Computer Security & Safety

Information & Communication Technology
Home 9 Information & Communication Technology 9 Computer Security & Safety

Overview

The topic of cyber security is sweeping the world by storm with some of the largest and most advanced companies in the world falling victim to cyber-attacks in just the last 5 years. Against that backdrop, highly personal and sensitive information was compromised in the recent HSE incident. Unfortunately, as long as computers exist, we are at risk of having our digital data compromised and manipulated. However, living and working in the digital age is not all that scary – especially if you know what you’re doing.

  • Cyber Security keywords
  • Staying safe online
  • Data Security
  • Phishing Information
Security image, laptop and shield

Cyber Security Keywords

Here are the 25 most important cyber security terminology that everyone should know

1. Cloud

A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.

2. Software

A set of programs that tell a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software.

3. Domain

A group of computers, printers and devices that are interconnected and governed as a whole. For example, your computer is usually part of a domain at your workplace.

4. Virtual Private Network (VPN)

A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.

5. IP Address

An internet version of a home address for your computer, which is identified when it communicates over a network; For example, connecting to the internet (a network of networks).

6. Exploit

A malicious application or script that can be used to take advantage of a computer’s vulnerability.

7. Breach

The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

8. Firewall

A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.

9. Malware — “The Bad Guy”

An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.

10. Virus

A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage.

11. Ransomware

A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered. For example, WannaCry Ransomware. For more information on Ransomware, check out our free Ransomware Guide.

12. Trojan Horse

A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.

13. Worm

A piece of malware that can replicate itself in order to spread the infection to other connected computers.

14. Bot/Botnet

A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”.

15. Spyware

A type of malware that functions by spying on user activity without their knowledge. The capabilities include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.

16. Rootkit

Another kind of malware that allows cybercriminals to remotely control your computer. Rootkits are especially damaging because they are hard to detect, making it likely that this type of malware could live on your computer for a long time.

17. DDoS

An acronym that stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).

18. Phishing or Spear Phishing

A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.

19. Encryption

The process of encoding data to prevent theft by ensuring the data can only be accessed with a key.

20. BYOD (Bring Your Own Device)

Refers to a company security policy that allows for employees’ personal devices to be used in business. A BYOD policy sets limitations and restrictions on whether or not a personal phone or laptop can be connected over the corporate network.

21. Pen-testing

Short for “penetration testing,” this practice is a means of evaluating security using hacker tools and techniques with the aim of discovering vulnerabilities and evaluating security flaws.

22. Social Engineering

A technique used to manipulate and deceive people to gain sensitive and private information. Scams based on social engineering are built around how people think and act. So, once a hacker understands what motivates a person’s actions, they can usually retrieve exactly what they’re looking for – like financial data and passwords.

23. Clickjacking

A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.

24. Deepfake

An audio or video clip that has been edited and manipulated to seem real or believable. The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user-behaviour with a bigger impact as in political or financial.

25. White Hat / Black Hat

When speaking in cyber security terms, the differences in hacker “hats” refers to the intention of the hacker. For example:

White hat: Breaches the network to gain sensitive information with the owner’s consent – making it completely legal. This method is usually employed to test infrastructure vulnerabilities.

Black hat: Hackers that break into the network to steal information that will be used to harm the owner or the users without consent. It’s entirely illegal.

Staying Safe Online

Creating Strong Passwords

You’ll need to create a password to do just about everything on the Web, from checking your email to online banking. And while it’s simpler to use a short, easy-to-remember password, this can also pose serious risks to your online security. To protect yourself and your information, you’ll want to use passwords that are long, strong, and difficult for someone else to guess while still keeping them relatively easy for you to remember.

Tips for creating strong passwords

A strong password is one that’s easy for you to remember but difficult for others to guess. Let’s take a look at some of the most important things to consider when creating a password.

