Hunter McMillan, Encryption Services Analyst
Tulane faculty, staff, and students are vulnerable to information theft, data loss, and identity impersonation which can be used for profit and exploitation if steps are not taken to secure devices and accounts. Focusing on best security practices will help reduce these threats.
Best practices for cybersecurity and securing your information:
- Change your Tulane email password frequently, and use different passwords for individual sites and services. Using a password manager can reduce the burden of having to remember multiple passwords. A password manager, for example Last Pass, may also be used to generate secure passwords conveniently and store them securely.
- Carefully review emails received from unknown senders. Does this person have authority within Tulane to make you act upon their request? Look for grammatical errors in the body of the email that would typically not be made by domestic users. Look at any link in the email and ask yourself, “Does this look like an authentic Tulane message?” Ask, “Would Tulane use an external site to request your account credentials?” No! You can always forward a suspicious message to email@example.com or firstname.lastname@example.org to verify its validity. Avoid getting your credentials phished. Use the website https://password.tulane.edu to reset your Tulane email credentials.
- Have a screensaver on your computer that requires a password once you return to the machine. Set a low time limit until activation of the screensaver. This will stop others from using your computer without your knowledge. Contact Tulane’s Technical Support and Network Operations Center for assistance with changing this setting.
- Make sure to have Trend Micro Office Scan anti-virus and anti-malware installed on all computers. Trend Micro anti-virus is provided free through Tulane’s Software Distribution Center. Visit https://tulane.onthehub.com to download the latest version.
- Install the Open DNS roaming client on computers to safeguard against malicious web links and harmful internet sites when connecting through off-campus networks, for example using a coffee shop Wi-Fi or airport Wi-Fi hotspot. The Open DNS roaming client is provided free through Tulane’s Software Distribution Center. Visit https://tulane.onthehub.com to download the latest version.
- Keep your operating system and software up to date. Updates may appear to be unnecessary if the software is working properly, however security exploits are found and software must be patched to prevent undetected attacks. Just because a program is working without the latest updates does not make it secure.
- Ask Tulane’s encryption team about encrypting sensitive work data. Encryption of hard disk drives will prevent unauthorized viewing of your data at rest and will create peace of mind if the computer is stolen or lost. Certain types of data mandate encryption standards. Ask your department head or supervisor if the data you are working on must be legally secured with encryption. Contact email@example.com to request more information regarding encrypting university owned computers or computers you may be traveling with containing sensitive university data.
- Don’t share your credentials with others. If in doubt of your account being secure, change your password using the self-service site: https://password.tulane.edu This will ensure only you have access to your account.
- Where available, use two-factor authentication to secure systems and services. Two-factor authentication means having a second way of verifying your identity when accessing systems. If someone obtains your password they must have a secondary method to authenticate with your account which increases the complexity of breaching systems and mitigates bad actors.
New security systems and technologies will continue to be implemented to stop advanced attacks, however focusing on the human element is necessary to foster a secure environment within Tulane University. Attackers realize that it is easier to gain credentials by having individuals give them passwords through phishing rather than breaking new advanced security systems. Please be aware that you are on the front lines of cybersecurity at Tulane, and your actions will help secure the Tulane Community.
Hunter McMillan is an Encryption Services Analyst with Tulane Technology's Information Security Office.
Follow us on Twitter @TulaneInfoSec and on Facebook at https://www.facebook.com/TulaneTechnology