网络安全是保护计算机的实践, 网站, 以及其他本地和网络系统免受基于数字的攻击. These attacks are aimed at gathering your personal 和 professional information, 还有你的朋友们, 所爱的人, 以及你就读或工作的机构的数据.

Without cybersecurity awareness all of our data, both personal 和 institutional, is at greater risk. 身份被盗的风险增加, 金钱损失, 而信息的丢失都是缺乏意识的结果. Knowing what to look for 和 being familiar with the most common ways your information can be stolen 和 siphoned off protects you. 意识类似于离开家时知道锁门.

国家网络安全宣传月(NCAM)每年10月举行, 和 is a joint effort between various industries 和 the government to help educate 和 spread awareness of resources that will contri但e to their safety online.

Cybersecurity awareness 和 concern must be included in all of our daily rituals.

恶意软件

Viruses 和 worms can install themselves in your system without you even knowing it. 一旦他们这么做了, they can use your machine as a base of operations to monetize your system for their benefit. 这可以通过强迫你弹出广告来实现, collecting your private data 和 sending it off to a central location behind the scenes, 收集公司数据，然后吸走, 和更多的.

恶意软件 is a large umbrella term that encompasses many different forms of attack. The important things to remember are to always report strange events on your machine, 要非常小心你点击的内容和你打开的可疑邮件.

永远要注意网站上的链接，它们会去到它们说要去的地方. 你可以看到, 在大多数现代浏览器的下方状态栏, 您想要访问的链接的实际目的地.

也, 的电子邮件, ensure they are from who they say they are 和 that any links or attachments within the email are expected before you follow them.

垃圾邮件

垃圾邮件是最古老的网络安全风险之一. 虽然大多数垃圾邮件只是杂乱的, 占用你的时间, there are still large groups that use spam to spread every kind of cybersecurity risk we can imagine. 垃圾邮件, unwanted email from strangers, is often filled with phishing attempts, malware, 和更多的.

网络钓鱼

网络钓鱼 scams actively try to fool you to gather personal 以及机构信息.

这些邮件通常冒充你认识的人:同事, 学校管理人员和教师, 金融机构, 服务台，甚至是你的私人朋友.

网络钓鱼的目的有两个:

• 骗你给他们个人信息，比如密码, 密码, 以及其他保密信息.
• 将软件(通常称为间谍软件)安装到您的机器上, 还有网络, 那是用来收集信息的, 有时甚至会毁掉你的文件.

网络钓鱼的例子

下面是一个网络钓鱼邮件的例子. 注意事项如下:

• The sender’s email address impersonated one that could have come from a real user (raym_82), 但我为什么要用个人账户给学校发邮件呢? 此外,“formsmail.Com”不是一个可识别的电子邮件服务提供商.
• The “Microsoft Partner Silver Application Development” logo is not relevant to the topic of the email.
• 邮件链接中没有“.Com "或".edu”的网址. 为什么MSM的名字会出现在链接中?
• 不太明显, 但如果这封邮件是来自男男性接触者的IT人员, 应该签上他们的名字, 学校联系方式, help desk contact info or more distinctive information to help you reach out in case you have questions or need help. The fact that it’s a generic “End user client support” signature offers you no opportunity to reach out other than by replying to the bogus email.

对于进一步的例子，请参阅下面的电子邮件并注意以下事项:

• 要求立即采取行动的请求.e. “需要采取行动”或文本中的警告语气(“您的计算机有病毒!”).
• 可疑的“FROM”电子邮件地址. In this case, a legitimate Microsoft email would never be sent from a third-party domain such as no-reply@stabletransit.com.
• 上空盘旋 (不要点击) 查看电子邮件想要引导您到的网站的任何链接. 在下面的例子中，其中一个链接似乎是可疑的.com.Ua /u)，而另一个看起来是合法的.
• 语法或拼写错误在网络钓鱼中很常见. In the example below, the past tense of “require” was used erroneously in the text of the email.

捕鲸

捕鲸袭击, 也被称为捕鲸钓鱼, is a specific type of phishing attack that targets high-profile staff or faculty at institutions in order to steal sensitive information. 在许多捕鲸钓鱼攻击中, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.

嫁接

嫁接 is an attempt to redirect traffic from its supposed destination to one the attacker has decided on. This way they can gather information such as account numbers, passwords, 和更多的.

间谍软件

间谍软件 is often a small program installed on your computing device without asking via a website that a pharming attack took you to, 或者是垃圾邮件链接, 或作为附件携带, that will then sit on your computer 和 send your personal information to a repository. The information collected may include passwords, as well as personal 和 corporate documents.

社交媒体

社交媒体网站是与朋友和家人联系的绝佳方式, 但它们也是用户需要格外小心的地方. 小心不要分享太多的个人信息, as this data can be used to guess at passwords 和 even answer security questions. 对陌生人格外挑剔, 记住，要自称是某个人是很容易的, 即使是专家, 不需要提供证据.

社交媒体也是不良数据的温床, news 和 other information that may sound good to you 但 that is factually false, 这甚至会让你处于危险之中. 一定要仔细检查来源或信息，并持怀疑态度.

Change passwords frequently 和 never reuse passwords; that way your security will be enhanced.

If you suspect you have been phished you will want to take several steps as soon as possible:

Step 1: Change any passwords on institutional 和 personal accounts you think may have been compromised, 但 用不同的设备 而不是这个机器. Remember if your computer is infected, any new password may be stolen as you type it.

第二步:运行杀毒软件.

第三步:提醒MSM的帮助台.

DO keep your computing software up-to-date to install the latest security patches 和 help block spyware 和 malware.

DO use different passwords for every account you use so a stolen password has minimal effect on your other accounts.

定期更新你的密码，如果密码被盗, 它不会允许访问信息太久.

是否要使用让罪犯更难猜到的复杂密码.

不要默认相信所有的电子邮件. 在点击链接或回复邮件之前一定要三思. If you aren’t expecting the email or the email seems out of place, consider it carefully. Look for links that say they are going to one site 但 actually lead to another. 将鼠标悬停在链接名称上，仔细检查所有链接.

不要打开可疑或意外的附件. 它们通常是间谍软件和恶意软件的有效载荷. Consider where they came from 和 if they are something you expected to receive.

不要指望防病毒和反恶意软件单独保护你. You must also be aware 和 critical of your own internet habits to ensure your safety online.