  • Never use personal information such as your name, birthday, user name, or email address. This type of information is often publicly available, which makes it easier for someone to guess your password.
  • Use a longer password. Your password should be at least six characters long, although for extra security it should be even longer.
  • Don’t use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
  • Try to include numbers, symbols, and both uppercase and lowercase letters.
  • Avoid using words that can be found in the dictionary. For example, swimming1 would be a weak password.
  • Random passwords are the strongest.
Avoiding Spam and Phishing

From email to instant messaging to social media, the Internet is an essential communication tool. Unfortunately, it’s also popular among scammers and cybercriminals. To protect yourself from email scamsmalicious software, and identity theft, you’ll need to understand how to identify and avoid potentially dangerous content in your inbox, including spam and phishing attempts.

Dealing with spam

If you’ve ever received unwanted email advertisements, you may already be familiar with spam, also known as junk email. Spam messages can clutter your inbox and make it more difficult to find the emails you actually want to read. Even worse, spam often includes phishing scams and malware, which can pose a serious risk to your computer. Fortunately, most email services now include several features to help you protect your inbox from spam.

Spam filters

Whenever you receive an email, most email providers will check to see if it’s a real message or spam. Any likely spam messages will be placed in the spam folder so you don’t accidentally open them when checking your email.

Spam-blocking systems aren’t perfect, though, and there may be times when legitimate emails end up in your spam folder. We recommend checking your spam folder regularly to make sure you aren’t missing any important emails.

Phishing

Phishing scams are messages that try to trick you into providing sensitive information. These often appear to come from a bank or another trusted source, and they’ll usually want you to re-enter a password, verify a birth date, or confirm a credit card number. Phishing messages may look real enough at first glance, but it’s surprisingly easy for scammers to create convincing details.

More details will follow on Phishing and how to avoid it.

Other common email scams

Spam and phishing are common problems, but there are many other types of email scams you may encounter. Some will promise to give you a lot of money if you advance a small amount upfront. Others may pretend to be from people you know in real life, and they’ll often ask you to send money or download an attached file.

As with spam and phishing scams, remember to trust your best judgement. You should never send someone money just because you’ve received an email request. You should also never download email attachments you weren’t expecting because they might contain malware that could damage your computer and steal your personal information.

Spam, scams, and phishing schemes will continue to evolve and change. But now that you know what to look for—and what to avoid—you can keep your inbox and computer that much safer.

Malware and How to Avoid it

How to avoid malware

Malware is one of the most common hazards to your computer when you’re online, but it’s easy to avoid. Developing safe and smart browsing habits can protect you from malware and other threats, like viruses. Securing your computer and learning how to identify and avoid suspicious links are the fundamentals of safe browsing habits.

Secure your computer

Limiting your computer’s vulnerability to malware is a crucial safe browsing habit.  Many malware programs take advantage of security flaws in Windows and other software. Keeping your OS, browser, and other programs updated is an important step in protecting your computer. The security patches in these updates make your computer immune to many threats.

Back up your files

Some malware can delete or corrupt data on your drives. Preparing for the possibility of data loss is much easier and cheaper than attempting to recover data after a malware attack. The two most common ways of doing this are copying your data to an external drive and using an online backup service, we have 5 TB of storage in our LMETB OneDrive Accounts.

Avoid suspicious links

Most malware requires you to click something to download and install it. These links are often disguised as something they are not. If you are aware of what suspicious links can look like, you can avoid them. Here are some examples of misleading links concealing malware downloads.

  • Ads on websites can look like system messages or diagnostics warning you that something is wrong with your computer, like the image below.

  • Ads can look like messages saying you have won a prize and instructing you to click to claim it.
  • Pop-up windows frequently contain malware or attempt to lead you to a less secure site. Most reputable sites don’t use pop-up windows. Many browsers block pop-up windows by default.
  • If you are prompted to download something you weren’t expecting—or if it seems to be unrelated to the page you were on—it’s probably malware.
  • Headlines that are ambiguous and sensational that encourage you to click to read more are called clickbait. Sites that use lots of clickbait headlines are more likely to contain links to malware.

Identify suspicious sites

If you’re ever unsure whether a website or download is safe, close it and investigate the site before returning to it. It’s always a good idea to be cautious when browsing unfamiliar sites.

