Cybersecurity is a Team Sport
Cybersecurity is a shared responsibility, and the University of Chicago’s security efforts will only be successful when all members of the campus community understand the risks and take steps to avoid them. We offer the following tips to share with your colleagues as Cybersecurity Awareness Month activities wrap up this week. (Note: We encourage colleges to re-brand and re-share the content below and help us educate faculty, staff, and students.)
Basic Online Safety and Security Tips
“The Internet is a powerful and useful tool, but in the same way that you shouldn’t drive without buckling your seatbelt or ride a bike without a helmet, you shouldn’t venture online without taking some basic precautions.” This is an important reminder from the National Cyber Security Alliance that cybersecurity is everyone’s responsibility. Here are some tips to keep in mind as we work together to create a better, safer digital world for ourselves and the institution.
- Keep a clean machine. Having the latest security software, web browser, apps, and operating system is the best defense against viruses, malware, and other online threats. Remember – mobile phones, tablets, and watches need updating for security fixes, too!
- Lock down your login. Usernames and passwords are not enough to protect key accounts. Improve account security by enabling strong authentication tools such as biometrics or unique one-time codes sent through an app on your mobile device. This security feature is also available on personal accounts such as email, bank, and social media.
- Back it up. Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. Use a secure cloud storage option or a separate hard drive and make backup copies on a regular basis.
- When in doubt, throw it out. Whether at work or in your personal lives, never open suspicious links in email, tweets, posts, online ads, messages, or attachments – even if you know the source.
- Share with care. Think before posting about yourself and others online. Consider what a post reveals, who might see it, and how it could be perceived now and in the future.
- Own your online presence. To keep yourself safe, set privacy and security settings on web services, apps, and devices to your comfort level. You do not have to share everything with everyone. It is your choice to limit what (and with whom) you share personal information.
- Secure your Wi-Fi router. Set a strong passphrase (at least 12 characters long) for your Wi-Fi network. Name your network in a way that doesn’t let people know it’s your house.
- Use a password manager for all personal and work accounts. Don’t reuse the same password or variations of a simple phrase. In today’s environment, one of the best ways to create really strong, unique passwords or passphrases is to use a password manager. These tools will alleviate the burden of having to memorize all the different complex passwords you’ve created by managing them all in one “vault” and locking that vault with a single master password.
- Protect your devices. Using biometrics or six-digit passcodes on smartphones and tablets is critical to keeping curious minds from accessing personal information, work email, or banking applications. It also helps protect your device if you lose or misplace it.
- Bring Your Own Device (BYOD). Now more than ever, employees are using their personal smart devices – such as laptops, tablets, and smartphones – for work purposes. It’s important to consider where sensitive institutional data is being accessed and understand campus IT policies related to protecting devices.
Security Tips for Traveling at Home and Abroad
These days, no matter where you’re headed, being continuously connected is part of the travel plan. You might be working at the coffee shop down the street for the afternoon or going on vacation with your family. No matter where you’re traveling, we encourage you to stay cyber safe while away from home by following these simple practices to help keep your devices and personal information safe. (Source: National Cyber Security Alliance)
- Set up the “find my phone/device” feature on your devices. This setting will allow you to find your device and remotely wipe data or disable the device if it’s lost or stolen.
- Remember to be cautious when using a shared computer. Public computers in libraries, hotel lobbies, or internet cafes are convenient, but be careful when logging into an account like email. Always log out before you close the browser and leave the computer.
- Avoid accessing personal info or making purchases on public, unsecure Wi-Fi networks. Use a virtual private network (VPN) to check email or browse the internet more securely. Or wait to conduct personal business until you return home to a safe, secure network.
- Don’t leave devices unattended in public spaces. When on the go, make sure your devices are secure or with you at all times. If you’re at an airport or cafe, don’t ask a stranger to watch your device while you use the restroom or order another latte. If you’re staying in a hotel, the best thing to do is lock your devices in a safe.
- Actively manage location services on all devices. Location tools are helpful when navigating a new place, but they may expose your location in unexpected ways (even through photos). Turn off location services when not in use and limit the number of apps that have access to your location.
- Turn off Wi-Fi and Bluetooth to avoid automatic connections. Some stores and other locations search for devices with Wi-Fi or Bluetooth enabled to track your movements when you’re within range, so it’s best to disable the auto-connect features if you don’t need to use them.
Good Cyber Hygiene