12 Things SWKLS: 2018 Thing 2


Welcome to the second thing  in 12 Things SWKLS 2018.   Our new antivirus, ESET Endpoint Antivirus,  has cybersecurity awareness training available to share with all of our libraries.   We thought this would be a great topic for Thing 2.  This is important because recent studies have shown that cybercriminals are increasingly targeting users as a means to gain entry into corporate or personal networks.

The activities for this lesson are due February 28, 2018 at 11:59 pm central time and are worth 2 credit hours.  Estimated work time:  1-2 hours.

If you would rather complete an alternate topic, please go to the alternate topic page and pick one from the list.  You are also welcome to choose past topics.

If you get stuck and need help, please don’t hesitate to ask.

What you’ll learn in this lesson:

  • Threats Overview: Malware, phishing & social engineering
  • Password Policies: Best practices; 2FA and how to use it
  • Web Protection: What to look for; what to avoid
  • Email Protection: What to look for; what to avoid
  • Preventive Measures: Best practices for security at home and work

Exercises:  (Due February 28, 2018 at 11:59 pm CST)

Tools you will need:

  • A computer or internet enabled device (this should work on a tablet, phone, or iPad)
  • An Internet connection
  • An email account

Activity 1:  (60 – 90 min)

This training takes under 90 minutes, and will give you everything you need to know to practice cybersecurity best practices at work and in your personal life. Here are instructions:

  1. Go to this link and fill out the form, entering your own information.  Be sure to use your library email address.
  2. Once you complete the fields, you will receive an email with a link to the training—please keep this link handy.
  3. The training runs in any browser, and there is sound, so make sure your computer sound is turned on.
    1. Note:  To see the slides in Chrome you may need to approve Flash to run if using the Chrome browser.
  4. Note that the red Media Player button along the bottom tracks how far you are through the program. If you need to leave before completing the training, simply take note of the time code so you can start again in the same place, using the link you saved above.
  5. Once you have completed the training, you will be given a certificate. Please email Janelle (jmercer at swkls.org) this certificate so she can track completion.
    1. In order to receive the certificate you will need to score greater than 70% on the test.

Activity 2:  (5-10 min)

  1.  Comment below letting us know two things you learned and what you plan on doing differently in the future.
  2.  Reply to another librarian’s comment.


50 thoughts on “12 Things SWKLS: 2018 Thing 2”

  1. The first thing I learned is that apple does not allow other companies to make antivirus programs for their phones. The another thing I learned is that when answering security questions, treat them like additional passwords instead of putting the actual answers on them.
    Be more careful about the emails we get from book vendors to make sure that they are legitimate.

    1. sueann sawyers

      I learned a lot about security questions. The need to be treated just like a password. Emails I learned a lot about if they were true emails or not. Make sure you write down your email addresses & passwords were you can only find them. Thanks

  2. WOW! Great lesson! I learned several things! The most interesting was that we should “lie” on our security questions! I learned about password manager and that I need to update my router! And to only click on links on first page after searching for something. I went to haveibeenpwned.com and found that one of my email addresses had 5 breech sites and the other email address had 1.
    I have a couple of questions: which AV should I install on my iphone?
    Would it be good to go back to those sites that have security questions and change my answers?

    1. I also am wondering about updating our router as I just took for granted that the System had my back when it came to the router so I guess this is something I need to check into as I am not for sure how secure ours is at this time.

      1. Ruby,

        Steve usually makes sure that the library routers are up to date. I will make sure he sees your comment and answers it just to make sure. 🙂 At home routers are something to think about as well.

          1. One of the issues with home-grade equipment has been the default credentials (username / password). People would not change them or did not really know how. Even Internet service providers are guilty of this with customer premises equipment that they provide. This in and of itself isn’t horrible because it would normally require access from WITHIN your network. But, many manufacturers are guilty (purposefully or inadvertently through poor design / code) of having sold units with vulnerabilities that could be exploited to gain access from OUTSIDE your network (i.e. from the Internet). This is one of the reasons to check for updates on devices that you own. If the manufacturer discovers or is made aware of an exploitable vulnerability, we would hope that they release an update or patch to fix things.
            Taking things a step further and outside of residential environments, mis-configurations of network equipment in businesses occur allowing hackers to not only gain access to the router itself, but also to dive into the network behind it.

      2. This question came to my mind when the information on the routers came up. What about the fiber optic routers that have been installed in Cimarron? Just brings several questions to my mind about how different fiber optic is to a regular router. How long they last? Are they the same?

