Douglas County School

Written by Christopher Abbey, DCSD IT Security Analyst

JOIN THE CONVERSATION! As we wrap up National Cyber Security Awareness Month, we want to hear from you! What security steps do you take? Have these articles been helpful to you? Do you work in a related field or are you an enthusiast when it comes to cyber protection? Let us know!

Are You Really You?

Always being connected means we take a lot of pride and ownership of our online personas and our circle of friends. Maybe you prescribe to 'the more the merrier' on your facebook or twitter account, or like me, you are more comfortable in a circle of tight knit family and friends. In either case, Facebook, Twitter and Google remain to be portals to a much wider world, and I am appreciative for it. However, with this pride in ownership, it frightens me that with a simple click, it could all be damaged, subverted or even destroyed. Sorry to get dark on you but this is the reality if we are not careful of what access we give to our social media and other related accounts.

How would you feel knowing that, on your behalf, companies, marketing firms, games and applications right now could be masquerading as you serving up recommendations, likes, comments, your likeness and even posting and reading your documents on your behalf? This could be the reality if you have accepted apps without reviewing your (and their) privacy settings. Recently, Niantic released the insanely popular Pokemon Go! application, prompting users to get up and get moving. Unfortunately, during their initial release the company’s app requested full access user’s Google Apps in exchange for the convenience of Google’s Single Sign On access. The company has since corrected the permissions “issue”, however it is just one example of the dangers of blindly accepting apps.

Auditing Your Accounts

Don’t fret, we will point out some ways you can sever these app connections to your social profiles as well as your Google Apps. An account audit is important as with some frequency app companies are subject to hacking and other malicious activity, which may allow hackers to leverage the access these apps have to your accounts. In this part we will show how you can view and remove app access to your Facebook, Twitter and Google Apps accounts, as well as show you ways to view your account access history. For DCSD employees, students and parents with a DCSD account, please ensure you follow the best practices for your accounts managed by you in the DCSD Self Service Portal.

Facebook:

1. Navigate to the Facebook Account Settings for Apps.
2. Locate the apps you’d like to remove or edit.
3. Hover over the application, and select Edit (to view/adjust settings) or the X (remove) icon.

1. Navigate to the Facebook Account Settings for Login History.
2. Identify any activity that is not close to where you live and work. If you identify login’s in areas you have not visited, end the activity and change your password

Twitter:

1. Navigate to the Twitter Account Settings for 3rd Party Apps.
2. Identify the Apps you would like to Revoke Access to.

1. Review your Twitter Account Settings “Your Twitter Data”.
2. If you identify any activity that looks familiar, you can disable the offending app in revoke access. Twitter also recommends that you change your password.

Google (Personal Only):

1. Review your Google Accounts Security Permissions.
2. Select the App in question and review the permissions, if you are not familiar with the app or do not need it anymore, revoke it.

1. Visit Google’s Account Settings “Security Checkup”.
2. Follow the prompts stepping you through a complete checkup on your logins, connected devices and also the opportunity to enable 2 Step Verification (you totally should, more information below).

DCSD Self Service (for Employees):

1. Visit DCSD’s Self Service Identity Management Site.
2. If you have not setup your secret questions and profile information select Self Service. This is where you will set up your profile information to include a phone number and an email address where you can receive a secret PIN required to reset your password if not using your challenge questions.
3. Password Pin Reset allows you to reset your password using the above mentioned Pin as a 2nd factor of authenticating who you are.

Two Factors or Two Step Authentication

Sadly, it took me far too long to figure out some dancing pun or funny header, as you can see I gave up. But, Two Factor or Two Step Authentication is some really serious stuff! First an explanation on what Two Factors mean. 

Multi-Factor Approaches to Security

• Something you know
  • This can include passwords, passphrases, pins and secret questions.
  • As discussed in previous articles, this factor is increasingly getting harder to protect from hackers using free malicious tools widely available on the web.
• Something you are
  • Here we are looking at things that are inherently you, like:
    • Biometrics (fingerprints/handprint scan and iris scans)
    • Signatures (written, voice print, keystroke timing)
• Something you have
  • This is the physical device you carry with you.
    • Card (proximity or magnetic strip card)
    • Device (using Radio Frequency Identification or RFID (think Apple or Android pay)

You are already using two step authentication if you use Debit or Credit cards, and even with Apple Pay / Android Pay. When you pay with any of these methods you use a combination of a Pin (fingerprint) and the physical card (or device). This adds an additional layer of security to these payment methods and stops the less enterprising criminal from simply taking the card and swiping it. Although credit cards and debit cards are lacking in robust security, I hope you get my point, two factor or two step verification is adding an additional layer of security to your accounts.

Gizmodo, a tech enthusiast site, mirrors what security professionals are suggesting in a really concise guide on enabling two factor authentication on a variety of platforms. The reason behind doing this, is it significantly limits the likelihood of your accounts being compromised simply because a hacker steals a password from an unsecured app. When the hacker attempts to use your credentials, they are given an additional authentication step of typing what is displayed on your mobile device, squashing any hopes of posting strange cat memes on your social media page or using it to attack your friends and family.

Google makes it super easy to setup this secure service and the Gizmodo link above covers just about everything else. My hopes that if you made it this far into the article, I hope you consider setting up Two Factor Authentication on at least your Google Account (if you have one) or any other accounts you may have.

Other Resources:

There are a ton of great resources that are available that discuss everything from home security all the way to ways you can secure your family online.

StaySafeOnline: Protect your Personal Information Online: Offers information from Cyber Bullying all the way to the Data Privacy law, statutes and governance that School Districts are required to be aligned with, like the Family Educational Rights and Privacy Act or FERPA

Microsoft’s YouthSpark Online Safety for Families: This site provides a variety of resources on ways families can plan and implement changes at their home to protect their data and devices from attack.

Douglas County Sheriff’s Department Internet Safety Page: This site is our local Sheriff’s page on Internet Safety with a few things families can do to protect their information. Another a great resource is their Cyber Tip line.

CNET Resource on 2 Factor Authentication, its’ history and why it’s important: Another tech enthusiast site dedicated to reviews, and tips on making the most of your technology. Like the Gizmodo article, this one also has a guide to setting up 2FA on your accounts at home.