Cybersecurity reminders to protect university information and equipment

Fall classes are underway, but one lesson not in the syllabus is how to protect university information and technology from cybersecurity threats.

Chief information security officer Rich Tener developed a back-to-school cybersecurity reminder list for faculty, staff and students that focuses on three behaviors:

  • Protect your Net-ID
  • Practice good cyber hygiene
  • Be vigilant of phishing scams

Tener asks departments and units to make the list a part of the onboarding materials they share with all new employees.

Net-ID

Tener said a Net-ID protects access to important university data and provides several tips to keep information as safe as possible.

  • Use a long, hard-to-guess passphrase for your Net-ID password
  • Don't reuse the password on other sites
  • Don't share the password with others
  • Only enter it at login.iastate.edu

An ISU employee will never ask for a password and never send anyone else your multifactor authentication text message code. If a user is not trying to log in and receives a multifactor authentication push notification, Tener said to choose "No, it's not me" and email security@iastate.edu.

Best practices

There are several ways to ensure personal and university information is safe, beginning with keeping student and research data only on ISU computers and approved cloud services.

Always set a screen lock on your computer and other devices and lock it when you are away. To quick-lock a computer: 

  • On a Windows computer, click the "Windows" + "L" keys. 
  • On Macs, click "Control" + "Command" + "Q." 

Tener also advises users to install software updates as soon as they are offered and avoid fake software updates which always appear in a browser window. Only install software apps from official app stores.

Phishing scams

Phishing is a fraudulent practice that involves emails or text messages that appear to come from a legitimate source to trick people into giving away money or sensitive information or giving a scammer remote access to their device.

Faculty, staff and students can be targeted and should look out for:

  • Personal assistant job scams
  • Gift card scams
  • Fake invoice attachments
  • Links to webpages that look like login screens, but aren't Iowa State's
  • Links to forms that ask for your password or other personal information

Users can report phishing emails by using Outlook's "Report Phishing" button.