As an information technology analyst with Duke Health Technology Solutions, Jeremy Honzik understands the importance of keeping data secure.
While he already knows plenty of ways to do that, he still took time to brush up on recent goings-on in security by attending the Learn IT @ Lunch seminar, “Be Mindful About IT Security.”
“Being in IT, I can take these back to the people I support,” he said.
The seminar, given by Phillip Batton, a senior analyst with Duke’s IT Security Office, was part of the Learn IT @ Lunch series offered by the Duke Office of Information Technology during National Cybersecurity Awareness Month.
Here are four ways Batton suggested Duke staff and faculty can be more mindful about online security.
Stay up to date
It may be annoying to see reminders for software updates and security patches, but Batton reminded the audience that they’re essential to keeping data and personal information safe.
Several recent high-profile hacking incidents came as the result of vulnerabilities that would have been resolved had users installed updates. Making sure your software is updated, your security patches are installed and old, obsolete – and potentially unprotected – applications are deleted is a vital step.
“These are important, you don’t want those holes in the system,” Batton said.
Make passwords a priority
The strength of your security is often directly tied to the strength of your password. Batton recommends making passwords long, strong and unique.
“When you’re thinking about passwords, longer is better,” Batton said. “There’s no silver bullet. A long password in and of itself isn’t going to be the safeguard. But typically, when an attacker is trying to discover your password, the longer it is, the more time investment there is with that and the harder it becomes to obtain.”
Batton recommended using upper case and lower case letters, numbers and symbols in your passwords. He also said using a phrase, sentence or song lyric that’s spelled out in a hard-to-crack manner, can help make a tough password memorable.
But even the best passwords can be hacked, so change them periodically and consider using a multi-factor authentication (MFA) service such as Duo and a password management utility such as LastPass, both of which are offered free to Duke employees.
Anyone can be phished
While phishing – the practice of getting a victim to share information with a party claiming to be something it isn’t – has been around for a while, Batton said Duke’s IT Security Office still handles phishing attacks nearly every day.
Usually done through email, phishing attacks can now come by text message or phone call.
Batton said it’s important to always have your guard up. If something doesn’t seem right, don’t respond.
When you get an email asking for information, check the address. Even if it looks legitimate, hover your mouse over any links and make sure the URL that pops up goes where it claims to go.
“What I want to hammer home is that I truly believe that it can happen to any one of us, myself included,” Batton said. “Given the right circumstances, anyone can craft a targeted email in a sophisticated enough way that anyone can fall victim to it.”
Use available tools
Duke employees have access to resources that can help keep your data safe.
For personal computers, Duke offers free Symantec Endpoint Protection antivirus software.
If you need to access Duke servers remotely, be sure to use Duke’s own secure virtual private network (VPN).
Duke also offers Duo, a multi-factor authentication service that uses passcodes sent to your phone, and LastPass, a browser plug-in that manages passwords by saving them in an online vault, allowing the user – or LastPass itself – to create unique, hard-to-crack passwords for each site.
It was LastPass that had Honzik’s attention after the seminar wrapped up, proving that even for an IT pro, there’s always more to know.
“I liked that,” Honzik said. “We all have a lot more passwords than we can remember. It’s convenient, but the big thing is that we all need to get away from using the same password for multiple sites.”