Responsible Digital Security Practices for Maryville Students and Faculty
“There is no single answer to make your world secure,” says Eric Meadows, a cloud cybersecurity expert at Check Point Software Technologies. However, there are many helpful steps you can take to limit your risk. Share these tips, and use them yourself, to help keep private information away from prying hands.
• Choose security questions carefully
• Enable two-factor authentication
• Don’t share your private information over the phone
• Keep unfamiliar objects out of your computer
• Install and update anti-virus software
• Cover your webcam
• Know the dangers of social media
- Use Different, Strong Passwords
Using a different password for each site or service can help prevent one data breach from putting the rest of your accounts at risk. It’s also important to use strong passwords, such as a random series of letters, numbers and symbols. Short passwords, particularly those with common words or names, may be easier to crack.
Rather than trying to remember or write down dozens of complex passwords, you can use a password management service to create and store unique passwords for you. All you’ll need to do is remember one master password for the service.
But even if you have an especially strong password, Meadows cautions students not to access online bank accounts or financial sites on public computers. Doing so could compromise your password because the computers “are not secure,” Meadows says, “and you may leave your credentials behind for anyone’s use.”
- Choose Security Questions Carefully
Ever have to answer a security question to confirm your identity or reset a password? While you may think your high school mascot or favorite movie are impossible to guess, a persistent attacker might be able to find that information on your social media accounts. Try to choose questions that don’t have publicly available answers and, when possible, pick different security questions for each service. Another option is to use a false, and easy-to-remember, answer to common security questions. For example, you could always use a grandparent’s first name when prompted to enter your mother’s maiden name.
- Enable Two-Factor Authentication
Two-factor authentication adds an extra layer of security to your account and ensures a password alone won’t give someone access. When offered and enabled, the system will prompt anyone logging in from an unrecognized device to enter a password and a second security code, which is often sent to the account holder’s phone or email. Unless someone knows your password and has access to your phone or email, they won’t be able to get into your account.
- Don’t Share Your Private Information Over the Phone
Be careful about sharing personal information over the phone, particularly when someone calls you. The person on the other end might pretend to work for a bank, your university or the Internal Revenue Service (IRS) and ask for your information to “verify your account.” Sometimes the caller tries to create a false sense of urgency by saying your account is in danger or threatening you with a lawsuit. Only share personal information when you initiate the call and be cautious about what you share even when that’s the case. Also remember that many large organizations will never ask for your password over the phone, by email, text or in person. “Security extends beyond the laptop,” Meadows says. “You should always consider what you connect to with your mobile devices, and insure they are protected as well.” For example, open WiFi networks may not be secure, and you could inadvertently share information when you log into accounts from your phone or tablet.
- Keep Unfamiliar Objects Out of Your Computer
A hacker could load USB thumb drives or CDs with malicious software that can take over your computer. Someone could even order drives and discs with the school’s logo and scatter them around campus, waiting for an unsuspecting student to pick one up. In short, only put something into your computer if you know where it came from and trust the source.
- Install and Update Anti-Virus Software
Anti-virus software can help protect your computer from attacks while detecting and removing those that sneak through. It’s important to keep anti-virus software installed and up to date on all of your computers. There are options for even the most frugal college student. Several companies offer free anti-virus software online and some schools have free options for enrolled students. “For additional protection, subscribe to a reputable virtual private network (VPN) to ensure your communications online are secure and encrypted,” Meadows says. VPNs create a secure connection between your device and a remote server, which can make it difficult for someone to snoop on you while you’re online. This may be especially important if you’re working on an open WiFi network around campus or at a local coffee shop.
It is critical that you keep your operating system updated to the latest version. In particular, you should always install the latest security patches. Turn on automatic updates for your laptop and smartphone. Use secure Web browsers such as Chrome, Firefox, or Brave that receive frequent security updates.
- Cover Your Webcam
Covering your webcam with a piece of paper, tape or sticker is an easy way to prevent potential exploitation. Hackers who successfully take control of a computer might be able to activate the webcam while keeping the indicator light off. They could then record whatever the webcam sees and then use or sell the information they gather or blackmail the owner with a threat to release videos.
- Know the Dangers of Social Media
Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data. In addition, be wary of “social engineering” where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say “No!” You can always call the company directly to verify credentials before giving out any information.
- Avoid Being a Victim to Phishing Scams
Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link is pointing to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain. Cyberthieves don’t just phish with email. They use websites as bait, too. One common website scam is to buy a domain name similar to a popular one so you can trick people into visiting it. (Example: reddit.com and reddit.co). If you’re not sure an email or website represents a legitimate online company, look up its email sender score.
- Phishing Mailbox
Other tips to void phishing scams:
- Suspicious links
Don’t ever sign into your accounts by following a link in an email. Your bank will never ask you to do that. Before clicking any email link, check to see if it’s taking you to the right URL. Hover your cursor over the link and check the lower left-hand corner of your browser to see the address. If they’re different, be extremely cautious. To check a URL on a smartphone, long press the link and a window will open to reveal the address. - Bad logos
If you suspect a phishing email, go over the company’s branding. Do the logos look legit? Are they bad quality versions? Does the font match? Pro Tip: Screen capture authentic emails from your account holders so you can compare them to suspected phishing emails later. - Body image
To bypass spam filters, cyberthieves make the body of their phishing emails from images rather than text files.