Ransomware attacks. Hacked social-media accounts. Phishing and other email scams. Online threats—from the merely annoying to the potentially devastating—seem to be virtually everywhere.
But some relatively simple steps can dramatically reduce your risk of falling victim. Most take little more than a few minutes to implement.
October is Cybersecurity Awareness Month, a great opportunity to do your part and protect yourself and your friends, family, and colleagues.
“The university has protective systems that, for example, intercept most phishing emails that try to trick you into providing personal info,” says Zach Furst, the university’s chief information security officer. “But we also depend on individual students, faculty, and staff to stay aware, use online security tools, and follow practices proven to work.”
Furst and his team recommend five things you can do starting now.
1. Avoid and report phishing scams
Phishing refers to emails, texts, or even phone calls that try to steal passwords or other private information. They might directly ask for your info or lure you to a shady website. ITS provides a comprehensive primer on phishing and how you can avoid it.
Universities are tempting targets for scammers. While the UI screens out thousands of fraudulent emails every day, phishing remains the campus’s most pervasive cybersecurity threat.
If a message looks or sounds suspicious, it probably is. Delete it.
2. Use Two-Step Login and similar systems
Two-Step Login is the university’s multifactor authentication system. It works by asking you to verify HawkID logins using a device only you possess, usually your phone.
Social-media platforms, online banking, and other services often offer similar systems. Use them whenever available. They can stop thieves from accessing your accounts using stolen passwords.
Two-Step Login push notifications to the Duo Mobile app on a phone or tablet are fastest, most convenient, and potentially most secure way to complete your HawkID logins. If you’re still using phone calls or texts, switch to push notifications.
3. Use strong passwords
The best passwords use keystroke combinations that are impossible to guess and unique to each tool you use.
Password-management apps can help by suggesting strong passwords and keeping them easily within reach. If you get notice that it’s time to change a password, act on it.
Also, pay attention to news about data breaches at online services or websites you use. Some technologies (such as iOS 15) will alert you if your passwords have been compromised or are easy to guess. If you hear about a hack, change your password and follow any other recommendations.
4. Back up your data
If you fall victim to a cyberattack, having a secure, remote backup can save your files and reduce disruptions to your life and work. You’ll also be protected should your hardware fail for other reasons.
Common operating systems for computers and other devices make it easy to back up to the cloud or another piece of hardware, often automatically.
If you’re not backing up, take some time to research your options. If you are backing up, periodically check to make sure your systems are running.
5. Update your software
It’s easy to ignore software-update notifications. But by delaying until tomorrow—or next week, or next month—you could be missing vital security patches.
Instead of putting it off, run operating system and application updates whenever you get notifications. If you aren’t getting notifications, proactively check to see if updates are available.
Remember that a cybersecurity breach can affect not just you, but also the people around you. Online safety is a shared responsibility. Taking even a few of the steps outlined here can help you do your part.