In today's interconnected world, digital technology has become an integral part of our daily lives. From the convenience of public Wi-Fi networks to the everyday use of emails and the constant threat of new security challenges like ransomware, the need for online safety has never been greater. This webpage, divided into three informative parts, equips you with the knowledge and tools to navigate the digital landscape securely. In Part 1, we delve into password and MFA tips. Part 2, we talk about the risks associated with unsecured Wi-Fi networks and provide valuable insights for higher education institutions. Part 3 offers essential email safety tips that everyone should know, ensuring that your inbox remains a secure communication channel. Lastly, in Part 4, we explore the alarming world of ransomware and provide insights on how to safeguard your digital assets. Join us on this journey to enhance your digital safety and protect your online presence.
Strategies for Robust Password Security
- Utilize Lengthy Passwords: Employ passwords with a minimum of 12 characters. The length of your password significantly bolsters your digital defense, elongating the time it takes for cybercriminals to breach your accounts.
- Complexity Matters: Craft intricate passwords by blending uppercase and lowercase letters, numbers, and special characters. Avoid single words or easily accessible information from social media. The goal is to create unique, complex passwords that are formidable barriers for cybercriminals. For instance: "m#P52s@ap$V" or "ILm3p@G&P!32" for "I Love my 3 pets Alfred, Gary, & Peyton!32."
- Avoid Password Reuse: Never reuse passwords, regardless of their complexity and length. Recycling passwords, even strong ones, poses a considerable risk. If a password is compromised, it could lead to the compromise of other accounts containing more sensitive data.
Elevate Your Security Game
Embrace MFA: Also known as Two-factor Authentication, it goes beyond the traditional username-password combo by requiring additional verification steps. Even if your password falls into the wrong hands, MFA acts as a robust second line of defense.
We strongly recommend enabling MFA across all eligible accounts, spanning banks, email, social media, and more.
- Password Managers: Managing an array of complex passwords can be overwhelming. Password managers provide a secure solution for storing and generating unique passwords for each account. To find the right fit, consider comparing various password managers using trusted sources like Consumer Report, PC Mag, CNET, and Tom's Guide.
- Steer Clear of Common Passwords: Avoid cliché and easily guessable passwords like "123456," "password," "qwerty," and others. Opt for uniqueness and complexity to fortify your defense.
MFA at CSULB
In addition to the above password security strategies, CSULB has been utilizing Multi-Factor Authentication (MFA) for over two years. We've observed the substantial benefits of this extra layer of account security for our campus community. Nevertheless, there's always room for improvement. Below, we present four key tips to further fortify your accounts:
- Authenticator App: Use Microsoft Authenticator app for Android and iOS phones. Authenticator apps are more secure than SMS or phone calls, and they provide additional features, such as viewing your recent login activity. Learn how to change and manage your MFA login methods and devices.
- Deny Unexpected 2nd Factor Requests: Be vigilant about authentication notifications. If you receive a second-factor request for an unrecognized or unauthorized login attempt, refrain from approving it.
- Backup Plan: Have a backup plan in the event your device is replaced, lost, or stolen. Register more than one device and phone number. Learn how to manage and change your default MFA login methods.
- "Passwordless" and Location Features: Explore advanced MFA enhancements, such as "passwordless login" and location verification, for added security.
In today's digital age, internet access is an essential part of our daily lives. The convenience of public Wi-Fi in places like coffee shops, airports, and libraries is undeniable. However, this convenience comes with a significant responsibility, as public Wi-Fi networks can be hotspots for cyber threats, putting your personal information at risk. In this article, we'll explore the potential risks of unsecured Wi-Fi networks and provide essential tips to help you stay protected, especially in the context of higher education.
The Risks of Unsecured Wi-Fi Networks
When connecting to public Wi-Fi, it's crucial to be aware of the potential risks. Here are some of the dangers associated with unsecured Wi-Fi networks:
- Unauthorized Access: Without the proper security measures, hackers can gain access to your device or the information transmitted over the network.
- Data Interception: Cybercriminals can intercept the data you send and receive, potentially exposing sensitive information.
- Malware Distribution: Public Wi-Fi networks can serve as a breeding ground for malware, which can infect your device and compromise your data.
- Phishing Attacks: Hackers can create fake Wi-Fi networks that mimic legitimate ones, leading you to unknowingly connect to a malicious network.
- Man-in-the-Middle Attacks: In these attacks, cybercriminals position themselves between you and the target server, intercepting data and potentially altering it.
- Eavesdropping: Your online activities, including login credentials, browsing history, and location data, can be monitored by malicious actors.
