Hackers love easy targets, so don’t make it easy for them. Say no to password123 or qwerty. Opt for unique and complex passwords – let a password manager do the heavy lifting for you. It’s time to level up your security.
Category: Information Security
Cybersecurity Pro Tip
Did you know the average person has over 100 passwords online? Here’s an easy pro tip: a Password Manager can do all the managing of strong, unique passwords for each account.
Password Managers 1. Save time 2. Suggest strong passwords and 3. Identify weak passwords.
Don’t Get Hooked!
Phishing emails are like sneaky bait trying to reel you in. Learn how to spot them and report those fishy attempts to keep your inbox clean and your personal information safe.
Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.
No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.
Learn more from the National Cybersecurity Alliance
#CybersecurityAwarenessMonth
Cybersecurity Tip: Report phishing
Reporting a scam is your best line of defense against cyber incidents. Don’t hesitate to call out phishing attempts.
One of the best ways to take down cybercriminals is by reporting phishing attempts, and nowadays its easier than ever. If the email came to your K email address, report it to the Help Desk as quickly as possible. If you’re at home and the email came to your personal email address, do not click on any links (even the unsubscribe link) or reply back to the email. Most email programs and social media platforms allow you to report phishing attempts. But don’t keep that phishing message around – delete it ASAP. You can further protect yourself by blocking the sender from your email program, social media platform or phone.
Learn more from the National Cybersecurity Alliance
#CybersecurityAwarenessMonth
There’s no one like you in the whole world
…except the cybercriminal with your password. Don’t get hacked. Use multi-factor authentication. Learn more from the National Security Alliance
#CybersecurityAwarenessMonth
October is Cybersecurity Awareness Month
Make it harder for cybercriminals to access your account by enabling multi-factor authentication.
What is multi-factor authentication?
Multi-factor authentication is sometimes called two-factor authentication or two-step verification, and it is often abbreviated to MFA. No matter what you call it, multi-factor authentication is a cybersecurity measure for an account that requires anyone logging in to prove their identity multiple ways. Typically, you will enter your username, password, and then prove your identity some other way, like with a fingerprint or by responding to a text message.
Learn more from the National Cybersecurity Alliance
#CybersecurityAwarenessMonth
Cybersecurity Awareness Month – Phishing
This week’s post for Cybersecurity Awareness Month covers Phishing.
What is Phishing?
According to the National Cybersecurity Alliance, phishing is “a form of social engineering by which cyber criminals attempt to trick individuals by creating and sending fake emails that appear to be from an authentic source, such as a business or colleague.” Some phishing tactics used by criminals include:
- Forging a message from a financial institution, claiming you’ve been a victim of fraud
- Impersonating a supervisor, asking for help with a task
- Claiming to be a delivery company, alerting you to a problem with a package
When you see these sorts of messages, it’s important to be vigilant.
How do I know if the message is fake?
Some red flags include:
- Email structure
- The sending email address doesn’t match the company it’s coming from
- Poorly-crafted writing with misspellings, and bad grammar
- Greetings that are ambiguous or very generic
- Language that’s urgent, alarming, or threatening
- Requests
- Strange or abrupt business requests
- Requests to send personal information
- Urgency to click on an unfamiliar hyperlink or attachment
- Offers
- Contains an offer that’s too good to be true
See a Phishing Email? Here’s what to do…
- Pat yourself on the back for recognizing that an email is fake and part of a phishing scam.
- Report the phishing message through Outlook by selecting the Junk option in the top ribbon and then Report as Phishing option. If you’re using the web version of Outlook, simply right click on the preview of the phishing email, hover over Report and select Report Phishing.
- Not sure? Ask the Help Desk!
Suggested Articles from your IS Team
- Brandon Buchholz – Why Am I Getting Spam From My Own Email Address?
- Katrina Frank – Microsoft: Phishing and suspicious behaviour
The content on this page was adapted from the National Cybersecurity Alliance’s information on phishing.
