[music]
Wendy Battles: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone, where we cut through confusing cyberspeak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles.
James Tucciarone: And I'm James Tucciarone. Together, we're part of Yale University's Information Security Policy and Awareness Team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research.
Wendy Battles: Ready to get cyber fit with us?
Hey, everyone. Welcome to another episode of the Bee Cyber Fit podcast. We're excited you're here and hope you're ready to get cyber fit with us. If you're a new listener, welcome aboard. This is the place to come for information and inspiration to stay safe online and outsmart cybercriminals. This podcast is one of the many tools in our toolkit that we use at Yale University to help our faculty, staff, and students build their cyber muscles.
James, I'm thinking about our new season, Season 3, by looking at it from a broader perspective. I must say, I'm really proud of the work we've done to educate the Yale Community in our past two seasons. We've provided a lot of practical information and how-tos. I feel like we're empowering the community with knowledge. The greater the ease of information and awareness, the easier it is for someone to take action and change their behavior, like, reporting unusual computer activity, even if they're not sure. It's what we've referred to before as be safe, not sorry. That's how we help our community take simple steps that can make a big difference in protecting our data and systems.
James Tucciarone: I've got to say, I definitely agree. Season 2 seems like a whole different life. We've had so much happen since our last episode. We recognized some of our other plans meant we might need a little bit of an unexpected wrap for Season 2. We took a little bit of time to relax and took a short hiatus from the podcast. We also used that time to rethink our opportunities and how we could best serve our listeners and the Yale community. I don't know if you caught what I did there, Wendy, talking about some recognizing, relaxing, and rethinking.
Wendy Battles: That's pretty clever, James.
James Tucciarone: So, for those of our listeners who haven't heard about or engaged through our most recent campaign, it's called Click with Caution, Recognize, Relax, Rethink. And it's all about social engineering and staying safe online. We're going to take a deeper dive into the idea of being mindful to be cybersafe in our next episode. So, be sure to stay tuned.
Wendy Battles: But today, we're going to be chatting about the 20th anniversary of Cybersecurity Awareness Month. You might be familiar with it, you may not, we'll talk all about that. What that means for, our listeners, and what Yale's doing to help power up our cyber skills. But before we get started, let's find out about cookies. Unfortunately, I don't mean the ones we're eating, it's our buzzword of the day.
[music]
James Tucciarone: How often have you been on a new website? And the first thing you see is a message asking to accept the use of cookies. My guess is it's pretty common. Do you ever wonder what these cookies are or what you should do? Stay tuned for some background that'll let us sink our teeth into thinking about cookies.
Wendy, I am really excited for Cybersecurity Awareness Month. We've got so many exciting, interesting, and fun things planned. My favorite part is this year's theme, Be a Yale Cyber Hero. And our recently named Cyber Bee, Boola has harnessed the inner superhero and even donned the cape.
Wendy Battles: I must say, James, our Bee Cyber Fit bee does look pretty great as a superhero. And with a name like Boola, our little friend is definitely full of the Yale fighting spirit. Now, for those listeners who haven't celebrated Cybersecurity Awareness Month before, this is a great year to start because Cybersecurity Awareness Month is celebrating its 20th anniversary. It started off small. It was started by the National Cybersecurity Alliance. And the whole point was to help people stay safe online.
Over the 20 years, it's grown from a national month to an international month. We dropped the national part. It's just Cybersecurity Awareness Month. It is a time to amplify the really important messages about thinking about our behavior, increasing our awareness, and taking the appropriate action. We can think of that at Yale University when we think about how we protect our really important data that we use every day and the systems we use to help us do our work or to study.
This year, we are focusing on a new topic to defend against digital villains every week. Each week, we're going to have a virtual event that you can attend, interesting, fun, and engaging. We're going to have a self-paced puzzle, so that you can learn something about that week's topic, but in a fun way. And we also have a weekly infographic poster that you can download, print out, put up in your workspace to remind you of these important behaviors that we're talking about throughout the month. So, James, week one, I love this theme, Save the Day by reporting suspicious activity.
Week One is all about recognizing and reporting suspicious cyber activity. You know, sometimes, you get a hunch that maybe something isn't right. Well, that is the kind of thing we're talking about reporting. We're kickstarting our superpowers with a fun and interactive virtual trivia game, which is going to be a great way to learn more about reporting. We have a great poster that shows how you can call on our Information Security Office Super Squads and our self-paced reporting, fill-in-the-blank puzzle, is sure to test your powers of deduction. So, some really cool stuff for week one.
