Play It Safe with Cybersecurity
Always opt for two-factor authentication
Auburn University has chosen DUO security to provide our students, faculty, and staff with two-factor authentication, or 2FA. This provides additional security to your Auburn account information by adding a second layer of authentication when you log in. Once you enter your username and password, you will get a push notification, text message with a code, or a phone call – all of which require a physical device that only you have. So even if someone gets your password, they can’t get into your account unless they have your phone or tablet too. Here are some tips to maximize your security with 2FA:
- Never approve a DUO request that you didn’t initiate.
- If you get a DUO push you weren’t expecting, change your password immediately.
- Update your DUO information whenever you get a new phone, tablet, or phone number.
- Make sure you’re signed up for 2FA on Amazon, Twitter, your bank account, and any other website that offers it!
If you haven’t signed up for DUO, start the process now.
Keep your systems up-to-date
It’s always a hassle to stop what you’re doing and download an update – it’s almost second nature to click “Remind Me Later” each time a reminder appears. But even if it seems like the convenient option, you’re not doing yourself any favors by putting off your software updates. These updates provide bug fixes, new features, and, most importantly, better security.
How can a software upgrade impact my security?
Hackers are constantly looking for new ways to gather information. When a company announces an update, it also calls attention to the vulnerability that exists for anyone who hasn’t run the update – and that’s an easy target. A little bit of code can infect your computer with malware through an action as simple as clicking a link or going to a certain website. Once your computer is infected, that malware can steal access to your computer and any sensitive information that you have stored or that you enter in – anything from bank passwords to social security numbers.
Think of it this way – the amount of time it takes to run the update is nothing compared to the amount of time it takes to rid your device of a virus or recover from a stolen identity.
Keep your passwords secure
With ever increasing password requirements from different sites, it can be hard to keep everything straight. There are two common practices that people fall into – either keeping the same password for every account or keeping all passwords written down somewhere. But if someone figures out that one password or finds that piece of paper, your accounts are in trouble. There are plenty of options for password storage that will allow you to store unique passwords securely. And whenever possible, make sure you enable two-factor authentication as an extra level of protection. Here are some other tips to make sure your passwords are secure:
- Never keep a default password.
- Don’t use the same password across multiple accounts.
- Don’t include common information like your birthdate, pet’s name, or anything else that’s easily accessible with a quick search.
- Always use a mix of uppercase, lowercase, number, and special characters if they’re allowed.
- Try to avoid using words that are in the dictionary. Come up with alternate spellings or use numbers in place of letters.
- Don’t keep your passwords written down on a sticky note in your office or under your computer.
- Always opt into two-factor authentication.
There’s no such thing as 100% secure, but taking these steps will get you a lot closer.
Report any email if you suspect foul play
Phishing is constantly becoming more and more problematic as tens of thousands of people fall for phishing scams every single day. This can negatively affect the people who fall for the scams as well as anyone in their contacts or on the same network. It doesn’t help that scammers are getting more sophisticated in their attacks, but there are still some red flags you can be on the lookout for:
- Impersonal Greetings: Phishing messages often start with “Dear User” or “Dear Customer” instead of addressing you by name.
- Threats: Be wary of any message that tells you that you will lose access immediately or that your account will be terminated.
- Links: It’s easy to make a link look like it’s directing you somewhere else, so don’t click on a link in an email you’re not expecting. Instead, type in the web address directly into the browser.
- Spelling & Grammar: Plenty of people make mistakes in spelling in emails, but phishing attacks often have more spelling and grammar issues than normal.
- Request for Money or Information: If an email ever asks you to enter your password, banking information, social security number, or anything like that via email, don’t do it. Legitimate companies will not request that information via email.
If you’re worried you may have fallen for a phishing scam, or if you want more information on phishing, visit our Phishing Awareness page.