October is Cybersecurity Awareness Month, a nationwide effort to help individuals protect themselves online as threats to technology and confidential data become more commonplace. Information Technology Services encourages the university community to follow a few best practices to improve their cybersecurity.
Think Before You Click: Recognizing and Reporting Phishing
If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware. If you receive an unexpected email in which the link or attachment seems a little off, you do not recognize the email sender, or the message includes an unusual request – especially with a threat or a sense of urgency – report the message to ITS by clicking the “Report Phish” button in the Outlook client or in your Outlook Web Access.
Use Strong Passwords and a Password Manager
Use passwords that are long, unique and randomly generated. Use password managers to generate remember different, complex passwords for each of your accounts. A password manager will also encrypt passwords, securing them for you.
Update Software
Having the latest security software, web browser and operating system on devices is one of the best defenses against online threats. So don’t delay – If you see a software update notification, act promptly.
Avoid Multi-Factor Authentication Fatigue
Multi-factor authentication, or MFA, is a way to add extra security to your accounts, devices, data and systems by requiring you to identify yourself with two or more pieces of information to gain access. But attackers can use a method called “MFA fatigue attacks” to bypass this security. They spam the victim with MFA push notifications, hoping that the victim will eventually “fatigue” and give in, granting access to their accounts and devices. To prevent a MFA fatigue attack, don’t approve an authentication request when you are not actually trying to login in. And if you receive a sudden flood of calls, texts or emails from a suspicious source, do not respond to them. And if you do receive a fraudulent Duo push notification, be sure to change your password to ensure that your account is protected.