March 10, 2022

Staying cyber-safe in a changing world

With the present world circumstances, cyberattack threats are becoming a greater concern, and everyone is vulnerable. The Office of Information Technology (OIT) is offering the following tips to proactively manage our virtual environment and protect against cyberattack.

Use Strong Passwords. Passwords are the first line of defense; the stronger a password, the stronger the defense. SIU requires specific criteria for passwords. You can see the password criteria here. To make password storage easier, the OIT has purchased LastPass, a password manager, and is making it available at no cost to faculty, staff, and students. A password manager can create unique passwords for each account or store a user’s preferred passwords securely. Invitations for LastPass will be sent via email in late March.

Use VPN when accessing SIU servers remotely. SIU’s virtual private network (VPN) is a secure “tunnel” that connects directly to university servers. The VPN is secure because it encrypts the data that passes over the internet and through to the network. Users are strongly encouraged to utilize SIU’s VPN when accessing the internet in public locations or when working from home. The OIT grants VPN access (by request) for SIU faculty and staff as well as a limited number of students who are employed by the university. 

Scrutinize unexpected email. Cybercriminals often send emails that appear to be from reputable sources. If an email is unexpected, scrutinize the content before clicking links or opening attachments. Verify the sender (using outside contact information). If the sender asks for personal information, urgent action, or money, be extremely cautious. As an additional layer of security, SIU flags emails from outside the university with a red text message (at the top of the email) stating that it is from an external source. If, after review, the email seems suspicious, notify SalukiTech.

Question unsolicited offers or requests. Be leery of emails, calls, or texts that offer employment, money, or prizes, especially in exchange for personal information; these are often scams. Before acting on any unsolicited “offer,” verify that the sender/caller is legitimate. SIU employment opportunities are only communicated on SIU’s HR or Jobs websites, the student employment website, or posted by individual graduate schools. SIU will never ask for personal information or sensitive data via email.

Update browsers and software. Updates can be inconvenient to install, but they are necessary to keep data and devices secure. This is important on both University and personal devices. The OIT automatically updates most University software, while desktop support and departmental LAN admins can address requests for updates on unique software on university devices. Individuals should update software on their personal devices when notified to do so. Cybercriminals often exploit older versions of software to gain access to devices.

Use supported and trusted email clients to access SIU email. SIU requires that faculty, staff, and students use one of several supported and trusted email clients including: Apple mail, the mobile Outlook app, Outlook 2016 and greater, and Office 365 online. This is important because these email clients support modern authentication methods like MFA and allow us to protect you, other users, and SIU systems. Click here to download MS Office (which includes Outlook) on personal desktop and laptop devices. The Outlook app can be found in Android and iOS app stores for download to mobile devices. 

Share and store sensitive information properly. Cybercriminals are constantly looking for information to crack passwords and security questions and/or to gain access to technology systems. It is important to share and store sensitive data in secure places like OneDrive and MS Teams. Additionally, when information must be shared with people outside these secure environments use MOVEit to send or receive the data. As mentioned earlier, LastPass password manager will soon be available to SIU faculty, staff, and students. This tool allows co-workers to share passwords and account information easily and securely.

Be aware and report suspicious activity. Knowledge and diligence keep individuals and institutions safe from cybercrime. It is important to maintain awareness around cyber threats and report anything that seems suspicious to SalukiTech.

Faculty and staff who work with students are encouraged to share these security tips and remind them that one click is all it takes to create opportunities for cybercriminals to act. A quick reference sheet is available.

SalukiTech staff can provide additional information or respond to a security-related concern at 618-453-5155 or salukitech@siu.edu.