Cybersecurity Awareness at Michigan Tech

Every aspect of our lives seems to be impacted by the internet—from the devices we use to chat with our friends, the apps we use to buy our groceries, and the online classrooms we use for learning. Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

Each October, Information Technology joins the National Cyber Security Alliance and the CISA to raise awareness for cybersecurity. This year’s campaign theme is “See Yourself in Cyber.” Cybersecurity may seem like a complex subject, but ultimately, it’s all about people. We’ll share tips and information to help you make smart decisions about cybersecurity at work, home, and school.

The learning doesn't end when October is over! Check out the SANS Security Awareness Tip of the Day webpage for more tips on staying safe and secure.

See Yourself in Cyber - Software Updates

One of the easiest ways to keep your information secure is to keep your software and apps updated.

Update often

Always keep your software updated when updates becomes available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

Get it from the source

When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.

Make it automatic

Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.

Watch for fakes!

Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured or it could contain malware.

Help us keep your campus computer up to date

If you have a fully-managed Michigan Tech computer, it's very easy to stay current. Michigan Tech IT automatically updates the operating system, firmware, and selected software during our weekly maintenance window (Thursdays 2:00 a.m. - 6:00 a.m. EST). You can make sure your system stays current by logging off of your device each Wednesday evening and keep the device on and connected to the network.

Michigan Tech IT automatically configures security settings to apply standard workstation security, such as the system firewall, logging, encryption, screen locking, and remote management/assistance for IT staff.

Stay safe! If you have any questions about cybersecurity, please email us at it-help@mtu.edu or call 906-487-1111.

Past Topics

See Yourself in Cyber - Password Tips

Strong passwords are your first line of defense against cybercriminals and data breaches. No matter what accounts they protect, use the following guidelines when creating passwords:

Use a sentence or multiple words. Focus on sentences or multiple words that you like to think about and are easy to remember. For example, “I love rock and roll 2!” or "Rock paper scissors lizard 3."
Use separate passwords. Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
Use a longer password. An 8-character password can take just 8 hours to crack, a 12-character password would take 34,000 years, and a 16-character password would take 1 trillion years to crack.
Use a password reset method. Enter your mobile phone or set up secret questions at the Michigan Tech Account Center so you can reset your password 24/7.
Use multi-factor authentication. Multi-factor authentication is something that you have, such as a mobile phone or token, to go along with something that you know, such as your password. We have Duo to protect sites such as Canvas and Banweb. You can also set up 2-factor authentication for your email.

Use a password manager

As our online lives expand, we’ve gone from having just a few passwords to today, where we might manage upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. Today, the truth is that you don’t have to remember your passwords with tools like password managers. You only need to remember one master password, which will manage and auto-fill all the others. Students, faculty, and staff have access to LastPass through Michigan Tech. It will also allow departments that have a need to share passwords within their departments.

Password facts and figures

The following are some facts and figures about passwords and how people manage them. How many of these apply to you?

43% of adults have shared their password with someone. (Google)
Only 45% of adults would change a password after a breach. (Google)
81% of the total number of breaches leveraged stolen or weak passwords. (LastPass)
61% of employees use the same passwords for multiple platforms. (LastPass)
The most commonly used password management strategy was writing them down in a notebook (31%). Remembering passwords was also seen as a popular technique reported by 26% of the participants. (NCA)
Only 12% of the participants reported using a stand-alone password manager application with another 11% saving their passwords in their browser. (NCA)
28% of adults in the US use the same password for all of their online accounts. (Business Insider)
65% of Americans don’t trust password managers. (Password Manager & YouGov)

See Yourself in Cyber - Email Security

Phishing is when criminals use fake emails, social media posts or direct messages to lure you into clicking on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.

Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.

See it so you don’t click it.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, pause and take a few seconds to ensure the email looks legitimate. Here are some quick tips on how to clearly spot a phishing email:

Does it contain an offer that’s too good to be true?
Does it include language that’s urgent, alarming, or threatening?
Is it poorly crafted writing riddled with misspellings and bad grammar?
Is the greeting ambiguous or very generic?
Does it include requests to send personal information?
Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
Is it a strange or abrupt business request?
Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.

Uh oh! I see a phishing email. What do I do?

Don’t worry - you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition.

If you’re at the office and the email came to your MTU email address, report it to your IT manager or security officer as quickly as possible.

If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. Remember, DON’T CLICK ON LINKS, JUST DELETE.

Oops! I clicked!

If you've clicked on the link or suspect that your account is compromised, you can follow the instructions in our Knowledge Base at Steps to Secure a Compromised Account to help minimize any intrusion into your account.

Resources

Password Security

If You Connect It, Protect It

In this video, Chief Information Security Officer David Hale talks about passwords, how to manage them, and how to make sites you use even more secure with multi-factor authentication.

This video by Adobe, National Cyber Security Alliance, and Speechless is about password security. Watch this fun, short clip on how to set a strong password and a secure way to keep track of all the passwords we use everyday.

Check out the Cyber Security Alliance blog for more information on password security.

Passphrases and Securing Your Accounts

Passphrases are like keys to your personal home online. You should do everything you can prevent people from gaining access to your passphrase. You can further secure your accounts by using additional authentication methods.

Read helpful ways to stay safe online in Passphrases and Securing Your Accounts.

Data Handling

These days, sharing information is quick and easy with the online tools we have at our disposal. Because of this, it's even more critical to make sure we're following secure practices when we share data, especially when it's private, sensitive, or confidential.

When sharing sensitive data, apply this one best practice to help keep it more secure – only share on a need-to-know basis.

The following video by Adobe, National Cyber Security Alliance, and Speechless is about the data we share.

Read more at this accompanying blog post on data handling by the National Cybersecurity Alliance.

Computer Theft

Many of us can relate to that sinking feeling of dread that you have when you've lost something, especially when it's your mobile phone or computer. In addition to losing the object, you also have to account for the data stored on your device, which can cause more damage than losing the item itself. Learn how to build good security habits the latest video on computer theft. For more information, check out the accompanying blog post by the National Cybersecurity Alliance.

Do Your Part. #BeCyberSmart.