        1. When we talk about fiber or fiber-optic we are really referring to the transmission media. Other common media for residential service would include coax (cable) and copper (DSL). One of the functions of the router can be to convert the media type from one to another. So, in the case of fiber coming into the router from the street, it may convert the media type to a network cable (copper) or perhaps wireless. A router may also act as a modem for services like cable or DSL based Internet, and they too convert the incoming media as well as the transmission protocol(s). So, there exists a difference dependent on the incoming media type. Then we have other variables such as the grade (home use vs business vs enterprise), manufacturer, features, and routing capacity (how much bandwidth for how many devices or people). All of that being said, there exists a large spectrum of quality and features when discussing the physical router. It’s also worth noting that equipment such as a router that is placed at the customers end is referred to as ‘customer premises equipment’ or CPE for short. I’ve seen service providers that use the lowest priced (cheap Chinese) CPE they could buy (with the expected results of intermittent issues and/or high failure rates). I’ve also seen the smarter providers that purchase quality CPE so that they don’t have to roll out trucks as often to fix things and/or reduce the number of support phone calls.

      3. I think we covered this at Tech Day, but for those who did not attend: one of the responsibilities for my position is to ensure that your network equipment is kept up to date and is configured properly. We may skip an update if it is a bug fix for a feature that is not used (disabled) or that provides some new functionality that we wouldn’t currently leverage. But, should a security update come out, it gets installed on your gear. We typically do this in phases, using the libraries closest to us as guinea pigs to ensure that the fix doesn’t break something else (if so, we can be onsite quickly). Once it has passed muster, the rest of our libraries get updated. Furthermore, I do frequent configuration checks and what is referred to as ‘penetration testing’ from outside the network. This is me basically taking on the role of a ‘hacker’ and attempting to break in or scan for vulnerabilities or mis-configurations. In a nutshell, we got your back sister.

    2. I agree Millie, I had no idea you should lie on the security questions! I usually just pick ones that most people won’t know the answer to. As long as I can remember the “wrong answers” lying on security questions could be fun!

  3. I learned about password managers which I had never heard about and Two-Factor Authentication (2FA) which I was exposed to today when I tried to access my Blue Cross Blue Shield account. I need to do a better job on passwords. When you have to update your password on a regular rotation, I am one of those that change maybe a # or a symbol. I just hate coming up with passwords.

      1. I will have to check Last Pass out. Having a password manager sounds like the way to go to keep all our information safe!

      1. I always have to run get my phone when they text me a passcode, which I find annoying, but thankfully they are doing their job to protect my info.

  4. Wow! I learned several new things. Don’t answer security questions with correct answers is one of them; also that the password can be changed on routers. I will definitely look into this for the one at home. I had heard about the only click on the first page of links in a search but had been under the impression it was because the following pages the results were less likely to match what you are looking for. This was a very good Thing and very informative!

    1. I agree with you Audrey. This was such a good Thing and gave so much information that I didn’t know. I’m certainly glad this was offered. I learned so much. I had only recently heard about not clicking pat the first page of links in a search. It was great to have it explained as to why we shouldn’t.

  5. I’m so not a tech person. I had no concept of the magnitude of all the ways outside sources could get into my info. One shocker was the info concerning security questions. I just always picked one and gave a honest answer. That’s changing immediately! My router never concerned me. My internet provider came to the house and set it all up. I didn’t give any thought to the router having usernames and passwords let alone that the router itself needed to be updated. I will be taking care of that immediately.

    1. I am not a tech person, either. I don’t do any personal business on the computer and I don’t buy on line. My husband does a little buying, but only on sites he is sure of. However, he is not very careful about clicking on URLs. I didn’t know about the router, either. I will be checking into the updating on it. Out internet provider also came to the house and set it up, but now I want to know if I was supposed to be doing anything with it since then.

  6. I learned A LOT from this training session. The first is that Apple does not allow antivirus protection from anyone else (I do hope they have my back). I need to be more careful sharing personal information over email, even when it is to people I am intentional about communicating with. They may get hacked and then what. I definitely don’t have unique passwords and quite frankly this overwhelms me when I even have variations on the passwords I do use. But moving forward it is likely something I will do better about. Hello “Password Manager” as I am so guilty for having a document for both personal and business login and password information. I am excited to try the “haveibeenpwned” check-up. Glad to know about keeping personal Internet of Things up-to-date. We have a SmartTV and Roku device, as well as routers, all which have our passwords we use on various accounts. They may need to be the first that are updated!

  7. Definitely going to check out password managers. Didn’t really think about turning off wi-fi when doing banking stuff on my phone. Since I don’t use a physical bank anymore this is probably a good idea.

  8. There is definitely a whole lot more about cyber security that I did not know about! 1. Lying on security questions?! I have always been true just because then I would know the answer no problem, but know I know that could cause issues for me. 2. 2FA can drive me crazy sometimes but I understand that it makes it much harder for someone to get into my accounts. 3. Sticking to the first page of web results, I very rarely go onto the second page but now know that that is a big no no! 4. Apple being Apple and not letting us use any other kind of antivirus, I love Apple but like Amy said I sure do have they have our backs! Thanks Janelle this was very informational!