James Tucciarone: We definitely have some great things going on for our first week, Wendy. And reporting is so important. Many of our listeners probably remember that we recently wrapped up a campaign dedicated to reporting suspicious cyber activity called Be Safe, Not Sorry. It's all about recognizing that suspicious activity and taking action to make sure that we're defending against it. Reporting is so critical because as individuals, we're often the primary line of defense against digital threats. We're the ones who might receive those messages that come through and are faced with the decision on how to respond or react to them. So, knowing what to do and knowing when to report is so critical.
Wendy Battles: Yeah, James, it really is. They say that so much of what happens with phishing, and people getting tricked, and clicking on links has to do with the human element. It's humans that are doing that. It's not machines that are doing that. So, it's humans that need to report this. So, I love that we're giving people tools, and skills, information to build those cyber muscles around reporting.
James Tucciarone: Hopefully, we're also letting people know that they don't have to be embarrassed, hesitant or worried about reporting and that we love to hear from people at the Information Security Office. So, reach out and drop us a line.
Wendy Battles: Yeah, you're right about that. No need to be embarrassed because I think that sometimes we think, “Oh, that wouldn't happen to me,” or “It's no big deal that I clicked on that link.” But when in doubt, if you have the least bit of wondering, “Oh, should I have done that?” That's when we want you to report things. Week two, we're focusing on Knowing Our Risk. It's one of our evergreen topics, and it's so important because we need to know the risk of our work to ensure we protect it properly. Week two brings a friendly competition hosted by the National Cybersecurity Alliance, where we'll compete with folks from Yale and other organizations. It's going to be a really fun game show where you are going to build your cyber knowledge. We also have a poster that breaks down our role and the Yale Cyber Heroes Code, AKA, our Minimum Security Standards, and use our self-paced, Know Your Trivia puzzle, to find out if you're already ready for action.
James Tucciarone: Wendy, even though we work in the Information Security Office, do you ever wonder exactly what your role is in protecting Yale?
Wendy Battles: Absolutely. It's sometimes a little confusing.
James Tucciarone: I definitely agree. And hopefully, most of our listeners know that at Yale, we have a shared responsibility to protect our data and our systems. What that means is we can't just sit back and assume everything is going to be okay. And our Know Your Risk topic helps us to know our role. Further, it helps us to identify the risk of our work, because how can we protect something properly if we don't know what we're protecting.
Wendy Battles: Right. There is a lot to learn about knowing our risk and our role. We've got some great information coming to you during week two. So, let's talk about week three. Defeat Online Thieves with Robust Passwords. Cyber villains are always looking to get their hands on our personal information. We all know that, especially our passwords. So, in week three, we're preparing for bad guys and powering up our passwords. Boost your knowledge and cyber skills with a great talk hosted by the National Cybersecurity Alliance about how it's easy to be safe online.
I know, James, that sometimes we think it's this really big thing that we have to do, but by taking small steps, we can increase our safety in really easy ways, easier than we might think. You're also going to use your locator beacon to solve our self-paced use secure passwords scavenger hunt, which I know is cool.
James Tucciarone: I had a lot of fun trying it out myself. Wendy, passwords are a crucial part of cybersecurity. They're literally the keys to our digital castles. Once our passwords are compromised, cybercriminals can gain access to our accounts, our resources, and our sensitive information. This week, we're also going to talk a lot about the importance of multifactor authentication and the rise of scams that are used to try and beat it.
Wendy Battles: Now that, James, sounds pretty darn action-packed with lots of really great information. I think the thing is, sometimes, we don't even know the impact of our actions. We can unintentionally share our net ID and password, not even understanding what it can lead to. So, you mentioned people could get in, and they can do all kinds of things. So, we really want to help our Yale community boost their password safety.
Okay, so, let's talk about week four. We're going to finish up the month in a really strong way by this idea of combating cybercrime by protecting our email. Week four is all about clicking with caution to overpower social engineering. Our poster will help you harness the power of mindfulness and discover common tactics used by bad actors. You can also flex your cyber muscles with a self-paced crossword puzzle. We're featuring another trivia game as well.
Did I mention, James, that in this really cool trivia game called Kahoot, we have some fun superhero questions to bring that theme right on home.
James Tucciarone: We sure do, and I'm really looking forward to it. Now, Wendy, you might say as individuals, we're both the first and the last line of defense in terms of cybersecurity. The good news here is that we can be one of the strongest links in the chain, keeping us safe. But we have to empower ourselves with the tools to be mindful and to be cybersafe. If we don't know what to look for and how to avoid the many, many scams that may come at us, we quickly can become one of the weakest links. And that's why week four is so important because it really gives us the knowledge that we need to defend against these cyber villains and keep our online presence safe.
