguising themselves as IT technicians to gain access to people’s passwords.
• Don't give out your personal information - such as ID number and home address - to people or companies you don't know, even if they're offering you special deals or claiming you've won a prize.
Help! My identity's been stolen!
If you're the victim of identity theft, the first thing you need to do is report the fraud to the police and obtain a case number. This will assist you when dealing with banks and retailers that the thief has used under your name and will also help you navigate your way through the legal system.
It's important to report the fraud to the Southern African Fraud Prevention Service (SAFPS) (Helpline: 0860 101 248).
If your ID book and other sensitive documents have been lost or stolen, register them with the SAFBS via phone (011 867 2234) or email ([email protected]).
In cases of financial fraud, you can also contact the Credit Ombudsman (http://www.creditombud.org.za/) to resolve disputes with credit providers or agents.
PART 2 : OFFLINE SAFETY
It’s essential to take very strong precautions when meeting an online friend offline. There are no standard rules for staying safe, but some important guidelines are:
• Be paranoid: Be aware that anyone you interact with online could be a predator in disguise.
• Verify identity and information: If possible, try to verify the person’s identity in some way – for example by calling the company they say they work for or Googling them or checking them on social media.
• Retain your privacy: While commu-nicating online, don’t give away too much personal information such as your address, your daily schedule, financial information, etc. Also make it clear to your friends that they should not give out such information either.
• Use alternate contact methods: Don’t give out your primary email address or phone numbers. Set up alternatives for all the means you use to communicate with online acquaintances – such as an alternate email address, Skype account, and cellphone sim card.
• Retain your privacy: While communicating online, don’t give away too much personal information such as your address, your dailyschedule, financial information, etc. Also make it clear to your friends that they should notgive out such information either.
• Use alternate contact methods: Don’t give out your primary email address or phone numbers. Set up alternatives for all the means you use to communicate with online acquaintances – such as an alternate email address, chat or Skype account.
• Report unwelcome behaviour: If the person becomes abusive or sexually inappropriate with you online, cut off communication and report them to the police and other relevant authorities – such as the website you’re interacting with them on.
Meeting an online friend:
• Never let the person fetch you from home or work.
• Meet in public places only. Make it a place of your choosing, and somewhere you don’t normally go – because if things go wrong, you wouldn’t want them finding you there in future.
• Try to have a trusted friend with you if possible, or at least make safety arrangements like letting someone know where you’re going, who you’re going to meet, and what to do if they don’t hear from you in a certain period of time.
• During the meeting, avoid going to any secluded area where there’s no one to see or help you if things go wrong.
• Take things at your own pace. Never be pressured to do anything you're uncomfortable with - no matter whatthe person says.
• From the start of the meeting, lay down your rules – and don’t be afraid to end the meeting if they violate your rules. And try to have your own transport nearby so that you can leave quickly if need be.
• If the person gives you something to eat or drink, be careful, as it might be spiked with date-rape drugs or other substances.
CYBER SAFETY MONTH PART 3:BANKING AND
BUYING SAFETY
Many people have given up standing in long queues at banks and have instead opted for online banking.
The cool thing about online banking is that you can access your bank account wherever you are - provided that you have Internet access.
The downside is that if a hacker gets hold of your log on details, they can access your bank account, transfer your funds, and even lock you out of your account.
Follow these handy tips for banking and buying:
1. ONLINE TRADING POSTS AND AUCTION SITES
• When making purchases or selling on Internet trading
portals always read the buying and selling instructions carefully.
• Make sure you understand the policies of the website you are dealing through – particularly regarding what it will and won’t do if something goes wrong or a fraudulent transaction occurs. You should be able to find this information easily in its terms and conditions.
• If you can, do your homework on the buyer or seller. When transacting through an online trading post like Gumtree, make sure that you have the other person’s proof of identification, proof of residence, and correct and confirmed contact details.
• When carrying out the transaction, ensure that the transaction is witnessed by at least one person, and that a receipt is issued.
• If the seller is a business, check its real-world presence. If they provide a phone number, call them up and verify their details. But remember that overseas sellers may be harder to chase in the event of a problem.
2. ONLINE SHOPPING SITES
• Check online stores’ privacy and returns policies to be sure your information will not be shared and that you are not stuck with merchandise you didn’t order.
• Be clear about shipping and delivery costs (for example, whether or not they are included and if not, if they are clearly stated).
• Be clear about methods of payment and whether any of these attract any extra costs.
• Always provide the absolute minimum necessary personal information to sellers and buyers – and nothing more.
• Bear in mind that paying by credit card offers greater protection against fraud than other payment methods – since banks often have measures in place to deal with credit card fraud.
• Always double check all details of your purchase before confirming payment.