  • Ask your friends if the site is reputable or if they have any experiences with the site.
  • Search for information about the site. Use a search engine to find news about the organization that runs the site, or look for posts on forums about other people’s experiences with that site.
  • Check the address bar in your browser. Some malicious websites are designed to look like other well-known sites, but your address bar will tell you which site you’re actually on. If you are no longer on the site you expected to be, it’s suspicious.

Data Security

We all create and use data in our work in LMETB.  Data can take different forms including, but not limited to documents, spreadsheets, images, media files or presentations. Each user has a responsibility to maintain and protect the data s/he uses as a member of the LMETB community.

Data can be compromised or destroyed in many ways. Some examples include:

  • Virus infection
  • Ransomware infection
  • Disk failure
  • Accidental deletion
  • Theft of the computer or other device it is stored on
  • Deliberate deletion by third party

When data is damaged or lost, there is a corresponding loss to both the user concerned and to the ETB.

Users of data can limit the likelihood of data loss by taking some simple precautions.

  • Back up your data regularly
  • Be careful about what websites you visit
  • Beware of email attachments from senders you do not know or unusually named attachments from known senders
  • Beware of using computers other than those provided to you by LMETB.
  • If you have occasion to work on a personally owned device at home, please ensure that it has the latest operating system and software patches installed and that the anti-virus protection is up-to-date.
  • Beware of downloading free software from the internet. Programs and apps that are provided for free may have malicious content packaged inside of them.
  • Exercise caution when using open, free public wireless networks
  • Exercise caution when using Internet cafe style computers
  • If you are suddenly prompted to run an application on your device, refrain from doing so unless you know exactly what it is and are satisfied that it is part of some process you are currently running.

Phishing — What is it and how to avoid it?

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies and or people in order to convince individuals to reveal personal information, such as passwords, usernames and credit card numbers, in short Phishing is a form of online fraud.

Typically, Phishing emails will claim to be from IT Services, another office within the organisation, a reputable business that you may have dealt with or even a colleague.  Phishing messages will use terms such as “confirm” “validate” “follow the link” “update” – note that IT Services in LMETB will never ask staff or students to do any of these things.  If you receive a mail requesting any information in relation to your account “do not action”.

Steps to report an email as spam/phishing using your Office365 Account:
​Browse to www.lmetb.ie, your school website or portal.office.com and sign in

  1. Select Outlook
  2. Locate and select the phishing message that you have received (1 in the diagram below), click the down arrow next to Junk (2) and then click Phishing (3). ​This action will report the mail directly to Microsoft who will block the message.
  3. If you wish to block a sender permanently, choose ‘Block’ (4).

 

Important: Phishing attempts come in many forms, not just by email. More recently, some people are being targeted via Microsoft Teams; if you receive a “missed chat” message on Teams, purporting to be an automated message or notification from Microsoft Teams requesting you to submit information or to validate your account, please do not respond in any way.

IT Services and other legitimate services will never request your login credentials. Therefore, if you receive a mail or message from someone you don’t know (or appearing from a legitimate entity), requesting your login credentials or asking you to validate your account or to submit a form, please do not respond in any way and delete the mail/message instead.

 

How to avoid being Phished?

  • Choose your password wisely and keep it secure
  • Do not share your password or PIN
  • Never send sensitive data by email, unless properly encrypted
  • Back up your files regularly
  • Do not open emails from unknown senders
  • Always log off your PC when finished
  • Do not click on a link or open an attachment
  • Do not install or download software from unknown sources
  • Make sure a website is secure – https
  • If you are unsure of an email – check the sender’s address
  • Check for spelling or grammar errors in the email

 

What you should do if it happens to you

If in any doubt, change your password immediately – Self Service Password Reset

Log a Helpdesk ticket, or call 01 4663500.

For more information

LMETB Logo

David O'Connor

Head of IT

Tel: 046 9068200
Email: DOConnor@lmetb.ie

Chat with me on Teams
LMETB Logo

Vicky Tugell

IT Support

Tel: 046 9068200
Email: VTugwell@lmetb.ie 

Chat with me on Teams