department menu

Week 3 - Securing Your Home Digital Workspace

For week three of National Cybersecurity awareness month, we want to give you some extra tools to help you defend yourself while working from home.

This week we're going to discuss:

  • Updating crucial software
  • Spotting a phishing attempt, and
  • Using Anti-Virus

Update, update, update!

One of the easiest and most important ways you can help secure your digital workspace is to keep your important software up to date.

Windows

  • Open the Windows settings dialogue box by clicking on the Start icon:
    • win-start-menu
  • Clicking on the "Settings" gear:
    • win-set-gear
  • This will open the Windows Settings dialogue box:
    • win-set-box
  • Click on Update & Security:
    • win-update-box
  • Click on Check for Upadates:
    • check-for-updates

 Zoom

  • To check for Zoom updates, open the Zoom app, and click on your profile image (or initials if you haven't set a profile image), and click on "Check for Updates":
    • zoom-update

Microsoft Office

Office programs such as Outlook, Word and Excel on your on-campus computer will be automatically updated. 

These programs should also automatically update on your home computer, but you can manually check for updates by opening any Office program, then clicking on the "File" menu in the top, then clicking "Account":

office-update

Citrix

  • If you downloaded your Citrix client through cougarapps.csusm.edu, it will automatically update.
  • To check your Citrix version
    • Right-click on the Citrix icon in your Windows task bar and click “Advanced Preferences”:
      • citrix-right-click
    • The version of your Citrix client is shown at the bottom of the Advanced Preferences window:
    • citrix-adv-pref

GlobalProtect

  • CSUSM automatically pushes out updates to the GlobalProtect client software. Your GlobalProtect software should be running version 5.1.6.
  • To check what version your GlobalProtect client is running:
    • Click on the GlobalProtect client icon in your task bar:
      • gp-client
    • Then click on the waffle menu:
      • gp-waffle-menu
    • Click on “About”:
      • gp-about
    • The version of your GlobalProtect client will be shown in the about dialogue box:
      • gp-about-box

Spotting a Phish

Please consider that some of the protections provided by our campus infrastructure, such as URL blocking and anti-virus, are not available when working from home. This means you need to take extra precautions, especially when it comes to potential phishing messages.  Here are 10 tips from TechRepublic to help you spot a phishing message:

1: The message contains a mismatched URL

One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

2: URLs contain a misleading domain name

People who launch phishing scams often depend on their victims not knowing how the DNS naming structure for domains works. The last part of a domain name is the most telling. For example, the domain name info.brienposey.com would be a child domain of brienposey.com because brienposey.com appears at the end of the full domain name (on the right-hand side). Conversely, brienposey.com.maliciousdomain.com would clearly not have originated from brienposey.com because the reference to brienposey.com is on the left side of the domain name.

 

I have seen this trick used countless times by phishing artists as a way of trying to convince victims that a message came from a company like Microsoft or Apple. The phishing artist simply creates a child domain bearing the name Microsoft, Apple, or whatever. The resulting domain name looks something like this: Microsoft.maliciousdomainname.com.

3: The message contains poor spelling and grammar

Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn't come from a major corporation's legal department.

4: The message asks for personal information

No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

5: The offer seems too good to be true

There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn't initiate the action

Just yesterday I received an email message informing me I had won the lottery!!!! The only problem is that I never bought a lottery ticket. If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You're asked to send money to cover expenses

One telltale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it's a scam.

8: The message makes unrealistic threats

Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam. Let me give you an example.

About 10 years ago, I received an official-looking letter that was allegedly from US Bank. Everything in the letter seemed completely legit except for one thing. The letter said my account had been compromised and that if I did not submit a form (which asked for my account number) along with two picture IDs, my account would be canceled and my assets seized.

I'm not a lawyer, but I'm pretty sure that it's illegal for a bank to close your account and seize your assets simply because you didn't respond to an email message. Not only that, but the only account I had with US Bank was a car lease. There were no deposits to seize because I did not have a checking or savings account with the bank.

9: The message appears to be from a government agency

Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

I can't tell you how government agencies work outside the United States. But here, government agencies don't normally use email as an initial point of contact. That isn't to say that law enforcement and other government agencies don't use email. However, law enforcement agencies follow certain protocols. They don't engage in email-based extortion--at least, not in my experience.

10: Something just doesn't look right

In Las Vegas, casino security teams are taught to look for anything that JDLR--just doesn't look right, as they call it. The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.

If you suspect you have received a phishing message, forward the message as an attachment to abuse@csusm.edu.

To view common phishing message, check out Scams page.

Using Anti-Virus

For our final topic this week, we want to discuss some free antivirus tools that you can use to protect your home environment.

Windows Defender

Windows Defender is a free anti-virus that comes built-in to Windows 10.  You can view your Windows defender settings by pressing the Windows key, and then seaching for "Windows Security".

Sophos for Mac

Sophos is a free anti-virus tool that you can use to actively protect your Mac from virus infections.  Though Mac computers have typically been a lower target for malware in the past, their rise in popularity over the years has led to an increase in new malware targeting Macs.  We recommend using Sophos for that extra layer of protection.

Malwarebytes

Having active malware prevention is important, but unfortunately, no tool is perfect.  Malwarebtytes is free malware removal tool that you can use in case you do get an infection.  Malwarebytes is available for both Windows and Mac.  Unlike the active protection software mentioned above, Malwarebytes won't stop a malware infection, but is perfect for cleaning up an infected system.