ITS Office of Information Security

Protect Your Email

Protect your email from phishing by enabling multi-factor authentication (MFA) on all accounts, using a password manager for unique passwords, and staying vigilant against urgent or suspicious requests. Never click links or open attachments in unexpected emails; instead, verify requests directly with the company through official channels.

Steps to Protect Your Email

• Enable Multi-Factor Authentication (MFA): This adds a crucial second layer of security even if your password is stolen.

• Use a Password Manager: These tools won't auto-fill credentials on fake, spoofed websites.

• Verify Before Clicking: Hover your mouse over links to check the actual destination URL before clicking.  If in doubt, go directly to the source.

• Be Skeptical of Urgency: Phishing emails often create a false sense of urgency or fear to make you act without thinking.  Be highly cautious of any message demanding you take quick action.

• Don’t click on suspicious links or download unexpected attachments.

How to Spot & Report Phishing

• Check the Sender: Scrutinize the email address for subtle misspellings or unofficial domains.
• Report Suspicious Emails: Use the "report spam" or "report phishing" button in your email client to help train filters.
• Don't Reply: Delete suspicious messages immediately.
• Verify Contact: If an email seems to come from a known company, contact them directly via their official website or phone number, not through the email links.

Use Strong, Unique Passwords

Reusing the same password or passphrase for your email account, Netflix, your bank account, etc. is an open invitation to cybercriminals. Today, each password needs to be at least 16 characters long, a random mix of characters, and unique to the account.

How do you remember all these long, strong passwords?  A password manager is the best option.

Use a password manager to keep track of everything – there are many high-quality free options. Learn more about password managers here.

• Don’t make passwords obvious with info like your birthday, pet’s name, or “1234.”
• Passwords that are 16 characters or longer take billions of years for hackers to crack!

Use 2-Factor Authentication

Multifactor authentication (sometimes called two-factor authentication, 2FA, or two-step authentication) adds an extra layer of security, like a door bolt for your accounts. When two-factor authentication is on, you’ll log in with your password and a second step, like logging into a special app on your phone. It’s one of the easiest ways to stop hackers, even if they guess your password.

• Turn on two-factor authentication for all your accounts, but especially banking, email, and social media apps.
• Never share a two-factor authentication code or approve an 2FA app request you didn't make – even if someone "official" calls, emails, or texts you!

Clean Up Your Digital Footprint

• Be careful what information (either work or personal) you share on social media sites. Hackers use social media platforms as tools for gathering information that could be used against you or the University. Don't share any information that could be used to impersonate you. 
• Be careful who you connect with on social media. If you are not sure of a friend or a professional connection request, don't accept it.
• Review your privacy settings on social media. Change it to an audience that makes you comfortable.
• Google yourself and see what comes up.
• Remove old accounts you no longer use.

Be Cautious About AI Use

Generative artificial intelligence (AI) programs like ChatGPT are changing the nature of education. 

• Visit the App State Artificial Intelligence website for guidelines on using AI.
• Don't share sensitive data with AI because the platforms might use it for their training data and share it with someone else. Treat AI programs like social media – share with care!

Lock Your Laptop & Phone

This is simple, but essential. When you walk away from your device, even for a moment, lock it. You don’t want someone else accessing your stuff.

• Use a PIN, password, facial recognition, or fingerprint scan for superior protection.
• In your device's settings, use Find My Device for Apple or Android products so you can remotely wipe the data off if it is stolen or lost.
• DON'T share device PINs and passwords with roommates or friends – if you want to show them a funny video or need their help proofreading an email to a professor, do it together.

Back Up Your Data

Whether it’s due to theft, a spill, ransomware, or your hard drive breaking, data loss happens. Backing up your files ensures you won’t lose everything if disaster strikes.

• Use cloud services like Google Drive, Microsoft OneDrive, or Apple iCloud.
• Keep a physical backup like an external hard drive for extra peace of mind.
• Once every quarter, double-check that your backups are actually working and backing up your data.

Keep Your Devices Updated

• Avoid clicking “Remind me later” on software updates, as those updates often fix serious security flaws. The longer you wait, the more vulnerable your laptop or phone becomes.
• Set up automatic updates so you get the latest security patches.
• Regularly shut down and restart your laptops, phones, and tablets – once a week is good.

Watch for Scams Through Texts, DMs, and Everywhere!

It’s not just email – phishing can happen through text messages, Instagram DMs, or even fake job postings on LinkedIn.

Scammers often pose as trusted sources. They want to trick you into clicking a link, sharing personal info, or downloading malware.

• Look for any unexpected message with a sense of urgency, like "Act now or lose access!"
• Delete any requests for money, gift cards, bank account info, or cryptocurrency.
• Official organizations, like universities, student loan servicers, or the government, won't text or DM you about setting up payments.
• Never scan QR codes without any context or in a public place – it's always a better idea to go directly to a URL or find a website than to use unfamiliar QR codes.

Limit Activities on Public Wi-Fi

Public Wi-Fi or hotspots make it easy to connect, but these systems usually provide weak protection, and they’re a magnet for hackers, too.

• If you are away from home, create a personal hotspot with your phone or use a Virtual Private Network (VPN). 
• Never use public Wi-Fi to access or enter sensitive information, such as online banking or any site where you need to log in.