Middlesex Community College

Online Safety Tips During and After COVID-19

COVID-19 has temporarily changed the way we work and learn. Most of our colleagues now work through remote access and in-person classes have moved on to online learning. These transitions have increased online activities and cybercriminals have taken note.

The IT team has done a phenomenal job in this transition.  We have however, noticed elevated threat levels in targeted Phishing activities, DDOS and Ransomware attacks.

We are committed to address these threats as they appear and help everyone to remain safe during your online activities by mitigating the actions of these bad actors.  Most scams are targeted at individuals and are mostly initiated via emails or social networks, to steal your personal information and prey on your vulnerabilities by attempting to sell virus prevention tools, request for Coronavirus donations or pretend to be someone you know who happens to be stranded and needed immediate assistance by requesting that gift cards be sent over to them.

We therefore urge everyone to be extra vigilant and at the minimum, observe the following online safety tips:

Implement multi-factor authentication on your accounts

• A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, or best yet, a FIDO key, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you significantly less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!

• Pay Close Attention: The bad actors continue to improve their craft by creating malicious websites that are identical to the legitimate sites or email addresses that appear to have come from someone you know. Check the URL or address carefully to identify the clever variations. For example, an email from johnD@middlesex.mass.edu.gmail.com could easily pass as a ‘John Doe’ colleague in MCC, but look carefully and you can tell this is a gmail email address cleverly presented as an MCC email to scam! BTW, this is a real incident we dealt with recently.

Think before you click

• More than 90% of successful cyber-attacks start with a phishing email.  A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware.  If it’s a link you don’t recognize, trust your instincts, and think before you click.

Use strong passwords, and ideally a password manager to generate and store unique passwords

• Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
• Individuals and businesses may find password managers (for e.g. 1Password or Bitwarden) useful in several circumstances:

• • They can generate secure passwords for you. Many password managers will prompt you with an automatically generated secure password whenever you create a new account through an app or website. These passwords tend to be long blends of letters, numbers, and special characters. If you opt to use a suggested password, the manager will automatically store it for you.
  • They can save time. While keeping all your login information safe is certainly a plus, a password manager can also store and auto-fill information like your address, phone number, and credit card. Online shopping just got a lot easier!
  • They protect your identity. If a criminal can guess one of your passwords, they’ll try to access more of your accounts by trying that same password in other commonly used websites. But if you’re using unique passwords, they may not be able to gain access to your other accounts. While a password manager isn’t foolproof, it does provide an extra layer of security.
  • They can let you know about phishing sites. Phishing and spear phishing websites are scams that spoof legitimate websites. While they may look like the real deal, their goal is to steal your login information and commit fraud. A password manager can offer protection from phishing sites because each username and password are tied to a specific URL. Even if you visit a phishing site, your login information won’t autofill because the URL doesn’t match the one saved in the password manager. This might give you pause before you enter your personal information and keep a criminal from stealing your personal information.
• Apply the skills of Social Networks 101:
  • Don’t reveal too much information about yourself on social media
  • Don’t bully others and don’t respond to bullies, initiate an action to report instead
  • Use direct messages for the right reasons
  • Do your research before posting on social network platforms or the use of hashtags
  • Great to have a large number of follows and huge numbers of likes each time you post of comment but remember that you will also be attracting the wrong set of individuals to your person as well.
• Free Public Wi-Fi could come with a ‘payload’: There are two types of free public Wi-Fi. One that is offered to customers for convenient Internet access but the hosts generally do not expend additional investment in securing them. The use of an open Wi-Fi means your activities can easily be tracked and information stolen. The other type of free Wi-Fi is hosted by bad actors specifically to harvest your information and leverage such data for immediate or future attacks.
• Your Data has great financial value! All the leading browsers have the option to enable Private Browsing. Enable the Private Browsing Mode at all times for your safety.
• Good Security comes with applying regular O/S and Anti-virus Updates: Updates are pushed out by device manufacturers and Anti-Virus vendors in order to make your devices resilient and address newly discovered security vulnerabilities. It is therefore important to apply all updates and make sure an Anti-Virus software is installed. Microsoft Windows PCs come with a built-in Microsoft Defender Anti-Virus that is relatively adequate for this purpose. Make sure it is enabled.
• Data Security, What Data Security? Most often than not the data on your devices are more valuable than the replacement cost of the device itself. It is therefore critical to secure your data and have an alternative means of retrieving them in the event of loss.
  • Students and Faculty are therefore encouraged to store their class-related documents/works and other valuable data on the cloud in addition to the local drive. MCC students have free access to O365 and free MS OneDrive storage for this purpose. If you have not done so already, please take steps to set up this useful and flexible storage media and enable it to sync with your devices.
  • Staff working remotely should endeavor to separate their personal data from College data at all times. All college data must be stored on the network share which provides enterprise-grade security and back-ups.

Once again, your online safety is our priority and if you have any questions, please email us at: servicedesk@middlesex.mass.edu.