Cybersecurity Tips for Our Ratepayers

As a public utility, CUD is an everyday target of phishing and malware attacks, as well as a high number of spam emails. In a typical week, we check tens of thousands of incoming emails and intercept literally thousands of attempted cyberattacks.

With that knowledge, our Information Technology Team offers the following tips to help you protect yourself from hackers.

• Keep your software updates current.
• Use strong passphrases. Notice we didn’t say passwords. The most recent studies indicate that a passphrase of at least 16 characters (uppercase/lowercase letters, numbers, and symbols) will be nearly unbreakable to hackers.
  • Example of Passphrases: My Dog Has Fleas – to make this a passphrase substitute zeros for 0s and @ for As.  Add the year and a letter at the end. Each time your passphrase needs updated, advance the ending letter to the next in the alphabet (MyD0gH@sFle@s2019a). This passphrase is now 18 characters long, and each word starts with a capital letter, os are substituted with 0s and As substituted with @ signs.
• Change your passphrase periodically – every 90 days.
• Use two-factor authentication whenever available. (1. Something you know – like a password. 2. Something specific to you – like a thumbprint or a text verification.)
• Never click on unexpected or strange links sent to you.
• Don’t open email from strangers.
• Never store passphrases on notes in your workspace.

Beware of phishing attacks, which usually arrive as emails, texts, direct messages on social media or phone calls. Phishing occurs when criminals try to entice you to open harmful links, emails or attachments that could access your personal information or infect your devices. These messages are often designed to look like they come from a trusted person or organization, to entice you to respond.

Know the warning signs of a phishing message:

• Urgent language that asks you to respond immediately
• Requests to send personal and financial information
• Shortened website addresses (URLs) from a source that doesn’t look familiar
• Incorrect email addresses or links, like amazan.com

A common sign of a phishing message used to be poor grammar or misspellings. However, the use of artificial intelligence (AI) allows some emails to carry perfect grammar and spelling.

If you suspect phishing, DO NOT click on links or attachments. That is the hacker’s method for accessing your personal information. Instead, report the message via the “report spam” button in the toolbar or settings.

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.