Category: Security

Making the upgrade to Catalina

If you are considering upgrading an off-domain computer to Catalina, you should check the compatibility of any additional software you have installed. Please refer to Apple’s support article How to find 32-bit apps on your Mac

If all of your applications are compatible, you may proceed with the Catalina update. You can upgrade to Cataline by doing the following:

Apple Menu > System Preferences > Software Update.

As with all OS updates, we recommend that you back up your files before updating.


Take Ownership of Your Privacy

Learn more at staysafeonline.org/stay-safe-online/manage-privacy-settings

Social media and mobile apps allow people to stay connected with friends and family, organize their work and personal lives, learn new things, explore new interests or activities, make travel plans, play games, or binge-watch the latest shows. However, these technologies also introduce a plethora of ways for personal information to be tracked, shared, or exposed. Here are some tips you can follow to protect your online information and keep your personal information private.

  • Limit the amount of personal information that you share online by updating your privacy settings on websites, apps, and mobile devices at least one or two times per year. Not sure where to begin? The National Cyber Security Alliance (NCSA) website provides direct links to update individual account privacy settings on popular devices and online services.
  • Working in a public space? People can easily overhear phone conversations, so make sure you move to a private area when discussing personal or confidential information. People can also unintentionally—or intentionally—see what’s on your laptop or mobile device. Consider investing in a privacy screen to prevent shoulder surfing and to help protect sensitive work information or details about your personal life.
  • Turn on two-step verification or multifactor authentication (MFA) whenever it’s offered to help prevent unauthorized access to your mobile devices or online accounts. The National Institute of Standards and Technology (NIST) provides more details about MFA and why it’s important. The Two Factor Auth (2FA) website provides a list of websites that support 2FA.
  • Use a virtual private network (VPN) while working from home or using public Wi-Fi networks, especially when using a banking app or conducting other important personal or professional business. VPNs create a secure, encrypted connection (like a tunnel) between your device and the network. You can also use incognito or private web browsing windows to limit the information collected in your browsing history, cookies, or online forms.
  • Don’t overshare! Limit the kinds of personal information you share on social networking sites. And before you post those vacation pictures, remember that the same data used to help sort and store your photos by date and location can also (unintentionally) reveal where you live, work, or vacation.1
  • Online quizzes and games can be fun, but before taking that quiz to find out which Hogwarts house you belong in, think about how the personal details from your social media profiles might be sold to or shared with data collection companies.2 (Look for a privacy policy whenever you play a game or take a quiz to see how social media or affiliate sites may capture and use your personal data.)
  • Learn more about why privacy matters. It’s important to understand the different aspects of privacy (e.g., personal privacy, autonomy, secrecy, limited access, and the “right to be let alone”), as well as how the two distinct concepts of privacy and security differ.3

Notes

  1. Thomas Germain, “How a Photo’s Hidden ‘Exif’ Data Exposes Your Personal Information,” Consumer Reports (website), December 6, 2019. 
  2. “Scam Alert: That Facebook Quiz Might Be a Big Data Company Mining Your Personal Information,” Better Business Bureau (website), March 21, 2018. 
  3. Valerie Vogel and Joanna Grama, “The Yin and Yang of Security and Privacy,” EDUCAUSE Review, January 28, 2019. 

For more information about information security governance, compliance, data protection, and privacy programs, please visit the EDUCAUSE Review Security Matters blog as well as the Cybersecurity Program page. Access additional security and privacy awareness resources through the Awareness Campaigns page.


Get Smart! Mitigating Risks in Connected Devices

Connected devices shown in house with person standing next to the datacenter

Smart/IoT devices may be the panacea for consumer convenience. Do you want to know and change the temperature of your house or even your fridge remotely? There’s an app for that. Such devices also raise extreme privacy concerns about the data collected about you. Devices can track or discern details about your life based on usage and interaction. And that data could potentially be aggregated with data coming from other smart devices, painting a fairly robust and accurate profile of you and your life. My fitness-tracking device serves as my wake-up alarm. Not only does it track the time that I set for the alarm, it also tracks my interaction when I shut it off. Maybe your coffee maker tracks when you start the brew (mine doesn’t because I’m Coffee Old School). My car tracks what time I start it, how far I drive it, and the GPS location where I park it. These data points are provided to me as the consumer but are also presumably stored by the device provider. It’s only 9:00 a.m. and my smart world already has collected or observed several key privacy factoids about me. And where data exist, risk to data exposure also exists.

Devices geared toward consumers will continue to push convenience over privacy, and consumers will continue to call for greater connectivity and convenience. That means more connected devices and ongoing evolution for more information, interaction, integration, and automation. It’s no longer a question of whether your home devices should be connected. Instead, we need to proactively assess the risks of such connectivity. When those risks are greater than our threshold risk tolerance, we need to take steps to minimize those risks.

Take the following steps to protect yourself when you start using a new device:

  • When you bring home a new consumer device, check to see if it’s transmitting. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the device provider important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don’t need the maintenance options or to monitor or interact with the device remotely, turn off the device’s connectivity.
  • Periodically scan your networks to make sure you know and manage what’s online. If you want devices to be connected, be proactive. Find out how they connect; how devices are patched; what the default security settings are; and what data are collected and how/when/where the data are transmitted. Protect your home wireless network(s) with strong password management, active maintenance practices, and vigilance.
  • Use the same cybersecurity hygiene on your smart devices that you use on your computer. While it may be revolutionary that your car is now essentially a computer on wheels, it’s still just a computer. You don’t have to become a cybersecurity expert, but you may want to find a few trusted sources of security advice for consumers.

It’s time to get smart about your devices, manage them appropriately, and reap the rewards of their convenience.

word cloud of connected information