Subscribe to our Posts
Did you miss the latest IS announcement? Subscribe to receive our posts directly to your inbox!
Cybersecurity Awareness Month – Multi-Factor Authentication
This week’s post for Cybersecurity Awareness Month covers Multi-Factor Authentication.
What is MFA?
An authentication factor is a way for a person to identify oneself to a computer. Multi-Factor Authentication (MFA) means using more than one factor to prove to a computer that you are who you say you are. Typical authentication factors come in three types:
- Something you know (like a password or PIN number)
- Something you have (like a phone or ID card)
- Something you are (biometrics like a fingerprint or facial recognition)
You probably use MFA all the time: when you use an ATM, you use a debit card (something you have) with a PIN (something you know). When someone checks that your face matches the picture on your driver’s license, they’re authenticating you with two factors.
How does MFA help?
According to Microsoft, 99.9% of account compromise attacks can be stopped with MFA. When you use MFA, a cybercriminal who wants to use your account will face a much greater challenge. If your password is compromised but a second authentication factor is required to sign in, a criminal using your password will not be able to authenticate as you. Visit the National Cybersecurity Alliance MFA page for more information.
Where should we use MFA?
You should use MFA with any service that stores sensitive information. These include:
- financial sites (like your bank, credit card company, or investment account)
- social media (like Facebook, Instagram, TikTok)
- email (like Gmail or Hotmail)
- your Kalamazoo College network account
MFA is required for all students, faculty, and staff, and more information can be found at our Multi-Factor Authentication page.
Subscribe to our Posts
Did you miss the latest IS announcement? Subscribe to receive our posts directly to your inbox!
Cybersecurity Awareness Month – Passwords and Password Manager
This week’s post for Cybersecurity Awareness Month covers habits relating to passwords and password managers. To be cybersecure:
1. Create passwords with these three principles
- Long – All passwords should be at least 12 characters long.
- Unique – Never reuse passwords and create unique passwords for each account.
- Complex – Use a combination of upper and lower case letters, numbers, and special characters.
Remembering passwords and following these principles may sound hard, but there’s a better way…
2. Use a Password Manager
Password managers make it easy to use passwords that are long, unique, and complex. They save time, work across all your devices and operating systems, and can alert you when a password has become compromised. Visit the National Cybersecurity Alliance password managers page for more information including password manager options you can use to be more secure.
3. Know When to Change your Password
As reported by the National Institute of Standards and Technology it is no longer recommended to change your passwords every few months. For personal accounts we recommend focusing on creating long, unique, and complex passwords. Should you become aware that an unauthorized person is accessing an account or a password was compromised in a data breach, change your password immediately. Please note that as part of our process at Kalamazoo College, we require users to change your KNET password periodically; however, there may be a change to this process in the future.
The information on this page was adapted from the National Cybersecurity Alliance’s passwords and NCSAs password manager page.
Subscribe to our Posts
Did you miss the latest IS announcement? Subscribe to receive our posts directly to your inbox!
Cybersecurity Awareness Month – Oct 2022
Did you know that October 2022 marks the 19th Annual Cybersecurity Awareness Month?
To spread cybersecurity awareness, this month IS will be sharing key behaviors we can all adopt to be more secure. Read our posts each Friday for the month of October to learn more.
About Cybersecurity Awareness Month
“The National Cybersecurity Alliance launched Cybersecurity Awareness Month in partnership with the U.S. Department of Homeland Security in 2004. The campaign is a strong collaboration between government and private industry to raise awareness about online security” (National Cybersecurity Alliance). You can learn more about the month and other cybersecurity initiatives on the National Cybersecurity Alliance website.
Habits to adopt:
Throughout the month of October we will be sharing more detailed information on the following habits:
- Using strong passwords and a password manager
- Enabling multi-factor authentication
- Recognizing and reporting phishing
- Complete required and offered cybersecurity trainings offered by IS
Subscribe to our Posts
Did you miss the latest IS announcement? Subscribe to receive our posts directly to your inbox!