As National Cybersecurity Awareness Month continues, here are some additional elements of wisdom to ensure you stay safe and secure online.
Passwords and Passphrases
Gandalf was right when he said, “Keep it secret, keep it safe.” Keeping your login credentials (passwords/passphrases) to yourself might be obvious, but what about creating a stronger password or passphrase? MSU’s authentication system supports passphrases. In the past, cybersecurity experts recommended strong passwords with at least 12 characters in length and a mix of upper and lowercase letters, numbers, and special characters. With the advent of Multifactor Authentication (MFA), the current state of nirvana is to employ a passphrase that should be at least 16 characters long, with space and is, therefore, simpler to remember (MSU students are creative enough to string together four 4-letter words, right?). Be careful not to reuse passwords across multiple accounts, as cybercriminals often take breached data from one company and try it at the front door of another that you may use. MSU IT sees many attacks using this method, and the most reused password is “Spartans1.” Ouch.
Consider using a free password manager, like LastPass, and never share your passwords with anyone, not even your family. If your parents or guardians need access to your MSU financial information, encourage them to register for an MSU Guest Account.
Use caution on public Wi-Fi
Whether you’re studying in a dining hall, Wells Hall, or Chipotle, be careful when connecting to public Wi-Fi on and off campus. Never access or share personal or financial information over an unsecured or questionable network, where cybercriminals can easily steal your information. Campus Wi-Fi will appear as MSUnet or MSUnet 3.0 and Eduroam. If you don’t have access to reliable Wi-fi, consider using your phone’s hotspot.
Avoid oversharing
As social media becomes a bigger part of our lives, we must be mindful of what we share. A selfie or check-in at your favorite coffee shop can reveal more than intended. Personal information shared on social media can be the final puzzle piece hackers need to steal your identity. Be careful of what you share, and never disclose any personal information on public-facing accounts. Carefully weigh the pros and cons of sharing your personal information in exchange for free products and services, and be aware of who you allow to use your personal data and for what purpose.
Be aware
Look for antivirus alerts, browser pop-ups or random unwanted sites, passwords that no longer work, friends saying they have received strange emails, or other suspicious behavior. If you encounter these, perform an antivirus scan on your device or reload your computer’s software/data from a backup. And change your passwords/passphrases (a password DB like LastPass comes in handy here)!
Don’t get phished
Phishing emails are suspicious emails sent from criminals looking to infect your computer or steal your information. They usually arrive unexpectedly, with a sense of urgency, and from an unfamiliar sender that asks you to open an attachment. Usually, the grammar is poor, the email is from a free account like Gmail or Hotmail, and there is no contact information. Sometimes they might not ask for anything at all. Cybercriminals can sign up for real services or accounts using your email address, hoping you click the verification link, which enables them to use the account themselves. (Read about suspicious Venmo emails received by the MSU community.) Bottom line: If something looks off, it probably is. If you receive a suspected phish, don’t click any links or reply–forward it to abuse@msu.edu. Learn more about phishing.
Scammed?
If you think you’ve fallen for a scam or your identity has been stolen, you should file a police report and notify the credit bureaus as soon as possible. If you think your MSU credentials or email has been hacked, or if you have questions, please contact MSU IT at 517-432-6200. For more cybersecurity tips, visit secureit.msu.edu.
Learn about the best ways to #SecureState at secureit.msu.edu.