Action Step: Use Strong Passwords and a Password Manager.
You should use a unique password for each application, website, or service for which you have an account. If you share passwords between sites and services, your password, and therefore your data, is only as safe as the weakest site or service.
Each of these passwords should be long and strong. Long passwords are mathematically more secure than short complex passwords. Consider using passphrases — short sentences — rather than passwords.
A password manager will help you keep track of all of these long, complex passwords. Security professionals agree that the benefits of using a password manager outweigh the risks.
I use and can strongly recommend LastPass. However, there are other reputable vendors in this space including Dashlane, 1Password, and Keypass.
More information is available about passwords and password managers.
Phishing Simulation.
During the third week of October, we will conduct a phishing exercise, sending a simulated phishing message to all faculty and staff. This is not a gotcha exercise, but an opportunity to learn.
We encourage you to discuss and even warn your colleagues if you spot the phish because this is exactly what we want everyone to do with real phishing messages.
Also, report the phishing message in the same way as you would report an actual phishing message — use the “Report phishing” feature in Gmail. For more detail on how to report phishing, check out 1 Minute on How to Report Phishing.
Get Trained.
October is when we publish new web-based cybersecurity training for faculty, staff, and students. This training is required annually for ALL faculty and staff. Students are welcome to check it out, too. The course covers a variety of current cybersecurity issues. There are also various elective topics–some are presented in a fun, gamified format.
Cybersecurity Annual Training for Employees 2022-2023
Student Cybersecurity Training
Save the Date for Virtual Town Hall
Mark your calendar. I’ll be hosting a cybersecurity town hall– an informal informational session with Q&A. I’ll describe the current state of the higher education cyberthreat and the steps you can take to keep the campus and your own digital life secure. There will be ample time for discussion.
Save the Date: Noon, Monday, October 31, 2022.
Cybersecurity is everyone’s job. Be safe out there and, if you ever have any questions, don’t hesitate to contact me or the Helpdesk.