Stay safe online
Technological innovations have changed the way we live our lives. We are more connected now than ever before. As we become more active cyber citizens, we also need to protect our online presence. Follow these basic tips to stay safe online.
- The only person you can trust with your login credentials is YOU.
- Don't share the same password between your unique accounts. Have separate and unique passwords for each unique account.
- Is your password complex enough?
- Lock Down Your Login with 2-factor authentication (2FA) where possible.
If you suspect your University credentials have been stolen, change your password immediately, then call your designated help desk:
Hospitals & Clinics: 801-587-6000
Main Campus: 801-581-4000 option 1.
Before you share sensitive information about yourself online, think it through rationally.
- Who is asking for this information? Why do they need it? Do you trust the person or company?
- Only share sensitive personal information over secure sites, indicated by https:// in the address bar.
- Check for https:// on every page you visit, not just when you log in.
- Mobile apps do not have a visible indicator like https://. If you are conducting sensitive transactions, like accessing your bank account, use a secure wireless network or your phone's data network.
Keep your device's operating system, security software, web browser, and apps up-to-date. Remove apps you no longer use. Remember, your mobile phone just as vulnerable as your computer.
- Password-protect your devices.
- Lock your device screen when not in use.
- Don't leave your devices unattended. If you must leave your device, secure it appropriately out of sight and lock it up.
- Read more about how to protect your devices.
When information is not encrypted, it is called plain text. Anyone can easily access and read plain text. Encryption converts plain text into cipher text that requires a unique key (like your passcode) to unlock the information. There are many forms of encryption in order to address multiple needs (e.g. devices, email, applications). Keep in mind that encryption is only as strong as the security of your devices1.
The University's Rule 4-004C: Data Classification and Encryption provides requirements and guidance for handling University data.
Additional encryption resources:
StaySafeOnline.org: Encryption: Just the Basics
HowToGeek.com: What is Encryption, and How Does It Work?
1Sans: Ouch! June 2016: Encryption
When connecting to unsecured Wi-Fi in public places, be extra cautious. Most Wi-Fi hotspots don't encrypt the information you send over the internet and are not secure1.
- Don't set your device to automatically connect to nearby Wi-Fi.
- Avoid visiting and logging in to sensitive websites, like your bank account, while using public Wi-Fi.
- Don't stay permanently signed in to accounts. Log in when you want to use an account, and log in when you're done.
Beware of geotagging. Tagging your location provides an easy way for criminals to track your behavior.
Think before you post. StaySafeOnline.org provides great advice, such as:
- Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online. Remove or untag unfavorable photos of yourself.
If you believe your social media account has been compromised, change your password immediately. If you are unable to access your account because your password has already been changed, contact the web service immediately. StaySafeOnline.org's hacked accounts resource offers information for various web services in one spot.
Phishing is an attempt to acquire confidential information, typically through email-based attacks. The email will masquerade as a trustworthy entity, like your bank or employer, and try to trick you into clicking on malicious links and/or entering your personal information, such as your credit card or your username and password.
How to identify a phishing email
- Compare the sender's name to the sender's email address. In a phishing email, these will often not match up.
- Ask yourself: Is this a normal process for me? Is this what my bank/employer/etc. usually does?
- Ask yourself: Is this email causing an emotional response (such as fear), thus creating a sense of urgency?
- Hover over the link with your mouse pointer to determine authenticity (but don't actually click the link). If the URL doesn't match up with the company name or the overall subject matter of the email, it's probably a phishing attempt. Example:
The Information Security Office (ISO) will respond to and investigate incidents related to misuse or abuse of University of Utah information and information technology resources. This includes computer and network security breaches, unauthorized disclosure or modification of institutional or personal data, and security credential malware phishing.
Reporting an incident can be done by reporting to your designated help desk:
Hospitals & Clinics: 801-587-6000
Main Campus: 801-581-4000 option 1