Tips for cyber diligence on campus

September 02, 2021

Tips for cyber diligence on campus

As the new academic year begins, the Office of Information Technology (OIT) is emphasizing that everyone contributes to cybersafety.

University faculty, staff and students are reminded that they have access to sensitive information and secure networks using campus and personal devices. It only takes a mistake by one person to give cybercriminals the access needed to exploit sensitive personal data, university records and academic research.

Here are recommendations for keeping the campus community safe.

Use Strong Passwords

Passwords are the first line of defense. The stronger a password, the stronger the defense. SIU requires specific criteria for passwords. You can see password criteria here or follow the prompts as you enter your password for the first time

Beyond these requirements, the OIT suggests that you create a paraphrase — a unique statement that means something to you and is easy to remember — as your password. Password managers are helpful in creating unique passwords for each account and sign-in attempt or in storing passwords securely so that users do not need to remember them.

The OIT also introduced Multi-Factor Authentication (MFA) in the spring 2021 semester. MFA adds an extra layer of security when users access SIU systems or software by requiring users to accept a push notification or enter an access code when signing in. MFA is requested approximately every seven days per device or browser. New faculty, staff, and registered students are enrolled in MFA automatically but must register their devices to accept DUO pushes or SMS notifications. New faculty and staff are prompted when they claim their Network ID. Students may complete the setup in Network ID self-service or as prompted when accessing e-resources.

Use VPN when accessing SIU servers remotely:

The university VPN provides a secure conduit to the university network along with an extra level of security by encrypting information between authorized devices. The OIT grants VPN access for SIU faculty and staff as well as a limited number of students employed by the university. 

Be cautious of emails

The first line of defense against malicious emails is the user. Be suspicious and scrutinize every unexpected email that you receive. Cybercriminals often send emails that appear to be from a reputable source such as a bank, healthcare provider, or even SIU. If an email is unexpected, verify the sender (using outside contact information) before engaging with them. If the sender asks for personal information, urgent action, or money, be extremely cautious.

SIU flags emails from outside the university

Any email sent to an SIU account from an outside organization has red text at the top stating that it is from an external source. If you see this red headline, take a close look at the email before you do anything or respond to the sender. Look at the sender’s address closely; does it seem consistent with the sender? Is the message well written and formatted? Is there contact information and does it appear legitimate?

Think before you click

The opening headline (in red) also instructs users to “verify sender before opening links or attachments.” If an email has this warning, pay particular attention to any links. Hover over a link to see the sender’s URL. If it looks suspicious, verify the sender before clicking on the email or delete the email.

Be wary of attachments

Attachments can carry harmful viruses. Verify the sender before opening or downloading an attachment.

Update browsers and software

Updates can be inconvenient to install, but they are necessary to keep data and devices secure. This is important on university and personal devices. The OIT automatically updates most university software. Desktop support and departmental LAN administrators can address unique requests for software updates on university devices. It is important to update software on personal devices when notified to do so, but scrutinize these update notifications to be sure that they are legitimate. If in doubt, ask desktop support or your LAN administrator for assistance.

Faculty, staff, and students are required to use one of several supported and trusted email clients to access SIU email

These email clients include: Apple mail, the mobile Outlook app, Outlook 2016 and greater, and Office 365 online. This is important because these email clients support modern authentication methods like MFA and allow OIT to protect you, other users, and SIU systems. Click here to download MS Office (which includes Outlook) on personal desktop and laptop devices. The Outlook app can be found in Android and iOS app stores for download to mobile devices. 

Share and store sensitive information properly

Cybercriminals are constantly looking for information to crack passwords and security questions or gain access to technology systems. It is important to share and store sensitive data in secure places like OneDrive and MS Teams. Additionally, when information must be shared with people outside of these secure environments use MOVEit to send or receive the data.

Faculty and staff who work with students are encouraged to share these security tips and remind them that everyone plays a role in maintaining our cybersecurity. The OIT has created this infographic on phishing that can be shared. For additional information or to report a security-related concern, contact SalukiTech staff at 618-453-5155 or salukitech@siu.edu.