University Technology

National Cybersecurity Awareness Month – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

This year’s campaign theme — “See Yourself in Cyber” — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future. We encourage each of you to engage in this year’s efforts by sharing this messaging with your peers.

Each week throughout October is focused on a different cybersecurity behavior.  WIU’s University Technology (uTech) will be promoting the weekly NCSAM tipcs and topics by means of this website, the weekly Monday morning announcement emails, and our Facebook & Twitter feeds.  

Visit this page throughout the month of October for updated information on that week's Cyber Security topic!

October 25-28: Recognizing and reporting phishing

Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.

No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.  

See it so you don’t click it.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit. Here are some quick tips on how to clearly spot a phishing email:  

  • Does it contain an offer that’s too good to be true?  
  • Does it include language that’s urgent, alarming, or threatening?  
  • Is it poorly crafted writing riddled with misspellings and bad grammar? 
  • Is the greeting ambiguous or very generic?  
  • Does it include requests to send personal information? 
  • Does it stress an urgency to click on an unfamiliar hyperlinks or attachment? 
  • Is it a strange or abrupt business request? 
  • Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com. 
Uh oh! I see a phishing email. What do I do?

Don’t worry, you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition.  

If the email came to your work email address, report it to your manager and uTech as quickly as possible.  

If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. Remember, DON’T CLICK ON LINKS, JUST DELETE.  

You can take your protection a step further and block the sending address from your email program:

Report phishing.

Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly. If the phishing message came to your WIU email, let uTech know about the situation ASAP:

  • Forward the phish to phishing-report@wiu.edu
  • Report the phish on Gmail. 

You can report a phishing attempt to the Cybersecurity and Infrastructure Security Agency (CISA) here: https://www.cisa.gov/uscert/report-phishing

Another great resource is the Anti-Phishing Working Group (APWG), which collects an immense amount of data about phishing attempts. You can send a report to APWG, which adds to their database, all with the goal of helping to stop phishing and fraud in the future.  

October 17-21: Updating software

One of the easiest ways to keep your information secure is to keep your software and apps updated.

Update often.

Always keep your software updated when updates becomes available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

Get it from the source.

When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.

Make it automatic.

Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.

Watch for fakes!

Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured or it could contain malware.

October 10-14: Using strong passwords and a password manager

Passwords are the keys to your digital castle. Just like your housekeys, you want to do everything you can to keep your passwords safe.

Creating, storing and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches. Also, it has never been easier to maintain your passwords with free, simple-to-use password managers. With a few moments of forethought today, you can stay safe online for years to come.

Long, Unique, Complex

No matter what accounts they protect, all passwords should be created with these three guiding principles in mind:

  • Long – Every one of your passwords should be at least 12 characters long.
  • Unique – Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end – to really trick up hackers, none of your passwords should look alike.
  • Complex – Each unique password should be a combination of upper case letters, lower case letters, numbers and special characters (like >,!?). Again, remember each password should be at least 12 characters long. Some websites and apps will even let you include spaces.
How Often Do I Change My Passwords?

If your password is long, unique and complex, the recommendation is that you don’t need to ever change it unless you become aware that an unauthorized person is accessing that account, or the password was compromised in a data breach.

This recommendation is backed up by the latest guidance from the National Institute of Standards and Technology. For many years, cybersecurity experts told us to change our passwords every few months. However, this constant change isn’t helpful if your passwords are each long, unique and complex. In fact, if you change your passwords often, you risk reusing old passwords or falling into bad habits of creating similar or weak passwords.

But Remembering Passwords is Hard!

We agree! You probably have a lot of online accounts. And because all your passwords should be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe. There are many free and easy-to-use tools out today that makes managing your library of unique passwords a snap.

Today, the truth is that you don’t have to remember your passwords. If you use the latest tools, you don’t need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.

If you do only one thing this week - look into password managers and set one up for yourself!

October 3-7: Multi-Factor Authentication

Also known as two-factor authentication and two-step verification. No matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.

How does MFA work?

By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app. 

MFA can include
  • A extra PIN (personal identification number)
  • The answer to an extra security question like, “What’s your favorite pet’s name?”
  • An additional code either emailed to an account or texted to a mobile number
  • A biometric identifier like facial recognition or a fingerprint
  • A unique number generated by an “Authenticator App”
  • A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
What type of accounts offer MFA?

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. So, basically everything. Simply put, use MFA everywhere!

Some individuals at Western Illinois University will start seeing MFA-enabled accounts this semester - University Technology is hard at work behind the scenes.  More details will be shared on this initiative as soon as we are able!

Follow uTech on Facebook or Twitter for daily updates during NCSAM.

uTech | WIU