Back to basics: Easy ways to improve your cybersecurity
We are more connected now than ever — and continue to grow increasingly dependent on the internet and new technology. This interconnectedness, while convenient, is a gold mine for online criminals who want to steal your personal information or compromise your devices.
Recently, myriad high-profile organizations have reported cyberattacks and information security breaches, including incidents involving SolarWinds, Kaseya, Colonial Pipeline, and other companies and critical infrastructure. Unfortunately, the risk for these events increases each day, as cyberthreats and cyberattacks become more sophisticated, and more evolved bad actors emerge. A bad actor can be an individual, group, organization, or even a country involved in carrying out a cyberattack.
That’s why we need to be cyber smart — today and every day.
It’s not hard either. With a few simple steps, you can reduce your risks and stay ahead of cybercriminals. Here are a few easy tips:
Use strong passphrases and a password manager
According to the U.S. Department of Labor, Americans are spending more time online during the pandemic, which has contributed to more bad actors prowling for accounts to attack. Although it may seem obvious, people too often overlook the security of their passphrases and the use of password managers to store the unique password we should have for each account.
The Information Security Office (ISO) recommends the use of long, complex, and unique passwords or passphrases as a good way to help prevent your accounts from being compromised. You should never use the same password across different platforms and systems; if your credentials are stolen, the attacker will gain access to everything protected by that password.
Please visit this IT Knowledge Base article for information on the U’s password requirements and guidelines.
Enable 2FA
University students, faculty, staff, affiliates, and alumni are required to use two-factor authentication (2FA) via Duo Security when logging in to certain online U applications and IT systems.
2FA adds a second, necessary step to verify your identity. By requiring multiple methods of authentication, your account is further protected from being compromised, so even if a bad actor hijacks your password, 2FA also makes it more difficult for attackers using password-cracking tools to break into your accounts.
For more information about 2FA or Duo Security, please visit this IT Knowledge Base article.
Perform software updates
When a device prompts you that it’s time to update the software, it may be tempting to select “Remind me later” or ignore the message altogether. However, having the latest security software, web browsers, and operating systems on your devices is one of the best defenses against online threats. So, don’t wait — update.
Do your research
Do some research before downloading anything new to your device. Make sure that it’s safe by checking out the reputation of the app’s creators (e.g., Are they well-known and trusted in the market?), user reviews, and information about the app’s privacy and security features. You also can email the ISO’s Governance, Risk & Compliance team to find out whether the ISO is aware of a security review or any known risk connected to the app.
Check your settings
Be diligent — double check the privacy and security settings for your university and personal accounts. Verify and limit who can access your documents in Box, Google Workspace, and Microsoft OneDrive. For Zoom meetings, create passwords so only those invited to the session can attend, and set restrictions for who can share their screen or files. For internal meetings with other U employees, use Microsoft Teams, which is the university’s approved and secure chat, meeting, and collaboration platform.
Please visit this IT Knowledge Base article for more information about online meeting best practices.
While no single tip is foolproof, employed together, they can help you take control of your online presence and decrease the odds that your data or devices will be compromised — preventing wasted time, lost money, and other critical damage that could have devastating consequences.
For more tips, please visit Creating a cybersecure workspace — at home.