By Larrisa Beth Turner
With school back in session, University of Utah students, faculty, and staff are likely more connected to the internet and their devices than ever. And that means they — and the university — are more exposed to cyberthreats than ever.
With some simple steps, however, it’s possible to reduce those risks.
Here are seven common security issues identified by the Cybersecurity and Infrastructure Security Agency (CISA) with tips to enhance your cybersecurity efforts.
Yes, it’s obvious, and yes, you’ve heard it before, but the importance of a strong password really cannot be stressed enough. A recent study showed that millions of people worldwide use easy-to-guess passwords — including more than 23 million instances of 123456 appearing in a password, according to the BBC.
Passwords work only if they are complex and confidential. Most people, however, create passwords that are based on personal information (birthdays, family or pet names, phone numbers) and are easy to find or remember (common words or phrases, famous quotations, and song lyrics), making it easier for criminals to decipher, or even guess, them.
Strong passwords should include:
- 8-64 characters
- Upper- and lowercase letters
- Numbers and special characters
Ways to create stronger passwords:
- Misspellings (e.g., “daytt instead of “date”)
- Mnemonics (e.g., use "IlTpbb" for "[I] [l]ike [T]o [p]lay [b]asket[b]all.")
- Three or more random words together (e.g., "OrangePickpocketYarn")
- A pass phrase or sentence with correct punctuation and grammar (e.g., “To be safe, the stronger the better!”)
After you create a strong password, think carefully about how to protect it. For starters, don’t write it down or share it — even with friends, classmates, or colleagues. (Note: Sharing your CIS password and/or assigned accounts for any reason is a violation of university policy.)
And don’t reuse it — ever.
“Reusing a password, even a strong one, endangers your accounts just as much as using a weak password,” according to CISA. “If attackers guess your password, they would have access to all of your accounts.”
One way around this is a password manager, which creates and stores randomly generated codes for all of your accounts. Instead of creating multiple passwords, you’ll need only one master password to access the manager.
Additionally, you can add a layer of protection through two-factor authentication (2FA). 2FA requires a username/password combo plus a second method of verifying your identity, typically a physical object like a cellphone, tablet, or hardware token. So even if an attacker obtains your login credentials, the information is less effective without access to the secondary device.
While the University of Utah requires 2FA for its employees, students can opt in through the Duo Management Portal. 2FA also can be enabled on many popular websites, such as Instagram, Gmail, and Venmo.
It’s no secret that social networking sites encourage you to provide personal information — that’s how they connect you to other people, interest groups, and organizations. The more information you make public, however, the more you expose yourself to cyberthreats.
One common tactic criminals use is social engineering, or the manipulation of people into performing actions or divulging confidential information.
“Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data,” CISA says.
It also makes it easier for criminals to guess passwords based on personal information.
Ways you can better protect yourself:
- Limit your online friends and connections to people you actually know
- Limit the amount of personal information you post
- Use privacy settings to restrict who can see and post on your profile
- Think before you share — once you post online, you can’t take it back (the internet is forever)
- Turn off location sharing and/or geo-tagging, or wait to post until you get home
- Don't believe everything you read online
- Be cautious with third-party applications
Despite its convenience, the internet comes with inherent security risks, especially for online shoppers. Because online purchases require personal and financial information, criminals have twice the incentive to carry out attacks.
Attackers may try to exploit shoppers by creating fraudulent websites and emails that appear to be legitimate; intercepting unencrypted transactions; and accessing vulnerable devices through viruses or other malicious code.
Ways you can protect yourself:
- Do business only with reputable, established vendors
- Ensure your information is encrypted
- Do not respond to emails requesting sensitive information
- Use a low-limit credit card to cap your liability for fraudulent charges
- Keep a record of your purchases and compare them to your bank statements
Other ways to protect your privacy:
- Do not use your primary email address in online submissions
- Devote one low-limit credit card to online purchases
- Do not allow browsers to remember your passwords
Although your home should feel like a safe space, the reality is that every device and network connected to the internet — no matter the size or location — opens to the door to potential cyberthreats.
You can better secure it by regularly updating your software, running up-to-date antivirus programs, installing a network firewall, backing up your data (e.g., UBox), and mitigating email threats.
Perhaps more importantly, you should adjust factory default settings on your software and hardware, and enable wireless security.
Ways to enhance the security of your router:
- Use the strongest encryption protocol available
- Change the router’s default administrator password
- Change the default service set identifier (SSID)
- Disable Wi-Fi protected setup (WPS)
- Disable universal plug and play (UPnP) when not needed
- Upgrade firmware
- Disable remote management
- Monitor for unknown device connections
If you’re connecting to the internet via a tech gadget that’s not a smartphone, tablet, or desktop or laptop computer, then you may be using an Internet of Things (IoT) device. These items — think media players, smart TVs, voice-controlled speakers, gaming consoles, smart watches, and other smart devices — send and receive data automatically through the internet.
But the interconnectedness of these objects can present serious risks to your privacy and security.
Ways to improve the security of IoT devices:
- Evaluate your security settings
- Ensure you have up-to-date software
- Consider whether continuous connectivity is necessary
- Change default passwords to a new, unique passcode
U students, faculty, and staff also have access to ULink, a secure wireless network exclusively for IoT devices, while on campus.
PatchesOne of the easiest things you can do to improve your security is download and install patches, aka software and system updates. These releases typically address vulnerabilities, fix performance bugs, and provide enhanced security features.
If possible, take advantage of automatic updates. If they are not available, visit
the vendor’s website for information. You also can search or follow #patchTuesday on Twitter for the latest news about available patches.
Updates should be downloaded and applied only from trusted network locations or via a virtual private network (VPN). The U community can access the campus network through Cisco AnyConnect VPN client.
In the event that a vendor no longer supports or issues updates for its software, you should stop using that product. End-of-life (EOL) software comes with its own risks, including security vulnerabilities, compatibility issues, and decreased system performance and productivity.
Note: Microsoft will end support for Windows 7 in January 2020. Users should move to Windows 10.
Cybersecurity and other IT resources
The Knowledge Base offers guides on the most common IT questions and services, including IoT connectivity and UMail for mobile devices.
CAMPUS HELP DESK
Have an IT problem? Our Campus Help Desk experts would love to fix it. Also, check in on the status of myriad university systems.
UIT TWITTER FEED
Follow University Information Technology (@UofUIT) on Twitter for UIT news and IT updates for the University of Utah.
DUO 2-FACTOR AUTHENTICATION
2FA prevents people from using your account to log in to U websites, even if they have your uNID/password.
The Office of Software Licensing offers security essentials software to protect your data and devices.
SECURITY TIP SHEET
Download for tips on how to keep your personal info safe, protect your devices, and prevent theft.
STAY SAFE ONLINE
The National Cyber Security Alliance website aims to educate and empower people to use the internet safely and securely.
STOP. THINK. CONNECT.
Stop. Think. Connect. is an online safety awareness campaign to help people stay safe and secure online.