By Emily Rushton, communications specialist, University Information Technology
We all do it – we check our bank accounts, pay bills or access other sensitive information online. We assume a general level of security protects us, like a password-protected Internet connection. But have you ever stopped to think, “How secure am I really?”
The fact of the matter is this: No one is immune to cyber threats.
That’s why University Information Technology, UIT, is participating in this year’s National Cyber Security Awareness Month (NCSAM) campaign. It’s everyone’s responsibility to behave safely and responsibly online, and UIT wants to help you learn how.
National Cyber Security Awareness Month was started when several national agencies, including the Department of Homeland Security and the Computer Emergency Response Team, decided to have an annual campaign where local organizations could look at the national information security themes and then develop their own campaigns.
“This October at the U, we’re focusing on issues like social engineering and phishing attacks, as well as cloud computing and storage, which are becoming more important,” said Dan Bowden, chief information security officer at the U.
The campaign will span four weeks and cover multiple topics, including the new university information security regulations as well as information security survival skills for students.
“Especially around the start of school, I get reports of students being targeted through social engineering attacks,” Bowden said. “Students should learn how they can protect their own privacy and identity to help prevent phishing and social engineering.”
For example, a culprit might obtain a student’s phone number from the online campus directory and will call the student claiming to be a member of law enforcement or a government agency, such as the IRS or FBI. The culprit might threaten legal action if the student doesn’t pay what he or she supposedly owes.
“It happens more often than you would think,” Bowden said. “Students can help protect themselves from social engineering attempts like these by logging in to CIS and changing the settings for what information is available to the public.”
If these incidents happen, students should contact the U’s Information Security Office so it can gather information for law enforcement.
Phishing is yet another way your information (or money) can be stolen. To combat culprits stealing users’ credentials, the U is implementing two-factor authentication, or 2FA, which requires users to authenticate their identity via two separate factors, one of which isn’t a password. 2FA is currently in the pilot stage, but will eventually be available university-wide.
“It’s just really easy to guess passwords, especially when you have people whose full time jobs are attempting to get past those passwords,” said Rachael Sheedy, senior business analyst for UIT’s Identity and Access Management group within the Information Security Office.
The enhanced security means that even if hackers manage to obtain a user’s credentials, the information is useless without access to their secondary authentication device.
“It’s not foolproof,” said Sheedy. “But it’s so much better than just using a password.”
2FA is just one example of the many proactive ways you can avoid threats to your online security. UIT will cover that and much more over the next four weeks and encourages all students, faculty and staff to check the campaign homepage each week for new information and tips.
“The Information Security Office wants to support the critical missions of the university—enabling the business, academic, research and clinical sides to all move forward while the university’s information assets are protected,” Bowden said. “We’re eager to engage and support everyone at the U. Give us a call through the UIT Help Desk anytime.”
To reach the UIT Help Desk, call 801-581-4000, and choose option one.