News & Resources

• Keep multiple forms and generations of backups (i.e. onsite disk, off-site cloud-based storage with file-history or snapshots) 
• Keep anti-virus, operating systems (OS), and malware protection current through updates. 
• Do not reuse passwords across sites! Carefully consider pros and cons of password vaults. (For more password recommendations, see passwords below.) 
• Lock devices and do not leave mobile devices unattended. 
• Verify email sources and links for legitimacy 
• Be cognizant of security and privacy settings across social media platforms. 

This is a fraudulent attempt to gather any sensitive information, usually by some form of impersonation. Phishing executed over a variety of mediums, often by email, but also including messaging, and text. Spear phishing is tailored to a specific group or organization. According to KnowBe4, 91% of data breaches start with a successful spear phishing attack. For more information, see KnowBe4

The IT Services and CEI Helpdesk have setup a phishing email button in email clients allowing users to mark a suspicious email for review. Any phishing tests and trainings will automatically notify if you successfully “caught” the phish.

Basic principles of cryptography prescribe more degrees of entropy or “randomness” to increase the time an attack takes to carry out (i.e. longer, more complex passwords are stronger). Each additional character in a password exponentially increases the total possible password combinations. We recommend:

• Use long passwords, greater than 12 characters. This can be done using phase-phrases in combination with special characters, upper and lower case, and numbers. See webroot password tips.
• Make passwords complex within reason (i.e. use some special characters and numbers). Passwords written down are inherently insecure. 
• Keep passwords memorable to you, but still secure (i.e. don’t use dictionary words alone because of dictionary-based attacks). Create your own long-password or passphrase system. 
• Do not use simple dictionary word combinations or easily obtainable public information! 

As indicated above, keep current with OS updates, malware and antivirus, and firewalls. Limit file-sharing, unknown downloads or links, and especially email attachments. We also strongly recommend using non-administrator accounts for daily activities as much as possible. This will do much to prevent system-wide infections.

Look for “https://” or the “lock” icon to ensure that communications are encrypted when sending sensitive information. These indicate varying degrees of safety on websites depending on the level of encryption used.

Banking malware is rising and cybercriminals are targeting mobile platforms. Credentials can be stolen via text/SMS, email, social media, etc. Any data you put “out there” is at risk. We recommend avoiding saving payment information, especially with smaller online vendors. Limit all personally identifiable information (PII) shared online, in any format, as guiding rule for good internet-hygiene.