cybersecurity

Avoid making yourself vulnerable to cyber attackers by practicing good cyber hygiene. Read on for everyday tips you can apply to keep you safe and provide peace of mind in our increasingly technologically connected world.

Most of the Fermilab community is settling into a new telecommuting routine and adjusting to different ways of accomplishing our work. Working remotely brings a separate set of cybersecurity concerns, as being away from the on-site lab network creates a different computing environment than you may normally use. As such, the Cybersecurity Team has compiled a list of reminders and instructions to help you stay safe online during this time.

When it comes to social engineering tactics, email scammers will use any means necessary to trick you into giving up your credentials or launching malware on your computer. Most recently, their efforts have been spent capitalizing on the widespread concern and confusion surrounding the coronavirus outbreak. Security researchers have already identified several different types of phishing scams specific to coronavirus, and it is likely there will be variations to these emails coming as the crisis continues.

Phishing emails come in a variety of formats, including different levels of sophistication and trickery. Most phishing emails are common garden-variety scams used to directly solicit financial and personal information from you. Garden-variety scams are a little different from other phishing emails that try to steal your credentials to get into your personal and financial accounts. The good news about these scams is that they are easy to spot due to the outlandish stories pushed to the recipient.

As phishing becomes more widespread and as attackers learn to make their phishing attempts more and more devious, exposure of usernames and passwords has become one of our primary cybersecurity risks. The best way to mitigate this risk is to use multifactor authentication. By doing so, a stolen credential alone will no longer provide access to Fermilab systems because one must also use a second factor to authenticate to these systems.

Thanksgiving has come and gone, and we are now setting our sights on the holiday season and trying to find that perfect gift! In the rush of holiday shopping it is especially important to keep cybersecurity best practices in mind so your financial information and money stays safely yours. Fermilab’s cybersecurity team has compiled a few easy tips to help you stay safe when shopping online.

New training requirements will soon appear on your ITNA. Everyone at the lab is required to take one-time-only training on personally identifiable information (PII). The lab is now required to conduct short, online-only refresher courses on these topics, “Basic PII Refresher,” for most people and “Advanced PII Refresher,” for those who have access to PII. Once these new refresher courses are introduced this week, the ITNAs for individuals who have recently taken the courses should be accurately updated to reflect…

Fermilab has a long history of removing access to systems if someone does not have proper training. We are now applying the same standard to cybersecurity training. Individuals whose cybersecurity training is overdue will receive email notifications from the TRAIN system reminding them that they are overdue. If these individuals do not take training within 30 days of receiving the notice, they will lose access to their Fermilab log-in accounts, including their Windows log-on and Kerberos accounts, until the training…

We will soon require the use of multifactor authentication for VPN. Beginning April 15, if you do not have a properly installed and configured Fermilab Root CA certificate on the devices you use for laboratory VPN access, you will receive an error message when you attempt to log in to the VPN client. Configure your certificate now if you haven’t already. The next step will be to issue MFA tokens.

Almost all communication materials from the Cybersecurity Team contain our contact information and instructions to send phishing reports to us for review. This may seem like a simple request, but often we benefit from more information, not less. As such, we’d like to use this month’s Cybersecurity Awareness blog post to give you some extra guidance on how and when you should report suspicious emails… Read the full article (On-site/VPN access required)