---

News Release

Last modified: Thursday, October 4, 2012

Cybersecurity center offers practical tips for Cybersecurity Awareness Month

FOR IMMEDIATE RELEASE
Oct. 4, 2012

BLOOMINGTON, Ind. -- October 2012 marks the ninth annual National Cybersecurity Awareness Month. Sponsored by the Department of Homeland Security in cooperation with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, National Cybersecurity Awareness Month is recognized with the goal of promoting awareness and increasing the resiliency of the nation in the event of a cyberattack.

Indiana University's Center for Applied Cybersecurity Research offers the following practical tips for the general public.

Update your password: Studies routinely show that people not only choose weak passwords, but they use them in multiple locations. Update your password to something memorable, but strong. Passwords should be at least eight characters long and contain a combination of upper- and lowercase letters, numbers and symbols if allowed. Once you've created a strong password, make sure you are only using it in one place. Choose a different password for every important site you use, such as an email service provider or a banking institution.

Consider using a passphrase: Passphrases are a strong way to guard your online data. Rather than a password, a passphrase is a longer combination of words that form a phrase. They should be 20 to 30 characters long and not contain identifying information, such as common quotations, your name, your company name or anything else that could easily be guessed by a hacker.

Write your own security question: Sarah Palin and Mitt Romney have both been victims of hacked email accounts because they reportedly used default security questions with easy-to-guess answers. When setting up a new account -- or changing an existing one -- that requires a security question, make your own if allowed. The name of your high school or your mother's maiden name might be easy to determine if you have shared your information on social media sites like Facebook or Twitter. Instead, choose to write your own question with an answer that isn't known to anyone but you.

Safe online shopping: When shopping online, remember that federal law limits the liability you can face for credit card fraud up to $50. Most card issuers waive that amount. But to benefit from this guarantee, you must check your card statements and report any suspicious transactions. Also, when checking out at an online store, ensure the connection is secure. That means you should see "https://" in front of the Web address, rather than just "https://." Beware of clicking on links in emails from businesses, even if it appears legitimate. Instead, go directly to the store's website and search for the deals there. You could end up saving yourself from a phishing attack. Finally, a little common sense goes a long way. If an offer looks too good, it probably is, and if you don't know why someone is asking for your log-on or other personal information, don't provide it. Remember, responsible businesses will never call or email you asking for your sensitive data.

For more helpful hints, visit Security Matters, a video series produced by the Center for Applied Cybersecurity Research that provides easy-to-understand cybersecurity tips and advice.

Editors: Indiana University's Center for Applied Cybersecurity Research is home to numerous technical, legal and policy experts relating to cybersecurity. They are available to comment on virtually any news story involving cybersecurity and can be reached by contacting James Boyd at joboyd@indiana.edu or 812-855-0156.

About the Center for Applied Cybersecurity Research

The Center for Applied Cybersecurity Research is affiliated with IU's Pervasive Technology Institute and works closely with its partner organizations at the university: CLEAR Health Information, the Maurer School of Law, the Kelley School of Business, the School of Informatics and Computing, REN-ISAC, the University Information Policy Office and the University Information Security Office. It has been designated by the National Security Agency as a National Center for Academic Excellence in both Information Assurance Education and Research.

---

---