October is National Cybersecurity Awareness Month (NCSAM), and the Washington University Office of Information Security is joining in the conversation with a slate of events and talks focused on ensuring the security of data on our campus and beyond. In the digital era, we are continuously confronted with challenges to our privacy as well as that of our students and patients. To meet these challenges, we must all work together to create a holistic approach to securing our data and systems. Our collective security depends on the ongoing awareness and effort of all who use our systems and technology. Throughout the upcoming month of events, you will learn how to take an active role in protecting yourself and in protecting the security of our community at large.
This year’s NCSAM theme is “Own IT. Secure IT. Protect IT.” By ‘Owning IT,’ you will take control of your privacy by using smart strategies as you engage online and through various apps. In ‘Securing IT,’ you will ensure that that your privacy is protected by developing a strong password strategy and knowing how to properly store and delete sensitive files. To create a secure environment at WashU, everyone using our systems must strive to avoid breaches, because a single event can cascade throughout our community. We’re all in this together. Finally, to ‘Protect IT,’ users can be sure to update their security software, web browser, and operating systems. In addition, as stewards of the data we collect, we must work together to protect this information from non-authorized parties. If we collect it, we must protect it.
Ensuring the security and privacy of the data collected, generated, and transmitted on our systems is the top priority of the Office of Information Security, but we can’t do it alone. We strive to foster a community of empowered and knowledgeable users, who will work together to protect themselves and the WashU community. Please join us in these efforts by participating in National Cybersecurity Awareness Month!
- Be up to date. Keep your software updated to the latest version available.
- Keep it locked. Lock your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or misuse your information. Set your devices to lock after a short time and use strong PINs and passwords.
- Double your login protection. By using 2FA, you are protecting your information and institution information.
- Guard your mobile device. To prevent theft and unauthorized access or loss of sensitive information, never leave your equipment—including any USB or external storage devices—unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.
- Shake up your password protocol. You should use the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach.
- Never click and tell. Limit what information you post on social media—from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all that criminals need to know to target you, your loved ones, and your physical belongings—online and in the real world.
- Update your privacy settings. Set the privacy and security settings to your comfort level for information sharing. Disable geotagging, which allows anyone to see where you are—and where you aren’t—at any given time.
- Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
- Treat business information as personal information. Business information typically includes a mix of personal and proprietary data. While you may think of trade secrets and company credit accounts, it also includes employee personally identifiable information (PII) through tax forms and payroll accounts. Do not share PII with unknown parties or over unsecured networks.
- It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure.
- Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform.
- Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, contact InfoSec.
- Imposter scams. They occur when you receive an email or call from a person claiming to be a government official, family member, or friend requesting personal or financial information. For example, an imposter may contact you from the Social Security Administration informing you that your Social Security number (SSN) has been suspended, in hopes you will reveal your SSN or pay to have it reactivated.
- Identity theft. It is the illegal acquisition and use of someone else’s personal information to obtain money or credit. Signs of identity theft include bills for products or services you did not purchase, suspicious charges on your credit cards, or new accounts opened in your name that you did not authorize.
- If you connect, you must protect. Whether it’s your computer, smartphone, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you’re putting something into your device, such as a USB for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software and be sure to periodically back up any data that cannot be recreated such as photos or personal documents.
- Keep tabs on your apps. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.