The Cyber Generation Gap

The May issue of OUCH!, led by Guest Editor Brian Honan, is focussed on securing the cyber generation gap. Many of us have family members that may not be technically savvy and are intimidated by security.  This newsletter explains how you can help those family members and any children that may be visiting them.

Feel free to share OUCH! with anyone you want, including family, friends or as part of your security awareness program.

Download the issue here (.pdf)

MIT Event: Keep IT Safe Table in W20 Lobby

On Tuesday, October 7, 9:00 to 11:00 am, IS&T is hosting the Keep IT Safe table in W20, a new initiative aimed at supporting the MIT community with their secure computing and data protection needs.

Encourage your staff, students and colleagues (and yourself) to come by and grab a free cup of coffee and a donut while perhaps taking away something you didn’t know yet about cyber security.

This event kicks off a series of events to promote National Cyber Security Awareness Month (NCSAM).

Learn more here.

Lessons Learned from Heartbleed

Now that the world is aware of the Heartbleed Bug, and scrambling to fix servers, routers, virtual machines and VPNs, what are some lessons we, as web surfers, can take away from this security disaster?

  1. Don’t use your passwords in multiple places. When setting strong passwords, it might be tempting to use that strong password in multiple places. But if one of the web sites where it is used gets compromised, then all the accounts that use that password become vulnerable to exposure.
  2. Change your password at least once a year. Even when you’ve set a strong password, if an event like the Heartbleed Bug happens, where captured data from an affected site includes your log in credentials, your password is now potentially exposed. If you change your password on a regular basis, the password that a thief has stolen from the affected site becomes outdated and useless.
  3. Use multi-factor authentication where available. A password can be guessed if it’s not strong enough, or hacked using tools and computers that can crack thousands of password possibilities in seconds. But when a site offers two-factor or multi-factor authentication for logging in, then just having your log in name and password isn’t enough. The thief would need another item, a key that is usually a one-time number, to access your account. You can set up a preference on the account to have the key sent to your mobile phone. Without that key, your user name and password are useless.
  4. Password managers can be our friends. A tool such as LastPass or KeePass manages your passwords for you, so you don’t have to remember them. When you don’t have to remember a password, you can make it as complex as you like and can access it as needed. In addition, tools such as LastPass have security features built in, so that if there is any vulnerability regarding a password, you will be notified.
  5. Be very, very suspicious of emails asking you to verify an account. Because cyber thieves now know that people are concerned about this vulnerability, they are going to take advantage of people’s fears. They will try to trick you via a phishing email by telling you your account is at risk if you don’t take action, then suggesting you click a link that goes to an affected or bogus site where they can capture your login information.

Safe computing is all about knowledge and changing behavior. If this disaster has taught us anything, I hope it has been that we are more aware of the risks and will change some of the ways we use a computer and the Internet.

OUCH! Newsletter: What is Malware?

This month’s issue of OUCH!, the monthly security awareness newsletter for computer users from SANS, explains what malware is, who is developing it and why and how to protect yourself against it.

You can download or view a copy online here:

Securing the Human’s Video of the Month: Encryption

Basic_securityTo raise awareness, each month SANS offers free access to its Securing the Human training videos. This month’s video is on encryption, one of the key methods to securing data, yet many people do not understand what it is or how it works. It takes less than 2 minutes to watch the video.

If you have extra time, watch a full range of the Securing the Human videos within the MIT Learning Center. 

Results of the ‘Securing the Human’ Prize Giveaway



The prize giveaway contest for attendees of the MIT ‘Securing the Human’ online courses has ended, as of noon today (November 4, 2013).

I am happy to announce that we had three winners, selected from the attendees who completed all 5 courses.

1st prize: Carol A. Roberts

2nd prize: Charles J. Hale

3rd prize: Gregory Torrales, Jr.

Thank you to all who have been taking the time to attend the online courses. Please pass along their availability to your MIT colleagues. If you have not yet taken the courses, they are free and available to anyone with an MIT web certificate.

Links and descriptions of the courses are posted here.

October is National Cyber Security Awareness Month

National Cyber Security Awareness Month

National Cyber Security Awareness Month (NCSAM) is every year in October. NCSAM is a national public awareness campaign to encourage everyone to protect their computers and computing infrastructure.

By promoting NCSAM at MIT, we recognize that individuals, organizations, businesses and government all share the responsibility to secure their part of cyber space and the networks they use. If we all do our part – implementing stronger security practices, raising community awareness, educating young people, training employees – we will be a more resilient and safer digital society.

Learn what you can do.

NCSAM Champion