Security Awareness: Four Steps to Stay Safe Online

Introduction

Making the most of technology safely and securely can seem overwhelming and confusing. However, regardless of what technology you are using or how you are using it, here are four steps that will help you stay secure.

1. Think Before You Click

Technology alone cannot fully protect you; you are your best defense. Attackers have learned that the easiest way to get what they want is to target you rather than your computer or other devices. If they want your password, credit card, or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency and by impostoring someone legitimate. 

Impostoring is a common tactic:
  • Someone might call you pretending to be Microsoft tech support and claim that your computer is infected when in reality they are just cyber criminals who want you to give them access to your computer. Website advertising networks are compromised also and might create a pop-up telling you to call a phone number for this "support".  No one will ever tell you to call them to receive computer support without you initiating this request.
  • You may receive a message from someone pretending to be Fedex or UPS indicating a package could not be delivered.  If you click a link to "confirm your mailing address" you *must* confirm the website domain to make certain you are on a valid website. If you are in doubt, find the service provider's legitimate site and verify this type of request via the *known* website.

Ultimately, the greatest defense against attackers is you. By verifying the identity of an attacker, often by the email sender domain or website domain, you can spot and stop many attacks.

2. Use Passphrases and Two-Step Verification

 A passphrase is a type of password that uses a series of words, such as honey bee bourbon rain, that is easy to remember and meets the specified minimum number of characters, capital letters, and numbers.  

  • Use a passphrase for your university account. 
  • The longer the passphrase the stronger it is as long as it is easy to remember.
  • Applying passphrases to your personal cyber accounts is a wise thing to do as well.

Enable two-step verification (also called two-factor or multi-factor authentication) is one of the most important steps you can take to protect your online accounts. It uses your password but also adds a second step, such as entering a code sent to your smartphone or from an app that generates the code for you. 

  • Enabling two-step verification may be easier than you may think.
  • Required for ISU faculty and staff access to your Office 365 system.  
  • As with strong passwords and passphrases, applying MFA to your personal resources is beneficial.  

3. Secure your Devices and Applications

Make sure your computers, mobile devices, programs,  are running the latest version of the installed software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing the vulnerabilities by releasing updates. 

  • Keep devices with you or stored in a secure location when not in use.
  • Lock your computer when you walk away to prevent unauthorized use.  (Family and friends should not use your ISU issued devices) 
  • Connect to a secure network or use the ISU Virtual Private Network (VPN).
  • Use ISU supported applications for university business.
  • Keep applications used on devices connected to a network updated, including: 
    • Internet-connected TVs
    • baby monitors
    • security cameras
    • home routers
    • gaming consoles and even your car
    • Stay current by enabling automatic updating whenever possible. 

 

4. Backup your Information

No matter how careful you are, you still may be hacked. If that is the case, often the only way to restore all of your personal information is to recover it from your backup. 

  • Make a regular backup of any important information and verify that you can restore your data from them. 
  • Most operating systems and mobile devices support automatic backups, either to external drives or to the cloud.  
  • Storing your ISU resources and information on a network drive (L:Drive) or in OneDrive ensures your data is backed up. 
  • USB drives are not to be used for Student Data, or any Restricted or Highly Restricted Data.

The Data stored on your ISU computer local hard drive and is not backed up by OIT and is not recommended for storing important information.

See related articles for more information

100% helpful - 5 reviews
Print Article

Related Articles (4)

This article will assist anyone required to set up Office 365 Multi-Factor Authentication to access Office 365 resources. This article is for faculty, staff and student employees required to use Office 365 Multi-Factor Authentication.
This article will provide answers to frequently asked questions about Office 365 multi-factor authentication. The target audience is faculty, staff, student-employees.
This article will provide general information about Microsoft Office 365 Multi-Factor Authentication (MFA) for faculty, staff and student employees.
This article will provide the operational requirements for handling data according to Indiana State Universities policy for data security and management as defined in the University Handbook section 932.

Related Services / Offerings (1)

Use this service to report any type of security issue with ISU owned devices or ISU faculty, student, or staff personal/private information.