Office of Technology Services
10 TIPS FOR
CYBERSECURITY
UWSUPER.EDU/TECHNOLOGY
When we talk about cybersecurity people often envision the Hollywood image of a lone wolf hacker, shrouded in the shadows, in front of a million pieces of data. In reality, a threat can be anywhere and look like anyone. It could be someone at a call center halfway around the world or someone sitting behind you in the coffee shop. The University of Wisconsin-Superior Technology Services team works hard to keep everyone at the school safe from cybersecurity threats, but we can't do it alone. By following tips like these you will be doing your part to keep yourself and our campus safe. Thank you!
1
ORGANIZE YOUR DIGITAL WORK
Make sure OneDrive is properly set up on your computer. All of your files on your computer should be connected to our secure cloud service, Microsoft OneDrive. OneDrive protects your files by automatically saving them to the cloud. We also backup what is on OneDrive twice daily. If your computer is damaged or lost and you haven't saved your files to the cloud, they may not be recoverable. For more information on setting up OneDrive visit: https://www.uwsuper.edu/technology/resources Note: Employees with highly sensitive data continue to use an alternative solution for that information to comply with best practices for data security.
2
DON'T USE PHYSICAL STORAGE
It is against university policy to use external storage including external hard drives and flash drives since they can contain malicious software (malware). If you happen upon a USB drive do not plug it into your computer. Contact the Technology Help Desk.
3
KEEP PASSWORDS SECRET
Technology Services will never ask you to disclose personal information such as your password, whether it be in person, on the phone, in emails, etc.
https://www.uwsuper.edu/technology/cybersecurity
BONUS TIP You may want to consider using a password manager. KeePass is a free password manager which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. Since passwords should not be shared, written down, or otherwise stored unencrypted this can be a helpful solution. Note: UWS cannot help you reset your password or master key if you forget it. KeePass is available through Software Center on staff computers.
4
BE AWARE OF SOCIAL ENGINEERING TACTICS
Social engineering attacks play on our emotions such as fear or urgency. Two of the most popular attacks are phishing and spear phishing. Phishing is when emails are sent out to a wide net of people. Spear phishing is when someone is being specifically targeted. For example, you could be targeted for your status at the university. Related to this is whaling, when a person high up in the organization is targeted.
When you check your email look for signs of phishing. Always check to make sure the sender's email address and links are correct. If in doubt, use your preferred search engine (Google, DuckDuckGo, etc.) to find the correct URL. Keep an eye out for spelling errors, awkward wording, and unusual greetings. Be suspicious of any unsolicited emails. Do not click on any links or attachments unless you are certain the email is legitimate. Scammers also target specific people (spear phishing) for their access to an organization such as the university. They will pose as someone connected to the organization such as an employee or vendor. They may even spoof an email address. They often research the website and organization chart to seem more credible. Sometimes the message will be short and vague such as "here is the information you requested" with a link or attachment. Remember to only click on links or attachments if you are confident it is real. One of the most popular tactics is to get you to purchase gift cards. There are many scams that are variations on this theme. Buying gift cards is like giving the scammer cash. Credit cards offer you more protection so scammers love getting gift cards.
ATTENTION: Always contact the Technology Help Desk if you think you may have been targeted or are a victim of an attack. Do not feel embarrassed if you think you have fallen for a scam. These strategies are common because many people fall for them. Report any suspicious activity to helpdesk@uwsuper.edu or call 715-394-8300.
5
ONLY FWD SUSPICIOUS EMAILS TO THE HELP DESK
Forward suspicious emails to helpdesk@uwsuper.edu, but never share them to anyone else. Sometimes people want to share their concern with their coworkers, family, or friends, but for each time it is forwarded there are more chances someone will not read close enough and fall into the trap. You also can report spam through a feature in Outlook. If you are interested in adding this ability contact the Help Desk.
BE CAREFUL CONNECTING TO WI-FI
6
When you are on campus and need to use wi-fi connect to uws-secure. If you do have issues connecting to uws-secure feel free to try connecting to eduroam.
ON CAMPUS
Free WI-FI can be convenient, but can also be dangerous so a VPN (virtual private network) is essential for employees working remotely. All employees that work remotely need to install our VPN client. Students or employees that are traveling to another university campus may be able to use eduroam. Eduroam is a secure connection that allows you to login with your university credentials at participating campuses. Note: Students may want to do their own research and invest in purchasing a VPN service if they are not using their own secured internet off campus.
7 OFF CAMPUS
8
KEEP YOUR SOFTWARE AND OPERATING SYSTEM UPDATED
Make sure you are staying updated. In order to prevent possible security issues, update to the latest operating system (OS) and software. Updates often include essential security patches. Consider setting up your devices to automatically update the apps (software) and OS. Technology Services manages updates for university devices.
9
SHARE LESS ON SOCIAL MEDIA
Get to know your privacy settings on social media, but also keep in mind how much you share in general. For instance, don't check in at locations while you are still there or tell everyone where you love to get lunch. This could lead to stalking, a cyber attack, or a physical attack. It is just not worth it. Don't share how funny your name would be if you combined the name of your first pet, the street you grew up on, and the make of your first car. These should sound familiar. Not only are they used commonly in these online games, but they also are security questions. Also, be cautious clicking on any links. For an extra layer of protection, create altered details about yourself for those security questions (as long as you can remember them). For example, if you don't have a pet you could select that as a security question and make up a name that only you would know.
BONUS TIP Does this website really need to know my birthday? Ask yourself this when setting up a new account online or when asked at a shop if you'd like to sign up for a special discount program. Just like it is recommended to create altered, but memorable, details for your security questions, it also is recommended to consider giving an incorrect birthday to protect from potential data breaches. Also, your birthday is sometimes used to help verify your identity when signing in. To help you remember, you can pick the birthday of a celebrity that only you would guess.
10
STAY INFORMED
One of the best ways to stay informed is to keep your eye out for communications coming from the UW-Superior Technology Services Team. Be sure to read our email newsletter in your university email for more tips and news that is important to you. When we send out short surveys please take the time to fill them out. Please reach out directly to the Technology Help Desk with any questions. You can email, call, or stop in!
TECHNOLOGY HELP DESK REGULAR HOURS 7:45 A.M. - 6:30 P.M. MONDAY - FRIDAY
BREAK/SUMMER HOURS 7:45 A.M. - 4:30 P.M. MONDAY - FRIDAY
TECHNOLOGY HELP DESK SWENSON HALL 2100 EMAIL: HELPDESK@UWSUPER.EDU PHONE: 715-394-8300