College students spend up to 10 hours online each day, leaving them vulnerable to malicious attacks on both their data and devices.
But there are actions students — and faculty and staff — can take to stay safer and more secure on the web.
“Awareness is the first and most critical step,” said Shane Milam, executive director of Information Technology Infrastructure Services at Mercer University. “Each year, University IT participates in Cybersecurity Awareness Month to remind everyone of the importance of awareness and the steps we take to ensure security of IT Infrastructure.
“If our customers only take away one hint, it should be to remain diligent, aware and comfortable in notifying University IT of anything that seems dubious.”
As part of Cybersecurity Awareness Month, Denise Rogers, executive director of Mercer University’s Information Technology client support services, shares seven tips for being cyber smart online.
1. Don’t move your junk
Email is sent to your junk or spam folder because a filter has identified it as a potential spam message or phishing attempt. Phishing is an attempt to trick an email recipient into providing confidential information. If you move it, you could be putting a potentially malicious email in your inbox.
For that reason, “it is best to leave email that is in your junk or your spam folder unless you are 100% certain of the sender,” Rogers said.
2. Don’t get attached
Emails, especially from unknown senders, may include dangerous attachments.
“Always think twice and pause before you open any email attachments unless you’re confident of the source because email attachments can contain malicious viruses that could infect your computer,” Rogers said.
3. Pause before you click
Sometimes a malicious email may make its way into your inbox. So, if you don’t know the sender, it’s best to be cautious before clicking on a link, even if it looks legitimate.
“We’ve known folks to create fake websites where they look like they are legitimate in an effort to collect confidential information,” Rogers said.
4. Phrase your password
Creating a fun passphrase — Giv3Th3mTh3Claw$&! — can help you remember your password easier than putting together a random string of numbers and letters. Like in the above example, you can use numbers instead of letters — 1 or I, 3 for E or 5 for S — and throw a symbol or two in there. Also, be sure to make it at least 15 characters.
“The longer the password, the more difficult it is for someone to hack and discover it,” Rogers said.
(Pro tip: Don’t use the password example above. Now that it’s been shared in this story, it’s no longer secure.)
5. It’s not always nice to share
Never use your Mercer passphrase on any other website or applications. If you do, you could comprise your Mercer account.
“If for some reason the other application (where you use the shared password) is compromised, then you are automatically compromising the information stored behind your Mercer password,” Rogers said.
If you do use a shared password that is compromised on another site, you will need to change your Mercer password.
6. Give me two steps
Add multi-factor authentication — a method that requires you to use more than one verification factor to log in — to further secure your Mercer account. This can be done by adding an app to your phone or via text message. Directions to add multi-factor authentication for students and employees can be found on the Information Technology website.
“Multi-factor authentication provides an extra level of security for your email and other Office365 applications,” Rogers said.
7. Be on alert
Regularly check the security alerts on the Information Technology website. This is found in the upper right corner of both the student and employee websites. If you see a green check mark, that means “All Good!” A yellow caution triangle means “Be Cautious! Suspicious activity recently reported.” And the red circle with an X in it means “Be on Alert! Known security breach reported that could have widespread impact.” Clicking on “Security Alerts” takes you to a page that lists known phishing emails and other security updates.
“Take a look at this regularly, so you can be on the lookout and not fall for these emails,” Rogers said.
If you receive a suspicious email not listed on the security alerts page or suspect you may have fallen victim to an attack, contact the IT Help Desk by calling (478) 301-7000, emailing firstname.lastname@example.org or visiting the online service portal at ithelp.mercer.edu.
Mercer Information Technology has put many security measures in place to try to prevent malicious attacks,” Rogers said. “Our focus this month is to educate all of our faculty, our staff and our students on what they can do.
“These are tips that can help everyone take responsibility for cybersecurity.”