Phish Files
Abstract Aliens On Flying Saucers Northern Lights Lighthouse Mountains Water Tree Sun Background Gradient Unidentified Flying Object Ufo Stars Vector Design Style Landscape
Phish Files Articles
January 23, 2026

Data Privacy: It’s Not Just an IT Thing

Posted in: News

Data Privacy Week logo in space.

Data Privacy Week is a reminder that protecting personal and university data isn’t just IT’s responsibility—it’s something we all do every day. Universities handle sensitive information like student records, financial aid, research data, and HR info. Small actions, like clicking a link or approving a login prompt, can put that information—and your peers’—at risk.

Below, we break down practical ways to protect your data, explain why they matter, and give you actionable steps.

Passwords and Account Security

Strong passwords and proper account security are your first line of defense. Even a single reused password can allow attackers to access multiple accounts.

Why it matters:
Reusing passwords or approving an unverified Duo prompt can let attackers access email, cloud storage, and personal accounts—sometimes without you realizing it until it’s too late.

Do:

  • Use strong, unique passwords for all campus and personal accounts. Consider a password manager if you have trouble remembering them.

  • Enable Duo Verified Push instead of phone or SMS. Verified Push requires you to confirm a number on your screen, which prevents MFA fatigue attacks.

  • Lock devices when unattended and log out of shared computers.

Don’t:

  • Reuse passwords across multiple accounts.

  • Approve Duo prompts you didn’t initiate.

  • Share passwords with anyone—even a friend or coworker.

Example:
Last semester, a Montclair community member accidentally approved a phone-based Duo request that came from an attacker trying to log into their email. Switching to Verified Push could have prevented it.

Phishing and Social Engineering

Attackers often manipulate people rather than systems. Emails, text messages, and fake notifications can look official and urgent.

Why it matters:
A single click on a phishing link can compromise your account, exposing sensitive student, research, or HR data. These attacks are often targeted using information pulled from social media or publicly available sources.

Do:

  • Pause before clicking links or downloading attachments. Hover over links to verify destinations.

  • Use the Phish Alert Button (PAB) to report suspicious emails—it sends them directly to Information Security.

  • Verify unexpected requests via a trusted method, like a known phone number or official campus portal.

Don’t:

  • Reply to messages asking for personal info or credentials.

  • Approve logins you didn’t start.

  • Assume a familiar name or department guarantees a message is safe.

Examples to watch for:

  • Fake DocuSign or eSignature requests with generic greetings.

  • Account expiration warnings that create urgency.

  • HR or payroll messages that ask you to confirm personal info.

Social Media and Oversharing

Information shared publicly online can help attackers craft convincing scams.

Why it matters:
Attackers gather data from profiles, posts, or event calendars to impersonate people or organizations. Oversharing can make phishing attacks appear legitimate.

Do:

  • Regularly review privacy settings on all social media accounts.

  • Limit sharing schedules, roles, or location details online.

  • Pause and think before posting personal information about yourself or others.

Don’t:

  • Post sensitive details that could help attackers guess passwords or security questions.

  • Accept connection requests from unknown people who ask for personal information.

Tip:
Even seemingly harmless posts, like class schedules or club leadership info, can be used by scammers to make phishing emails more convincing.

Everyday Digital Habits

Small, routine actions can add up to big risks if not managed carefully.

Why it matters:
Lost devices, outdated software, or accidental oversharing can create vulnerabilities that attackers exploit—often without the victim realizing.

Do:

  • Keep devices, browsers, and apps up to date.

  • Review app permissions and revoke unnecessary access.

  • Double-check before sharing sensitive info or clicking “Allow.”

Don’t:

  • Forward sensitive info via email unless necessary.

  • Ignore repeated or unexpected login notifications.

Stay Informed and Engage

Data privacy isn’t a one-week event—it’s an ongoing practice.

Do:

  • Follow the Phish Files for real examples and tips.

  • Follow IT Instagram for alerts and reminders.

  • Report suspicious activity using the Phish Alert Button (PAB).

Don’t:

  • Assume protecting data is only IT’s job.

  • Delay taking action on suspicious messages.

Bottom Line:
Data privacy is a shared responsibility. Small, thoughtful actions—like using Verified Push, reporting suspicious emails, and practicing password hygiene—protect not only your data but the entire campus community.

Want to Know More?

National Cybersecurity Alliance | Data Privacy Week

National Cybersecurity Alliance | Data Privacy Week Webinars

NordVPN | National Privacy Test

White & Case | New Jersey Enacts Comprehensive Data Privacy Law

NJ Consumer Affairs | New Jersey Data Privacy Law FAQs