Proclamation No. 2054 series of 2010 declares the September of every year as ‘Cybersecurity Awareness Month‘. We know it is October now which means this event has totally escaped our notice, and for this we blame the time-bending perception from the world’s longest COVID lockdown.
In any case it is better to be late to write about cybersecurity than to never bring it up. Especially now that many of us are working from home and do not have the usual IT support from our offices. You have to take care of your own IT security needs.
So, here is a crash course on cybersecurity awareness! 😎 I will try to write this post as something that is useful for professional librarians here in UP, as well as the various support staff working in archives, libraries and museums. Our patrons may find it worth reading too once they are allowed again to visit the library in person and use the IT facilities.
The Basics of Cybersecurity Awareness
The classic model of information security usually falls upon these three factors, which are collectively known as the CIA Triad:
Confidentiality refers to how we should keep the data trusted to us from being accessed by unauthorized parties. This could be accomplished by using UP Mail and Dilnet accounts and their associated services (Google Apps for Edu, MS Office 365) instead of your private Gmail or Yahoo! mail.
Integrity refers to measures taken to make sure the data in our safekeeping is protected from alteration. Remember how the UP DPO is pushing for digital signatures? That is one way to ensure that memorandums you receive from the admin are not tampered with in transit.
Availability is making sure the data is actually accessible to authorized users when it is needed. Now that we are moving more of our office operations to cloud-based apps (ex. Canva instead of MS Publisher), this is something as basic as having the stable and reliable Internet connection to access the cloud, and the servers offering 99.9% uptime or better.
Minimum Viable Teaching for Cybersecurity
The above CIA Triad is something that is applied more on the whole IT system. Now as for the individual end user, here are some quick steps you can take to secure your cyber-belongings.
Turn on encryption – This means that the contents of your PC or phone cannot be accessed without being unlocked by your password. iPhones and most new Androids already apply encryption at boot. For Windows it requires a Pro license to enable encryption at the OS level, but you can still keep sensitive files and folder encrypted by installing 7-Zip and creating a password-protected archive.
Pick a long password – The longer the password, the less likely someone would be able to guess it and take over your accounts. Which brings us to…
Don’t reuse your passwords! – Every now and then the online services themselves get hacked, and when this data breach happens the hackers post the passwords on the Internet. You can check on this website if your password has been leaked. By not reusing your password on other sites or mobile apps, you are safe even when data breaches happen.
Turn on two-factor authentication – UP System IT did the right thing when they enabled 2-factor for UP Mail accounts. But did you know that you can do the same for your private email and social media accounts such as Facebook? This helps in making sure the bad guys cannot control your account even if they do find out the password, since they also need the security code sent to you.
Avoid clicking on strange links or email attachments – This one is harder to put into practice since we ourselves send out memos as a link to a Google drive file. And you might notice half of the paragraphs in this post has a link in it. So how do you find out which links are trustworthy? Let’s just start with the basic:
- If it ended up in your Spam folder, do not open the link.
- If you do not know who sent you the link, do not open the link.
- Even if you do know them, but you do not expect them to send links to you, you should confirm first via personal message.
There may be some exceptions to this like phone line or water utility bills.
Use an end-to-end encrypted messenger app like Signal or WhatsApp – There was some outcry on social media last month on certain provisions of the Dilnet Acceptable Use Policy (AUP), especially with regards to privacy.
If that is your concern too, then you can have a virtually private conversation within Dilnet or anywhere else on the Internet if you use a messaging app with end-to-end encryption, so that only the sender and the receiver can see the messages. Besides the above-mentioned apps, you can also do this in the Facebook Messenger app via secret conversations.
If you are interested in any of the above, you can more in this article from the Electronic Frontier Foundation.
- Library Policy and Advocacy Blog. (2020, March 27). Awareness, planning, resilience: thoughts on libraries’ cyber defense in 2020 [Blog post]. Retrieved from https://blogs.ifla.org/lpa/2020/03/27/awareness-planning-resilience-thoughts-on-libraries-cyber-defense-in-2020/
- Security Education Companion – A project of the Electronic Frontier Foundation. Retrieved from https://sec.eff.org/
- MDN contributors. (2019, June 16). Confidentiality, integrity, and availability. Retrieved from https://developer.mozilla.org/en-US/docs/Archive/Security/Confidentiality,_Integrity,_and_Availability
- Chapple, Mike. Confidentiality, integrity and availability – the CIA triad. Retrieved from https://www.certmike.com/confidentiality-integrity-and-availability-the-cia-triad/
Dixon, Denelle. (2016, October 6). Promoting cybersecurity awareness [Blog post]. Retrieved from https://blog.mozilla.org/blog/2016/10/06/promoting-cybersecurity-awareness/. Licensed under CC BY-SA 3.0.
Diliman Network Helpdesk – University of the Philippines Diliman. Retrieved from https://dilnet.upd.edu.ph/