Wendy Battles: Absolutely. It's going to be an action-packed week with lots of great information. We are helping to boost those cyber muscles. And I'm excited. I'm going to tell you James, I'm excited about the entire month. We just went through every week. We've got cool stuff planned. I do want to mention, by the way, that on Halloween, we have a special event and that is called Seriously Spooky Cybersecurity. It’s with Jeremy Rosenberg, who is our Chief Information Security Officer. Many of you know Jeremy. You've heard him before as our guest on the podcast. It's going to be a really interesting hour with him talking about some of the latest headlines, some of the things that are going on, and things that we can feel empowered to do, to try to fight back as a Yale Cyber Hero would do. And now, let's get back to our Buzzword of the Day.
[music]
James Tucciarone: Here is the buzz on cookies. Let's get started by discussing the general function behind them. Websites place cookies on your web browser, so the site can recognize you in the future and track you over time. Some of the most common examples of cookie use you might be familiar with include remembering your user ID or preferences for a website, providing autofill capability when filling out a web form, and offering a digital shopping cart you can return to later. Now, let's dive a little deeper and talk about the two main types of cookies we should know about, single-session cookies and persistent cookies. Single-session cookies or just session cookies are only used while navigating the website that created them and are automatically deleted when the session ends. Session cookies help with website navigation, like, using the back button and keeping items in a shopping cart.
Persistent cookies, sometimes called multisession cookies, remain on your device and record information every time you visit the site associated with them. Persistent cookies can be useful for remembering your account username across multiple visits, and even helping to prevent fraud. These are also the cookies that track your behavior over time and allow for building a profile of the user's history with the site. Now finally, we can also categorize cookies by where they come from. First-party cookies are created directly by the website you're using. They're often used to track your personal preferences and improve your user experience. These first-party cookies are typically considered the safer variety.
Third-party cookies, on the other hand, are generally from a third party that's different from the website you're browsing. These cookies are used by advertisers and for analytics to track users' browsing histories across sites that leverage the ads. Now, the introduction of legislation like the ePrivacy Directive and the General Data Protection Regulation, or GDPR address data protection, the confidentiality of electronic communications, and the broad tracking of internet users. This, at least, in part includes cookies. One easily recognizable effect is the increase in cookie consent requests we encounter on websites.
Ultimately, deciding whether or not to consent to accepting these cookies is up to you. Here are a few tips to consider in terms of managing your cookies. Just as we would be cautious when browsing unknown sites, we should also be cautious when accepting cookies from unknown sites. Evaluate the ease-of-use cookies can provide compared with the risk and availability of the data being stored in the cookie, and consider clearing your browser cookies on a regular schedule, for instance, monthly.
Now that you know what cookies are, where they come from, and what they do, you're prepared to make an educated decision when encountering them. You can keep building your cyber muscles and adding know-how to your cybersecurity toolkit by continuing to listen to the Bee Cyber Fit podcast. We're simplifying cybersecurity for everyone and helping you to be aware, to be prepared, and to be cyber fit.
Wendy Battles: I'm so excited about October. I have to say it's my favorite month of the year. I heard a story the other day that said it was the 20th anniversary of pumpkin spice. You know, pumpkin spice is everywhere. Pumpkin spice lattes, pumpkin spice this and that, how it's become this huge thing. People love pumpkin spice. It goes with fall, just like Cybersecurity Awareness Month goes with fall, and is also 20 years old. So, I think this is really cool. I feel like we are in for a good season, whether it's staying safe online or it's drinking pumpkin spice lattes.
We gave you all the lowdown on what is happening this month at Yale. We are excited and we hope you are too. We hope you will join us for one or many of these events. What's cool is that, no matter when you're listening to this podcast, you can do some of the activities. So, our events are happening throughout the month and hopefully, you'll be able to sign up for those. We are putting information in the show notes to register for the events, but you also, as we mentioned, can complete our self-paced puzzles that will be available for quite some time.
Now during October, it’s really the time to get on it with those puzzles because we are going to be giving away some really cool cyberhero swag, and we want you to get in on the action. So again, links to this information will be in the show notes. And then finally, don't forget, we have these very cool posters about the four topics that we mentioned because we are all about empowering you. And not just you, but think about the people with whom you work or study. Think about your colleagues, think about your fellow students. We want to make this information easily accessible to all.
James Tucciarone: That's our first episode for Season 3. So, until next time, I'm here with Wendy Battles. And I'm James Tucciarone. We'd like to thank everyone who helps make this podcast possible, and we'd also like to thank Yale University where this podcast is produced and recorded.
Wendy Battles: Thank you all for listening. We truly appreciate you all so much in the Yale Community and beyond. And remember, it only takes simple steps to be cyber fit.
[Transcript provided by SpeechDocs Podcast Transcription]