Welcome to Cybersecurity Awareness Month! BGSU Information Technology Services (ITS) is excited to announce our participation in the Cybersecurity and Infrastructure Security Agency’s (CISA) annual campaign where together, we can increase our cybersecurity online, at work, and at home by taking a few basic steps.
Throughout the month we will share tips on how to stay cyber safe online, at work and at home via Campus Update, Our BGSU and social media posts. This information will focus on CISA’s “4 Things You Can Do to Keep Yourself Safe”:
4 Steps to Increase Cybersecurity
- Turn On Multi-Factor Authentication
- Update Your Software
- Think Before You Click
- Use Strong Passwords
Learn more about each step and how they are utilized at BGSU below!
1. Turn On Multi-Factor Authentication
You need more than a password to protect your online accounts, and enabling Multi-Factor Authentication (MFA) makes you significantly less likely to get hacked! BGSU uses Duo Two Factor Authentication as its MFA method to protect valuable information and resources like your BGSU email, Canvas, the MyBGSU portal and the BGSU VPN. We also suggest using MFA to protect your other accounts like social media, banking, personal email, etc.
ITS recommends using Duo push notifications as your Two Factor Authentication method, and you should never approve an authentication attempt that you did not initiate.
2. Update Your Software
Don’t delay – if you see a software update notification, act promptly. Better yet, turn on automatic updates! Be sure to update the operating system on your mobile phones, tablets, and laptops (personal and university –owned). It’s also important to update applications, especially the web browsers, on all your devices.
Thanks to ITS' updated process, most application updates occur in the background and require no user intervention. most application updates occur in the background and require no user intervention. However, there may be times you receive a prompt on your university device asking you to confirm or continue an update. This change will keep your software secure and at optimal performance.
3. Think Before You Click
Phishing attempts are becoming more prevalent as hackers become better at disguising their messages and links. These attempts to access your personal information could come in the form of an email, text message or even a phone call. It may look/sound legitimate and seem to come from your email service, friend or coworker but seems a little off. Perhaps the timing of the message is out of place, it’s littered with mistakes or just seems suspicious. This is likely a phishing scheme, many of which are disguised in the form of a clickable link/URL in an email that looks like it will take you to a specific or familiar destination, but in reality, it does not. Typically, these links are configured to do one of the following:
- Take the user to a malicious webpage that attempts to install malware on the user's computer. The malware can do anything from retrieving the user's password to encrypting or stealing data from the user's device.
- Redirect the user to a fraudulent login page where the user enters their username and password under the impression that they are logging in to a legitimate website. From this page, hackers can access the user's password which can then be used to log in and access protected services.
Always be cautious before you click on any link, and if a message seems suspicious report it to ITS by following these instructions:
- Do not click on any links/attachments.
- Do not respond with any sensitive information.
- Do not pass along to your peers or supervisors.
- Do not forward to any ITS email addresses other than email@example.com.
- Send to ITS for investigation using the Outlook Report Message button or by forwarding to firstname.lastname@example.org.
- Delete the message from your Inbox.
4. Use Strong Passwords
It can take an experienced hacker as little as 30 seconds to crack an 8-character password, with the average being 12 minutes. Password length and complexity requirements help prevent your password from being guessed. The longer and more complex a password is, the more time it takes for a computer/hacker to guess what it is. You should also use unique passwords for each different application and site you access.
In March 2022, ITS increased the BGSU password character requirement to 12 characters; however, we recommend passwords of at least 16 characters to better protect your account and the University. You can also use free services like “Have I Been Pwned” to check if a recent privacy breach has compromised your account and to determine if a password change is necessary.
Updated: 09/28/2023 10:49AM