  9. Lots of things that I had not given a thought to before! First, treating the security questions as another password. The more you think about it the easier it would be for old friends to know most of that information. Second, I had no idea about changing passwords on internet of things, like a router. So in the future I will be making sure I change those things to keep my information safer! Thanks for the lesson!

  10. I learned a lot, and will have to stop complaining so much about 2FA keeping my info safe. I will work on updating my security questions to something that only makes sense to me. And I thought making the email unclickable was great advice (joe.cool(at)yahoo.dotcom).

    1. I always hate that extra step of the 2FA too. Who knew it was keeping us safe. I agree on the e-mail unclickable it was really great advice and a simple fix to a problem.

    1. Hi BECKY!!! The password manager was a shocker to me too! My phone has asked me before if I wanted to set it up but I’ve never given it a second thought!! Maybe I should if I have to have a different complicated password for EACH site!!

  11. It was a LONG session but once I focused without distractions/interruptions I picked up several great tips to keep me/us safe! Steve mentioned to change the router username & password at Tech Day already and that was brought up again. Updates always annoyed me, because they always had to change something I liked/used to but now I learn it’s for our own good, to fill in security gaps! Kinda guilty of having the same password for a few sites…. Will work on changing that! Lying on security questions blew me away!! I have to say I knew some of the ways to check for a safe email but have to also say I don’t do it often enough!! Something to work on!!

  12. I definitely need to look into getting a password manager! I’m one who uses passwords for a couple different accounts (cringe, I know!!!)! Also, lying on security questions?! I truly use those to get into some accounts!!!

  13. Stephanie Sonday

    Great lesson! I am guilty of using the same password for everything and also that person that gets locked out because I can’t figure out what I changed the password to! The lesson was good at showing why you can’t do that! Password manager will be my friend! Not opening spam and passing viruses on to other computers! Detecting phish and knowing what real or not. Learning tons!

  14. Laurie Petersilie

    Two things that stood out to me:
    1) I had no idea that I have “Internet of Things” devices in use at home so I need to do some checking on my camera, router, etc.
    2) I never would have thought to “lie” on sequrity questions. I mean, I have a hard enough time remembering what the darn dog’s name is and now I need to invent a dog and remember it’s name. I can see how such a simple thing could be very effective though.

  15. Glad I didn’t do the alternate lesson. I was suprised to learn that other devices could be automatically connected to your computer wifi, such as cameras and thermostats. We haven’t connected our thermostat, but we were thinking about. Won’t do it now. I also didn’t know you could update a router. I will have to check into any updates for our router at home. I didn’t know if you send your email address to someone via the computer (as an exact address) it would automatically become a “link” for anyone else who hack in and see it. I like the tip of substituting words for the “@” (at) and “.” (dot).

    1. We just recently got a new router at home and the Pioneer guy told me I could check for updates to keep it safer, but I didn’t realize I needed to go in and change the default password.

  16. This was eye opening! I learned so much in this Things 2. I didn’t know that a memory stick was such a threat for viruses. If people have trouble printing off the public computer here we plug there memory stick into our staff computer and print for them. Well, we will defiantly change that in the future. No more using a staff computer if there device won’t work. I also need to be better at my password selection. I tend to use the same core word and add numbers or symbols on the end. I also do not change them every 90 days. Another interesting thing was the 2FA I am always irritated by another step. I now know that this is another line of protection, so suck it up! I did share with the staff here that everyone should watch this, cause I thought it was very informative. I love that I now know I have permission to lie on my security questions. I plan on going in and changing those on certain webpages. I truly learned so much in this lesson thanks for sharing it on Things 2 Janelle!

  17. I agree with everyone. This was a great lesson and I learned so much. I did not realize you should lie when answering security questions. I need to be more careful with this in the future.

  18. Very good information. Some I knew and was just a reminder, like not opening spam or attachments. The most useful to me was the password safety, using a password manager was completely new to me. Also, answering the security questions with a “lie” I’m not so sure I can remember the right answer! You know how to catch someone in a lie, is because they keep changing how the story goes!! 🙂

  19. I learned I should be changing my passwords more than I do. I didn’t think about how easy it is for “them” to go through all the variations when you just change the numbers/symbols at the end. I learned more about malware & preventive measures. I’m definitely going to look into a password manager!

  20. sueann sawyers

    I learned a lot about security questions. The need to be treated just like a password. Emails I learned a lot about if they were true emails or not. Make sure you write down your email addresses & passwords were you can only find them. Thanks

  21. Dallie Vernon

    I learned that passwords should not be the same for multiple accounts, and I also learn people can answer your security questions based off your social media. I plan on using a password manager.

Leave a Reply

Your email address will not be published. Required fields are marked *