Congratulations on being at UD! Whether you’re a new or returning student, faculty or staff member, the start of the school year is a good time to think about making sure you are ready to keep your technology and your personal information safe! As higher education is often a place for sharing information, it’s a perennially attractive target for identity theft and fraud.
It may seem like we talk about security a lot at UD Information Technologies. This is not only because we are a University and a target, but also because the number of incidents of criminal access to personal or corporate data continues to rise.
Just this summer, we’ve seen several massive attacks on data:
- Hackers Stole Text Messaging, Call Records for Nearly All AT&T Customers
- 10 Billion Passwords Leaked on a Hacker Site
- Over 500 Million Ticketmaster Customer Records Lost to Hackers
Unfortunately, this means the bad guys have information about us, the customers, often including login information, passwords, and more. So it’s important to play defense as well as offense.
Here are some tips to keep your information under YOUR control.
Be aware of the risks
Here are some common back-to-school scams you should be aware of as the semester begins:
- Fraudulent communications regarding registration or your UD account.
- Award, research, scholarship, housing, or tutoring scams.
- Deceptive IT Support, password resets, “Geek Squad” prompts (especially after any highly-publicized technology interruption). You may get offers to “fix” your computer that are really attempts to steal your personal information.
Watch for suspicious emails
Human error, often prompted by fraudulent emails and phishing attacks, is the number one threat to your information. Always pause, take your time, and look carefully at the email in your Inbox. If you get a message that doesn’t seem “right,” be sure to double-check the sender’s email, and trust your intuition. Never be afraid to send an out-of-band message (as opposed to a “reply”) to confirm an unexpected spreadsheet, attachment, or link. Skip the link and take a known safe path through a browser when being sent to a login page. Unfortunately, email is insecure. Email communications can be intercepted in transmission and messages can be accidentally or purposefully misdirected—it should not be considered a secure way of transferring sensitive data. Avoid using personal email for University business.
If you do get a suspicious email—like from a store you don’t visit, a request to buy a gift card, or any email with a web link you aren’t expecting—don’t just click! This year, UD is offering a new tool to help you be sure the email is legitimate, the Phish Alert Button (see the article in today’s newsletter to learn more about it).
Device protection
You can also take steps to protect your computer, tablet, or cell phone to help prevent attacks.
- Configure laptops with a strong login password, and perhaps a power-on boot password,
- Set up your mobile phone with a strong login password/PIN so it requires authentication any time it’s started or comes out of sleep mode. Some devices can be configured with biometric authentication such as fingerprints and facial recognition.
- Set your laptop to enter sleep or hibernation mode after only a few minutes, and require a password to wake it up. This will both save energy and limit the chances of someone walking away with your laptop and logging in with your credentials.
- Encrypt any mobile phone or laptop computer to make sure that your data isn’t readable in the event the device is stolen.
Accounts and access
Remember to never share passwords and follow best practices with long, strong, and unique passwords. Do not reuse old passwords or use the same passwords across different websites. Always enable Multi-Factor Authentication (MFA) via a text message, email or biometric scan when available. For accounts using “Challenge Questions” to confirm your identity, make sure you don’t use information that could be easily found on your social media accounts.
If you are interested in learning more about personal security, we can suggest the following resources:
- Our own SecureUD website has a great page outlining best practices: https://www1.udel.edu/security/bestpractices/.
- https://digital-defense.io/ — This site outlines a personal security checklist.Make sure you’re covering the key steps to protect your data.
There is a lot to be alert for as you use both UD tools and personal technology tools, but having an awareness of red flags, setting up device protections, and pausing to consider whether an email or text message “makes sense” will go a long way to helping you stay secure this academic year.