3. ALL ONLINE PAYMENTS
• Before entering payment details on any website, ensure that the site is secure: There should be a padlock symbol in the browser window frame, which appears when you attempt to log in or register.
• Even with a padlock symbol, the site might still be fraudulent. Check that the web address begins with ‘https://’. (The ‘s’ stands for ‘secure’.).
• If you’re using the latest version of your browser, the address bar or the name of the site owner will appear in green.
• Always keep your receipts – electronic or otherwise.
• Be sure to check your credit card and bank statements carefully after payment to ensure that the correct amount has been debited, and also that no fraud has taken place as a result of the transaction.
• Check the online security options your bank provides. Some offer free antivirus and browser security software.
• Remember that UCT staff and students can use McAfee for free – so be sure that you have it installed.
4. ONLINE BANKING SAFETY
• Be wary of suspicious looking pop-ups that appear during your banking session. Memorise the process you normally go through to make a payment or transfer, and be suspicious if anything different happens.
• Fraudsters sometimes try to trick people into making a real payment by phoning and pretending to be from the bank – claiming the transaction “is just a test”. Never disclose passwords or other personal information in response to an email, phone call or letter purporting to be from your bank or other financial institution.
• Any communication from banks will use your actual name and verify your account details by using security questions.
• Keep your PIN (Personal Identification Number), your password, your credit or debit card number PRIVATE. Never write them down anywhere and never share them with anyone. Remember that if someone sees your credit card, they can memorise the numbers and use these to make purchases without your knowledge.
• Always install the latest updates and security patches or your operating system when you are prompted to do so.
CYBER SAFETY MONTH PART 4: PORTABLE AND
PUBLIC COMPUTING SAFETY
With the freedom offered by mobile computing, it's easy to overlook the basic risks you facewhen doing any kind of computing - viruses.
Just as desktop computers need to use antivirus software, laptops, mobiles and tablet computers also need to be protected. wIth the increase of computing applications on mobile phones, even these devices are at risk if they're not secured with a suitable antivirus program.
For laptops, UCT staff and students may use McAfee antivirus free for both their UCT-owned computers and their private computers – without charge. For tablet computers and mobile phones, a number of options are available and can be found by Googling ‘Antivirus for mobile phones’.
Are you aware that without you even knowing it, all the personal information that you’re entering on a public computer like at an internet café may be captured by someone else?
Hackers and cyber-criminals will do everything in their power to gain access to your information. One way they do this is to install keystroke logging software on some public computers.
For each and every person using the affected computer, the software can log emails that have been sent, passwords entered, websites accessed, private chats, and file inputs!
• Using public Wi-Fi is extremely risky. Hackers can intercept everything youdo online. This can happen if the connection between your device and the Wi-Fi is not encrypted, or if someone
creates a spoof hotspot which fools you into thinking that it is the legitimate one.
• When you’re in public, it’s preferable to use an encrypted connection – which means you’ll probably need to pay. With an encrypted connection, you’ll need to enter a code (called a ‘key’) that the provider gives you.
• When using public Wi-Fi, always verify the name of the network you need to connect to.
• Don’t do online banking or other sensitive computing on public Wi-Fi – especially if you’ll need to log into one of your accounts.
• When using your accounts on any Wi-Fi (even ‘secure’ Wi-Fi), always log out of the website as soon as you’re done with your tasks. Do not simply close your web browser.
• Never leave your portable device: laptop, smartphone or tablet unattended.
• Be aware of who is around you and may be watching what you are doing online. Do not get distracted by somebody who could steal your device.
• For all portable devices including tablets and smartphones, keep your security software up to date - having the latest mobile security software, web browser, and operating system are the best defences against viruses, malware and other online threats.
• Use the built-in safety features for your device: If the operating system offers a firewall, make sure it is turned on.
• Research before downloading apps – always make sure you have read the terms and conditions and privacy policy of the apps you wish to install. Understand what data (location, access to your social networks) the app can access on your device before you download it.
• If you don't need Internet access anymore, turn your device's Wi-Fi setting off – this will protect you from risks and lengthen your battery life.
THANK YOU FOR BEING
A PART OF CYBER SAFETY MONTH!
If you have any queries, ask us on Twitter (@ICTS_Feedback) or Facebook
(facebook.com/icts.uct)
WIN WITH EDUCAUSE!Win $2000 - enter the 2013 Information Security
Awareness video & poster contest!
You stand to win up to $2000 (that’s R14 000) for creating a poster or a video in this international competition. The contest is aimed at material created FOR students BY students. The closing
date for this competition is March 8, 2013
Guidelines and rules on producing posters and videos are available on the Educause
website: www.educause.edu/securityvideocontest.