Information Security is important at all times, while at work, at home, and when traveling. Implementing safe cybersecurity best practices is important for individuals as well as organizations of all sizes. Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication are the basics of what we call “cyber hygiene” and will drastically improve your online safety.
Below are some tips the team has gathered to help you stay secure.
- To protect files for sharing within the university please use our file sharing system File Hawk.
- An overview on how to use File Hawk can be found at: Sending Sensitive Information via File Hawk
- To protect different types of Microsoft files and Adobe PDF files for sharing with resources outside of the university please see the How to Password Protect and Encrypt a File document.
Practice Good Password Hygiene
- Choose strong passwords. Remember, “longer is stronger”
- Avoid using the same password for different accounts
- Do not share your passwords with anyone
- Store your passwords securely using a password manager (not on a post-it under your keyboard)
Report Suspicious Behavior
Remember to Log Out
- Taking a moment to log out of a computer or web application is a simple, yet often forgotten, way to protect data.
Be Alert for Phishing Scams
- Don’t readily trust links or attachments
- Be on the lookout for common signs like odd “From:” addresses, poor spelling or grammar, or requests to provide personal information or credentials
- Please visit our Phishing webpage for a more information
With increased use of remote access, it is important to remain mindful of ways to minimize the risk to University and personal information. Here are some tips for safer remote computing:
- If you have an University-issued laptop, please use it for all of your work related needs to take advantage of the built-in security features.
- Avoid sharing your University laptop with others (family, children, etc.), and of course never share your NetID password with anyone.
- If you must use your personal computer for work related needs, please consider the following:
- Make sure your computer is up-to-date with all system patches and bug fixes.
- Always use antivirus software and check that it is running and actively updating. If you do not have anti-virus software, you can download Sophos Antivirus by logging into the MSU Software Repository.
- Do not use your NetID password as the login to your personal computer. This can help to protect your NetID account if your personal computer is compromised by malware or other security issue.
- Be cautious when connecting to wireless networks off-campus in public spaces such as restaurants, airports, etc. These wireless networks are often not using secure connection methods.
When traveling, we tend to worry more about our physical security than our cyber security. Here are some tips to remember when traveling:
Be Cautious of Public Wi-Fi Networks
- Avoid connecting to unsecure public Wi-Fi networks. When connected to a Wi-Fi network the user’s device sends information over that network without encryption.
- A public password protected network can still pose a threat. Hotels are famous for password protecting their networks but everyone who is staying in the hotel gets access to the same network which still leaves your information potentially available to a large number of people.
- An alternative to connecting to public networks is to use a VPN (Virtual Private Network) which will keep your information encrypted and adds additional protections to your data.
Disable Auto Join for Wi-Fi Networks
Our devices are set up to automatically connect to available wireless networks and Bluetooth devices. Turn off auto join and only connect manually when you are sure you want to. Automatic connections to our everyday devices at home, in our cars, and workplaces are helpful but dangerous when traveling.
Turn off Wi-Fi by navigating to Settings > Wi-Fi > Toggle Off
Turn off Auto Join by navigating to Settings > Wi-Fi > Ask to Join Networks > Off
Turn off Bluetooth by navigating to Settings > Bluetooth > Toggle Off
Turn off Wifi and Bluetooth by navigating to Settings > Connections. Tap the button next to each one to turn them off if you do not need them. You will know it’s turned off when the button next to each is grayed out.
Turn off Auto Join by navigating to Settings > Connections > Wifi > Choose the Wifi network and tap the button next to Auto Reconnect
Minimize Location Sharing
While away, you may want to update social media with locations and photos. Doing this allows criminals to know where you are staying and that your home is unoccupied and available for break in. Here are some helpful tips to think about when posting:
- Post your photos after returning from vacation to minimize the risk
- Turn off location sharing if possible
- Some apps rely on your location such as maps which is important while traveling. Most devices allow you the option to only have these location services on when that particular apps is in use.
- This can be set when you first open the app or you can navigate to the app permissions on your device via settings.
Update Operating Systems and Applications
Updating all operating systems and applications across all devices will give you the latest security updates and offer you the most protection. This will fix any bugs or vulnerabilities that were found in previous versions.
Practice Safe Web Browsing
Websites store valuable and personal information about you in the form of cookies. If you are connecting to public networks, safe browsing becomes even more important. Make sure you are connecting to websites via HTTPS (the lock in the corner of the address bar of your browser).
Whether at home or traveling, you are susceptible to phishing scams. These scams can occur via email, phone call, and text messaging. Make sure to check for all the usual signs of attackers. Please visit our Phishing webpage for a more information.
Backup Your Data Before Leaving
Backing up your data is something that should be done regularly, but most importantly you should back up your data before traveling. Losing a smartphone or laptop can be expensive, but most of the time the data contained within them is more critical. Create a backup of your data, including personal, work, and other essential files. Store it on a physical drive if possible or on a cloud storage service.
Do not leave your devices unattended. Meal times are optimum times for thieves to check for unattended devices in hotel rooms. Avoid advertising that you have devices by keeping them in your pocket or bag if you do not need them.If you are using your device in a public area, pay attention to people “shoulder surfing” in order to obtain your passwords as you type them in. Consider attaching asset tags to your devices so that you can track them if they are stolen.
Secure Your Passwords
Always make sure to use secure passwords that are unique and change regularly. Make sure to create different passwords for each platform to reduce the impact if a password is compromised.We suggest implementing Multi-Factor Authentication (MFA) such as DUO or Google Authenticator to ensure 2-step protection. We also recommend using a password manager such as LastPass to keep track of all passwords.
Skimmer Devices/Credit Cards vs. Debit Card Use While Traveling
Skimmer devices allow criminals to gain access to your credit and debit cards information without having to touch you or using your physical card. The best suggestion would be to look into a RFID wallet or cardholder to prevent data theft of your cards.When traveling, try to use a credit card over a debit card when making purchases whether online or in person. Using a debit card will allow criminals direct access to your bank account and information while a credit card charge can be easily disputed.
Additional tips for international travelers can be found at: https://www.fcc.gov/consumers/guides/cybersecurity-tips-international-travelers
If you would like more information on our security policies and procedures, please check out our Information Security Policies video.
From a computer, move your mouse pointer over a link without clicking. The actual web address of the link should appear at the bottom of the browser window or in a pop-up.
From a mobile device running iOS (Apple) or an Android OS, you can evaluate embedded links by pressing and holding the link down with your finger or stylus. A pop up dialog should appear and then let go. The dialog should show the full URL of the embedded link and other options.
If the web address shown by the hover over does not match the text or intended context of the link, it may be spoofed. For example, if a link to “www.montclair.edu” or “Montclair State University” appears to be pointing to another domain such as “http://www.somewhereelse.com/”, that may be a spoofed link.
Keep in mind that malicious websites may be created to look very similar to a legitimate site but the URL may use a variation in spelling or a different domain (e.g. .com or .net). Do not click a link if you can’t conclude it is safe!