Now more than ever, consumers spend increasing amounts of time on the internet — shopping, banking, connecting with family and friends, and handling medical and other personal records. More time online, however, comes with an increased risk of becoming the victim of a cybercrime.
Consider these statistics:
- 64 percent of U.S. adults have noticed or been notified of a major data breach affecting their sensitive accounts or personal data
- Consumers reported $905 million in total fraud losses in 2017
- The U.S. business sector reported 571 data breaches in 2018 — the most ever recorded
#BeCyberSmart when sharing personal information online — whether on social media or other websites.
Here are some simple tips from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), which co-lead National Cybersecurity Awareness Month (NCSAM), to connect with confidence and safely navigate the internet, as well as some resources from University Information Technology (UIT) to help you get started.
Double your login protection
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token — a small physical device that can hook onto your key ring.
- Students can use Duo Security, which is already required for U employees, to add an additional layer of protection to their university account. Duo is a two-factor authentication (2FA) method that enhances the security of your uNID by using a secondary device to verify your identity.
- The 2019 NCSAM Multi-Factor Authentication (MFA) How-to-Guide provides simple tips to secure your personal accounts.
Shake up your password protocol
According to National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites. This can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Do you have a strong password? With UIT’s Password Tester, you can see if your password meets the University of Utah’s requirements.
- The 2019 NCSAM Creating a Password tip sheet offers simple tips on how to shake up your password protocol.
If you connect, you must protect
Whether it’s your computer, smartphone, gaming device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software.
- Antivirus software, like Endpoint Protection, is available for purchase from the Office of Software Licensing (OSL). OSL provides special educational pricing for a variety of software for students, faculty, staff, and departmental use.
- UIT's Information Security Office (ISO) also recommends MalwareBytes as a free option.
Play ‘hard to get’ with strangers
Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from — even if the details appear accurate — or if the email looks “phishy,” do not respond and do not click on any links or attachments found in the email. When available, use the “junk” or “block” option to no longer receive messages from a particular sender.
- ISO's Beware of Phishing video (below) and Phishing 101 tip sheet are two great resources that will help you quickly familiarize yourself with phishing attacks.
- Send suspicious emails to firstname.lastname@example.org. ISO's Security Assurance team will investigate the email in a safe environment and let you know the legitimacy of the email.
- The 2019 NCSAM Phishing tip sheet explains how criminals lure you in and how you can avoid such scams.
- Can you spot when you're being phished? Take Google's phishing quiz to find out.
Under-share and don’t tell
Limit the information you post on social media — from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings — online and in the physical world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are — and where you aren’t — at any given time.
- The 2019 NCSAM Social Media Cybersecurity tip sheet offers some simple steps to connect with confidence and safely navigate the social media world.
Keep tabs on your apps
Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved— gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” — the practice of limiting access rights for users to the bare minimum permissions they need to perform their work — to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
Stay protected while connected
Avoid connecting to any public wireless hotspot — like at an airport, hotel, or café. If you do use an unsecured public access point, practice good internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Only use sites that begin with “https://” when online shopping or banking.
- AnyConnect is the university’s preferred VPN client and can be downloaded through the OSL website (login required).