Protecting Yourself on Public Wi-Fi
As students and faculty in higher education institutions, it's essential to take precautions when using public Wi-Fi to safeguard your personal information and sensitive data. Here are some key steps to protect yourself:
- Avoid Accessing Sensitive Information: Limit the use of public Wi-Fi for activities that don't involve sensitive data, such as online shopping or accessing personal emails.
- Check for 'HTTPS': Before entering any login details or personal information, ensure that the website's URL starts with 'HTTPS' and displays a padlock symbol in the address bar.
- Utilize Antivirus Software: Keep your device protected by using reliable antivirus software to detect and remove malware.
- Use a VPN: A Virtual Private Network (VPN) can create a secure and encrypted connection, ensuring your data remains confidential, even on unsecured networks.
- Log Out of Personal Accounts: Always log out of your personal accounts when you're done using them on public Wi-Fi networks.
- Educate Yourself: Stay informed about the latest cybersecurity threats and best practices, ensuring you're up to date with the latest protection strategies.
Additional Tips for Higher Education
Considering the unique circumstances of higher education institutions, here are some specific recommendations to keep your campus network and personal data secure:
- Use Multi-Factor Authentication: Whenever possible, enable multi-factor authentication for your online accounts. This extra layer of security, such as receiving a text message with a PIN, can significantly enhance your protection.
- Avoid Public Wi-Fi for Sensitive Activities: Refrain from using public Wi-Fi, such as those in airports or coffee shops, for accessing confidential information. Treat these areas as potentially compromised and use them for less sensitive online activities.
- Regularly Monitor Your Financial Statements: Keep a close eye on your campus credit card and bank statements. Any discrepancies could be indicators of account breaches. If you notice any irregularities, report them immediately.
Five Email Safety Tips Everyone Should Know
- Don't Open Unexpected or Mysterious Attachments: Viruses are often sent through email attachments.
- Avoid clicking on unexpected or mysterious links in the body of an email message: Some links may take you to sites that you don't intend on visiting. Unless you are confident about the legitimacy of the email and recipient, it is safer to copy and paste the link in a separate browser, since it is not directly connected to your personal email account.
- Use Spam Filters: Often, email programs already have safeguards in place to prevent unsolicited email or spam from reaching your inbox. Be sure to allow your email program to work for you by checking your Email options to ensure that spam filtering is turned on. When you do receive unwanted email, you can also mark those emails as “junk” or “spam” to stop receiving these unwanted emails.
- Beware of Phishing: Phishing emails are attempts by thieves to lure you into providing personal information for their profit. Learn more about Phishing and view ongoing reports of phishing threats reported by campus employees.
- Don't Send Sensitive Data in Email: When you send a sensitive information in an email, you don't have control over how the information is shared thereafter.
See the latest Phishing threats reported by campus employees.
Ransomware - New Computer Security Threat
A new security threat has been infecting computers, on and off campus, called Ransomware.
Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion) while some may simply lock the system and display messages intended to coax the user into paying.
Incidents of ransomware have grown globally, with reports across the CSU and on our campus. Most malware is removed by security tools before it can infect our campus, however the open nature of our academic environment makes it impossible to protect against all possible vulnerabilities.
Ransomware is typically installed when users open a malicious email attachment, a malicious link in an email attachment or instant message, or unknowingly open malicious links on social networking sites or other websites.
If you fall victim to ransomware:
- Do NOT pay the “ransom” or attempt to contact the ransomware creator.
- Immediately disconnect your computer from the wired or wireless network, to help avoid your computer from infecting others on the network.
- Contact your local technical coordinator for assistance.
Be aware that in order to remove the ransomware your campus-issued computer may need to be completely wiped and re-installed to remove the malware, which means you may lose important work saved to your computer.
If it is your personally owned computer that is locked by ransomware, you may need to seek the assistance of a professional computer technician to wipe/reformat your computer, in which case you may lose your personal files and data.
As a precaution, you may find it worthwhile to read and print out this IT Knowledge Base article to learn about 10 Steps for Removing Ransomware.
The following tips can help protect you against ransomware and other malware:
- Keep all of the software on your computer up to date.
- Don’t open spam email messages or click links on suspicious websites. You may visit the campus Phishing Reports page to confirm current known phishing attempts. You may also forward suspicious mail to email@example.com.
- Use a reputable antivirus and anti-malware program, and keep it up to date.
- Minimize storing important work on your computer’s local hard drive, or store it on campus provided file shares which are secured and backed up on a regular basis. ITS is actively deploying 2 gigabytes of individual, centrally supported storage to every faculty and staff member on campus.
- For personally owned computers, make frequent backups of your important files.
- Feel free to contact ITS-servicemanagement@csulb for any additional questions or help regarding IT security on campus.