Cybersecurity Awareness is Everyone’s Responsibility
The University of Louisville is a Cybersecurity Awareness Champion school. By learning about information security and making simple changes to how we connect, work and learn online, the UofL community can work together to better protect our data and privacy. Information listed below is from the National Cybersecurity Alliance and their STOP. THINK. CONNECT. campaign. ITS thanks the Information Security Office for partnering to promote a safer, more secure digital presence at UofL.
Tips and Tools
- Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes clicking links sent in email, especially if you do not recognize the sender’s email (not just their signature).
- Before sending or entering sensitive information online, check the security of the website. Should you send an encrypted email? Can you multi or two-factor for added security?
- Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). Is it a https:// address? Is there a lock icon for verified security?
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the person or company using information provided personally or on an account statement. Do not rely just on information provided in the email.
- Keep a clean machine. Keep all operating systems and software on internet-connected devices – including desktops, laptops, smartphones and tablets – up to date to reduce risk of infection from malware.
- Use a secure Wi-Fi. Using public Wi-Fi to shop online while at your favorite coffee shop is tremendously convenient, but it is not cyber safe. Don’t make purchases via public Wi-Fi; instead use a Virtual Private Network (VPN) or your phone as a hotspot. On UofL campuses , use our Eduroam or ULsecure wireless options for best encryption of data.
- When in doubt, throw it out! Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, it’s best to delete or – if appropriate – mark it as junk or phishing using your Report feature.
- Think before you act. Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information. Often these emails are simple, looking like a quick ask from a supervisor – always check the email address or text source.
- Make your passphrase a sentence or statement. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. Try using a number or symbol in place of a letter – for example, I<3rockmusic
- Unique account, unique passphrase. Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases. Know the details for secure UofL passwords.
- Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses. Use your Report feature for received phishes to block future attempts.
- Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out! Links in online ads, status updates, tweets and other posts are often bait wishing (smishing) you’ll bite with a click.
- Think before you click! Beware of ads encouraging users to click on links. If you receive an enticing offer, do not click on the link. Instead, go directly to the company’s website to verify the offer is legitimate.
- Spyware can download itself onto your device without your permission (typically when you visit an unsafe website or open an attachment). It can make your computer do things you don’t want it to do, such as opening an advertisement you didn’t want to see. In the worst cases, spyware can track your online movements, steal your passphrases and/or compromise your accounts.
- Botnets are networks of computers infected by malware (such as computer viruses, key loggers and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.
- Many botnets are designed to harvest data, such as passphrases, Social Security numbers, credit card numbers, addresses, telephone numbers and other personal information. The data is then used for nefarious purposes, such as identity theft, credit card fraud, spamming (sending junk email), website attacks and malware distribution.
- Keep security software current. Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats. Need help with this? Contact our ITS HelpDesk.
- When in doubt, throw it out! Links in email, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
- Protect all devices that connect to the internet. Enabling automatic WiFi connections puts you at risk with portable devices. Along with computers, smartphones, gaming systems and other internet-enabled devices also need protection from viruses and malware.
- Plug & scan. Is that your external drive? USBs and other external devices can be infected by viruses and malware. When you plug in a new device or someone else’s jump drive, use your security software to scan them.