Campus & Community
The digital realm is riddled with email and phishing scams, hoaxes, fake websites, spam and sundry schemes that hackers and identity thieves conjure up to trick people into revealing bank account and credit card numbers, Social Security numbers and other confidential information. Information Technology Services (ITS) wants to help the Orange community be aware of best practices around safe computing. With that in mind, the start of a new semester is a good time to brush up on information security do’s and don’ts. Here are five tips from the ITS Information Security team.
-
01
Learn How to Spot Phishing Emails and How to Report Them
Phishing emails are a common tactic used by cybercriminals to steal information. Unexpected emails from unknown senders that ask for personal information are big red flags. Be wary of these types of emails, especially if there is a sense of urgency or unfamiliar links or attachments. As a rule, you should always avoid clicking unknown links unless you are sure they are from a trusted source. If you receive a suspected phishing email, you should report them by forwarding them to itsecurity@syr.edu and by using the “Report Phishing” option within Outlook. It’s important to report emails to help better protect you and the University community. You also can visit the ITS Phish Bowl for examples of recent phishing emails.
-
02
Clean up Your Account Passwords
Ideally, all of your passwords should be different from other accounts. Passwords with long memorable phrases or song lyrics with numbers and special characters are good starting points to making a complex password. It’s easy to use the same passwords for our accounts, but if your password is leaked, it can lead to the hacking of multiple accounts, instead of just one. Keep your password to yourself and never share your passwords with others. Syracuse University staff will never ask or need your password to help you. Password managers like Bitwarden, Keychain (Apple) or Keepass can help by keeping track and monitoring your passwords. Password managers can also help recommend strong passwords, alert you to passwords that have appeared in data leaks and flag passwords that are used too frequently.
-
03
Enable Multi-Factor Authentication
Multi-factor authentication (MFA) is an added layer of security that requires a second form of verification to access your accounts in addition to your password. An MFA can be a code or log-in approval request that is sent to your mobile device or email. It’s one more roadblock for someone else looking to get into your account. ITS recommends using Microsoft Authenticator as an MFA solution. A step-by-step guide to setting up MFA is available in Answers. Just like your password, you should never share your MFA codes with others. University staff will never ask for your code to help you.
-
04
Keep Software and Apps Updated
Many times, app updates will include security patches that address vulnerabilities. Running outdated software can leave your systems open to outsiders.
-
05
Cybersecurity is Contagious
Spread the word! Share the above tips with friends and family and help each other be safe online. Take initiative in your office and share these tips with others and become the go-to cyber safety officer. The more we talk about cybersecurity and the ways to protect ourselves, the safer the community will be.
Story by Andrew McClurg, IT analyst, and Jessica Houghtaling, communications specialist