Security Best Practices
YOU are the vital link in computer security.
Below are some recommendations to reduce your risk to cyber threats.
- Use Two Factor Authentication (2FA/MFA) where possible:
UNF uses Duo Security 2FA. Two-factor
authentication combines something you have like a phone or token with something
you know --your password. For personal accounts, a convenient resource to find which websites support two factor authentication is
- Be aware of phishing:
Stop. Look. Think. Where possible, avoid clicking on links and attachments in email and on the internet.
- Use Anti-virus software:
Set your anti-virus software to constantly monitor your system using "real-time monitoring" and keep your virus definitions up to date.
- Use a Password Manager/Passphrase:
Consider using a password manager to secure all of your passwords. Otherwise, use an easy to remember and longer passphrase (at least 15 characters or more) that is different for every website!
- Maintain up-to-date security patches:
It is important to keep your computer up to date with the latest fixes and updates for your operating system. New vulnerabilities are frequently discovered and fixed. Keeping your computer current reduces your risk.
- Establish a backup schedule for important data:
Creating and following a backup policy is vital. Not only could a virus wipe out critical data, but a hard drive failure or even a lightning strike could damage or destroy your computer. A backup is just like an insurance policy for your data. UNF does not backup your workstation data. We recommend using a cloud service such as OneDrive for Business.
- Lock your devices:
When you leave your computer or mobile device for even a few minutes, lock it down by either invoking a password/pin or a time based screensaver.
Use a VPN:
Always use a VPN while traveling or using unprotected networks (a coffee shop Wi-Fi network for example). UNF offers this as a free service to all Employees and Students.
KnowBe4 Home Course
UNF has partnered with a renowned security education firm, KnowBe4, to provide a quick and entertaining personal security awareness course to the campus community. We urge you to take it as the lessons learned may help save you all the stress and financial loss of credential theft or identify theft.
The video course, which can be found in myWings under "Employee Tools" or "Student Tools", uses real-life examples to show the dangers of the internet and what you need to do to stay safe. Each section has a live demonstration showing how the "bad guys" take advantage of unsuspecting users, and finishes up with a “security check” quiz at the end.
Cyber Security Tips
10 Cybersecurity Awareness Tips
- Don’t click on directed links (in emails, text messages, etc.), especially those that are asking you to enter sensitive information. It’s best to go directly to the source.
- Don’t overshare on social media. These details can provide hackers with your location, ammunition to craft spear phishing attacks, and answers to security questions. Think before you share!
- Don’t go “out of bounds” for communication, E.g. if you’re buying something on eBay, and the other party wants to negotiate via email instead of the bidding system.
- Never reuse passwords between any website or service.
- Always be skeptical of any unexpected invoice, or request to get or pay for anything by using gift cards.
- Never answer authentication recovery questions (e.g. What is your mother’s maiden name?) with real answers. Unfortunately, that means you’ll have to write down each question and answer for each website that requires them, but you’ll be far less likely to have your account hijacked.
- It is ok to speak to (confirm with) an email sender’s request to transfer that $30,000 by the end of the day, even if it is your boss. Better safe than sorry.
- Know who to report any suspicious emails to at your workplace. Don’t delete the email – report it.
- Invest in a password management tool – ain’t nobody got the time to remember all those passwords!
- Be vigilant with suspicious SMS messages. Your bank will NEVER ask you to access your account from an SMS.