Early Bird

Secure yourself

Part 3 of this semester’s cybersecurity series from ITS.

By Corey Oxenbury

November 21, 2019

A critical component of any security environment is the people working within it. A system might be thoroughly secured, but it won’t matter if the people using that system don’t practice healthy security standards. Being aware of how to secure your devices and secure your data is an important aspect of securing yourself digitally, but there are other things to keep in mind as well.

• Be mindful of suspicious emails. Spam emails, like phony survey requests or too-good-to-be-true investment opportunities, are regularly sent to hundreds of thousands of email addresses in the hopes of catching someone unawares. Other malicious emails are socially engineered to closely match a targeted person or group’s regular correspondence: The font, formatting, signature, display name, and sometimes even email address of a trusted source, can all be imitated, leading unsuspecting recipients to provide important or protected information to the wrong person. If you receive a suspicious email, you shouldn’t do anything it says without verifying its legitimacy.

• At MSU Denver: Office 365’s automatic email filters help to keep a lot of bad messages away, but there’s always a chance a fraudulent message will make it to your inbox. ITS provided tips for verifying the legitimacy of an email message earlier this year, and you can also forward suspicious emails to spam@msudenver.edu for ITS to review. Not only will this help verify the email, it will also help ITS take steps to protect the University from threats, such as updating our email filters or blocking bad links.

• Be aware of other social engineering attempts. While social engineering is often employed in email, the techniques are used in other kinds of attacks, too. Someone from “tech support” may call and instruct you to install software from an unusual website, or someone who “has a meeting” in your area may ask you to unlock a door. The methods might be different, but the goal is the same: to make you unwittingly give them access to protected areas, systems or data.

• At MSU Denver: Social engineering techniques often rely on peoples’ desire to be helpful and cooperative – but remember, being professional and following protocol are not the same thing as being unhelpful. Verifying someone’s identity or calling someone back rarely takes long, and anyone who works at the University will understand the need to follow security policies and practices.

• Maintain good password practices. Making complex passwords ensures they’re hard for attackers to guess or access using brute force. Regularly changing your passwords and keeping them unique between systems also helps to mitigate or prevent damage if your password somehow becomes compromised.

• At MSU Denver: Like most modern businesses, MSU Denver requires passwords be changed at regular intervals throughout the year, and also has complexity and history requirements for new passwords. The University also began implementing a second layer of account security in the form of Multi-Factor Authentication this year. Please check the MFA Initiative page for more details.

This is the final installment of this semester’s series on cybersecurity, but please remember being cybersecure is an ongoing process. Bad actors are always developing new techniques and strategies which can be deployed very rapidly. Above all, staying alert and staying informed are the most important things you can do to keep your devices, data and yourself secure.

If you have any questions or would like assistance with security, please contact the ITS Service Desk at 303-352-7548 or support.msudenver.edu.