Welcome to week 2 of National Cyber Security Awareness Month!
CREATING A CULTURE OF CYBERSECURITY IN THE WORKPLACE
YOU ARE AN IMPORTANT PART OF INFORMATION SECURITY!
One of the most critical parts of information security is the end user. There are only so many technological solutions to a secure environment. Since a chain is only as strong as its weakest link, it is critical that end users are informed and educated on cybersecurity as it applies to their job functions, whether as faculty, staff, or students. Here are some things to keep in mind if you work with computers for your job or in relation to your studies.
- Never share your passwords. This includes passwords for Active Directory, Jenzabar, VikingWeb, and any other system you use that contains sensitive material. Sensitive material can be anything from student grades, financial information or even your next term paper. This also applies if anyone, even someone from the Office of Information Technology, asks for your password. Do not share your passwords.
- Lock your computer if you are stepping away from it. It is two keystrokes on a Windows (Ctrl + L) computer and three on a Mac (Control + Shift + Eject or Control + Shift + Power if you don’t have an optical drive). This applies whether you are working or studying, as the loss of school work is every bit as intrusive and damaging, at least personally, as the loss of data from financial and academic databases. Also, after using a public computer, be sure to log out so the next person that uses the machine will not have access to your accounts.
- In relation to using public computers or using computers in public areas like the library, be aware of your surroundings. Don’t allow others to “shoulder surf” you by literally looking over your shoulder at your screen, especially if you are accessing private data. This applies to staff and student workers in office settings also. Be aware of who is around you and what they are doing.
- It is a good idea to never access sensitive data like bank accounts or grade information from public machines.
- If you work with college records, whether financial or academic, do not improperly handle this information by distributing it without authorization, especially if you are not the owner of the information.
- Learn how to spot “phishing” emails and other attempts to deceive you into revealing private information or account credentials.
Come back next week when we discuss cybercrime and how to avoid it.