Digital Defense
Process used to hide information and make it unreadable without a secret key.
Encryption
Important data like passwords can be stored/transferred this way, and the secret key is used to decode it when/if needed
You should avoid sharing this online
A). Your address
B). Your favorite movie
C). Last thing you ate
ALL OF THE ABOVE
Don't share any personal info online. Online quizzes and name generators are farms for hackers trying to get past your security questions.
"PIN"
A secret code, usually made of numbers, used to confirm a person's identity.
Can't buy much at costco without one!
PERSONAL IDENTIFICATION NUMBER
PINS are usually 4-digits due to historical limitations in early computer systems
What is the correct response to the following scenario:
You get an email from an account you do not know offering you a job that seems to pay a full time salary for only 10 hours of work a week.
Report the email for phishing and delete it without opening any links or divulging any personal information.
"Cookie"
A.) a bit info about your preferences,
Stored on your comp
B.) a virtual pet that helps you navigate
Websites
INFO ABOUT YOUR PREFERENCES
Despite their association with tracking and privacy, cookies themselves aren't malicious—how companies and websites use them is what raises concerns
Security feature that checks you're a person, not a robot; stands for "completely automated public turing test to tell computers and humans apart"
CAPTCHA
Solving CAPTCHAs? You're basically an unpaid intern for AI, helping them learn what streetlights look like. You're contributing to AI technology or performing unwitting free labor, your call!
You post a photo:
Online and delete it within five minutes. Is it permanently gone from the website?
NOPE!
Not only is that plenty of time for a program to copy your photo, the website's database could store it forever
"MFA"
Security measure
That requires two or more methods to login to a system.
CSU often uses duo®!
MULTI-FACTOR AUTHENTICATION
Examples include Push Notifications, SMS codes, and even secret handshakes, if not the sole method!
What is the correct response to the following scenario:
You are sent an email saying your password needs to be reset today or else your netID will be deleted, however you see the address is labeled as helpdesk.colostate.edu.com.Report as phishing and delete it. The way that internet domains work is from the end towards the beginning so colostate.edu.com is completely different from colostate.edu.
"SPAM"
A.) emails from unknown senders
B.) unsolicited or
Irrelevant messages
Sent via digital
Communications
UNSOLICITED MESSAGES
Anyone's account can be compromised & send SPAM, and not all SPAM is merely annoying. Report SPAM emails and immediately delete.
A digital barrier that protects your computer from cyberattacks and unauthorized access. No fire involved!
FIREWALL They oversee incoming and outgoing traffic, safeguarding against and halting unusual activity.
What's the better
Password policy?
A.) memorize and reuse a strong password
B.) trust a password manager application to create and store your passwords
PASSWORD MANAGERS
A good password makes password management easier and makes you safer. Win—win
"VPN"
Technology measure that allows you to create a secure, private connection to another computer
VIRTUAL PRIVATE NETWORK
CSU uses GlobalProtect which registers about 1700 sessions on any given workday
What should you do in this scenario:
You've been needing to get a new thumb drive and you find one on the ground while walking.
Turn it in to the lost and found or the police, you never know what is installed on a thumb drive. You can land yourself in a lot of trouble, or your data can be stolen/held for ransom.
"Hamburger
Menu"
A.) an internet menu inspired by fast-food
Drive thrus
B.) a navigation menu with three stacked lines
"Hamburger menus"
Gained popularity in the 2010's, even though the feature was designed and named in 1981
An attack designed to lock down your computer and force you to pay to remove it, if the attacker even will.
RANSOMWARE
This is an attack where an attacker will hold your computer and information for ransom. Even if you do pay them they may still steal your information anyway.
You are notified of a data breach for a website that contained sensitive credit card data?
A.) change your password for the associated website
B.) request a new credit card and your old one frozen or deactivated.
a and b
Whenever your sensitive information is out there is no way to claw it back so its up to you to secure yourself once your data is leaked.
"SSO"
Technology that allows you to log in with one login streamlining the process for you. The school calls this logging in with NetID.
Single Sign On
Single sign-on is an allows a you to log in with a single ID to any software that an organization has subscribed to for you.
What do you do in this scenario:
You receive a text from CSU saying there is a registration hold and you need to log in now to fix it, accompanied by a link the text message says is ramweb.
Ignore the text, CSU does not normally send only one message requesting immediate action, you need to also look into the link to confirm that its real whenever you receive one.
Phishing
A.) a weird way to spell fishing
B.) a kind of attack designed to get your login information
"Phishing"
Comes from an old scam called phone phreaking, however, this is scammers trying to fish for your information.
These are the three categories of things that you can use to authenticate with. Using more than one of these is always safer than just one.
Something you know (like a pin or password), Something you are (like your face or finger), and Something you Have (like a physical key)
This simple action, often overlooked, can prevent unauthorized access to your device when you step away from your desk.
What is locking your screen?
"HTTPS"
This acronym helps keep your browsing secure and out of the way of prying eyes.
Hypertext Transfer Protocol Secure
This is a protocol to make sure that your connection to the website is secure and encrypted so that nobody can see what you are doing.
What should you do in this scenario:
A friend of yours sends you a qr code in an instant message app they say to access a cool qr web app.
Report your friend, this is very likely an attack called a token theft, the QR code will act to grab your login token, this can be used to bypass your password so you will lose your account no matter what.
This fruity-sounding cyber threat can occur when you plug your phone into a public charging station and unknowingly expose your data.
What is juice jacking?