November 08, 2021

Know the seven keys to cybersecurity

The Office of Information Technology (OIT) shares specific actions people can take to enhance cybersecurity efforts and lock criminals out of individual and SIU systems and accounts.

It is important to remember that everyone in the campus community holds keys to the university’s collective cybersecurity. A single mistake can open the door for criminal activity and cost you, others and the University much more than time or money — a single breach can destroy a trust earned over decades.

Below are seven keys to enhance cybersecurity at work and at home. Read and practice these tips before you have a chance to put them to the test in the OIT’s cybersecurity challenge later this fall.

Key No. 1 Be aware!

Knowledge and diligence keep individuals and SIU Carbondale safe from cybercrime.

The OIT works to maintain awareness and educate faculty, staff and students in techniques to spot cyber threats and suspicious activity. Learning techniques to prevent cyber threats, securing devices and data, strengthening access mechanisms, and scrutinizing virtual interactions fortify the campus security barrier.

Key No. 2 ­Lock down access

Strengthen credentials and access via strong passwords, and use multi-factor authentication and virtual private networks.

Strong passwords that are unique to each account make access more difficult. SIU requires lengthy passwords and unique character combinations that must be changed at least once a year. A tip to remember what can be a wide assortment of passwords is using paraphrases — bits of content that make sense to you -- such as an obscure song lyric or quote. Secure “password wallets” that can store and generate unique passwords are also recommended. Password criteria is outlined when creating a new account and is found here.

Multi-Factor Authentication (MFA) enhances strong credentials by requiring access requests to be verified by using a second device or entering an access code. At SIU, users are prompted to verify their accounts using MFA credentials every seven days.

New faculty and staff are required to activate MFA when they claim their Network ID. Students may complete the setup in Network ID self-service or as prompted when accessing e-resources.

Virtual private networks (VPN) connect directly to an organization like SIU and encrypt the data that passes through to the network. VPN use for off-campus connectivity is granted by request from OIT to faculty and staff. VPN requests are made here.

Key No. 3 Avoid sharing personal or university information online, via text, or by phone.

Cybercriminals have many ways to coax, coerce and trick people into giving them the information they need for a cyberattack. Although there may be times when entering user information to set up or access accounts is required, reputable businesses, organizations and institutions, including SIU Carbondale, will never ask for personal information by email or text. Before responding to an unexpected email or text, use contact information from a second source to verify that the request is legitimate, or delete the message. Also be aware that this same type of “phish for information” can be carried out by telephone.

Key No. 4 ­Examine every email before responding or acting.

The recipient is the first line of defense against malicious emails. Be suspicious and scrutinize all unexpected emails and texts. Cybercriminals often send emails or texts that appear to be from a reputable source such as a bank, health care provider, and even SIU. If an email is unexpected, verify the sender before responding to the sender, clicking any link, or opening any attachment. If an email or text contains messages asking for personal information, urgent action or money, be extremely cautious.

Look for the BIG red message. Any email sent to an SIU account from an outside organization has red text at the top stating that it is from an external source. The red headline instructs users to “verify sender before opening links or attachments.” If you see this red headline, take a close look at the email before doing anything or responding to the sender. Look at the sender’s email address and consider whether it seems consistent with the sender, whether the message is well written and formatted, contains appropriate contact information and if it appears overall legitimate.

Key No. 5 Scrutinize links and attachments before clicking on or opening them.

If just one individual clicks on a malicious link or opens an infected attachment, cybercriminals may have access to any data on the machine, use the machine for additional criminal activity,  and have control over audio and video capabilities for spying or voyeuristic activities.

Think before you click. Clicking a malicious link can be harmful and open a door for cybercriminals to interact with unsuspecting users, such as making requests for information and/or money.

Be wary of attachments. Attachments can carry harmful viruses. Before opening or downloading an attachment, verify the sender. Be particularly cautious with files that have an .exe extension. These are “executable” files that launch some type of action when opened and if malicious, can wreak havoc on devices, networks and data.

Report any email that looks suspicious and delete it, or verify the sender before clicking links or opening attachments.

Key No. 6 Protect sensitive data whether on paper or in a virtual environment.

Sensitive information is extremely valuable, and cybercriminals are smart. “Sensitive information” is similar to personal information which includes usernames and passwords, Social Security numbers and account numbers, but also has a broader reach and includes university data and research, policies and procedures, proprietary information and digital assets.

Sensitive data should be stored on secure SIU servers; transferred via secure methods such as MOVEit and Teams, communicated over SIU’s VPN, and if printed, locked in a secure location. Sensitive data should not be stored on local machines. Additionally, sensitive data should never be stored on portable storage devices, which include laptops and tablets, thumb drives, and portable hard drives. (All SIU-owned laptops should be encrypted to add an extra level of security.) SalukiTech can assist with laptop encryption.

SIU devices are scanned on a regular basis for sensitive data — a process that can be run manually by the OIT or any departmental LAN administrator.

Key No. 7 Get help immediately if you think you may have stepped into a cyber trap.

The quickest source of help is SalukiTech staff at 618-453-5155 or salukitech@siu.edu.

If you encounter what you believe to be a scam or spam email but have not interacted with it, use the Report Message button at the top right of the Outlook screen to report the email. This protects the entire campus community.

The first article in the series includes a graphic summary of cybersecurity risks. For additional information or for help with a cybersecurity issue, contact SIU’s cybersecurity team at security@siu.edu or visit the SIU Information Security website at oit.siu.edu/infosecurity.