In RSA's quest to build out a deeper pool of future Defenders of the Digital Universe I had the pleasure of having Meghan O'Connor as a summer intern on my team. During her exit interview I asked her what she didn't realize about cybersecurity and fraud prevention prior to her internship and what advice she would now give.
- How common phishing attacks are, especially to gain access to the wider university network using stolen student credentials.
- Universities are targeted by cybercriminals because of all the rich personal data they have on students – think of all the information you gave during enrollment: SSN, Medical, transcripts, insurance info, etc.
- How lazy people can be with regard to cybersecurity. I'm definitely less annoyed now when I have to take extra steps to verify my identity and protect my information.
- Extent of cybercriminal networks once your information is stolen by one person, it can be traded over and over again.
- Biometrics were a "shortcut" and were less secure than passwords, which in hindsight makes no sense, because my fingerprint and eye print are always with me.
- I'll never be a victim of identity theft. No one would want to steal my information because there's not that much money in my bank account and I don't have access to any desirable information.
- Getting prompted to change my password after a certain amount of time or after a suspicious login was annoying.
Things you should know …
- Authentication is important – if a sites you use offers multi-factor authentication (MFA) – use it!
- IoT is real – if you are buying new gadgets for school it is likely IoT enabled - ensure you install security from the start – yes that even includes your gaming consoles. And if you are buying a used device ensure you clean it prior to using it, because it may be infected with malware.
- Ransomware can target anyone - so when I hear "WannaCry" it has a whole new meaning! We all need to be aware of it, and prepare for it. It will lock down your computer and take everything hostage … yes… that includes your pictures, term papers and other personal information. Even worse, you could potentially infect the university's system. Back-up your data so if you become a victim you won't feel pressured to pay the ransom fee.
- Resist the click – think twice about clicking on that link or video in email / text / social media as it might be a Phishing attack. The Anti Fraud Command Center I worked with while at RSA identifies a new phishing attack every 30 seconds.
- Online is forever – anything you post online will forever be accessible – even if you delete it. That includes all your social media posts, discussions on gaming consoles, texts, emails, etc. Remember your future employer, spouse, or cybercriminal could gain access to these.
As summer wraps up and RSA's interns go back to school it is great to see our future Defenders of the Digital Universe grow more knowledgeable about cybersecurity and why it is a shared responsibility. To learn more about fraud trends, follow us on Twitter @RSAFraud