Cyber Hygiene

• Use 2FA/MFA
• Make passwords safe
• Update your software
• Recognize and report phishing
• Backup data and devices
• Dispose of data and devices securely

---

Your personal and UW institutional data are valuable – and it’s important to keep them secure. Although cyber threats such as software vulnerabilities and human errors can pose risks to data, cybersecurity doesn’t have to be overwhelming. Embracing just a few proactive practices can greatly strengthen the security of our data and systems.

Here are some easy cyber hygiene practices to help get you started.

Use 2FA/MFA wherever possible

Multi-factor authentication (MFA) adds a layer of security by requiring two or more pieces of evidence – like a password, phone, or security token – to verify your identity when logging in. Two-factor authentication (2FA) is a specific type of MFA that requires exactly two forms of evidence.

• Use MFA or 2FA for any account that supports it, especially work, school, email, banking, and social media accounts.
• While MFA adds security to your accounts, it does not replace the need for strong passwords. Be sure to use long, complex, and unique passwords for each account, and avoid easily guessable words or phrases.
• If you receive an MFA request but aren’t trying to log in, don’t approve it. Instead, report the attempt and change your password.

More info

• Two-factor authentication
• Entra ID 2FA Authentication

Make passwords safe

Protect your personal and UW data by using strong passwords and good password habits across your accounts and devices used for personal, student, employee, research, and patient data.

• Don’t reuse your UW NetID password on other accounts.
• Use multi-factor or two-factor authentication for additional security.
• Use passwords with at least 18 characters.
• A passphrase can make your password more memorable.
• Mix letters, numbers, and keyboard characters to strengthen your password.
• Password managers can help you create (and remember) long and random passwords for your accounts.
• Use secure services for secure connections, such as eduroam for Wi-Fi on campus and Husky OnNet VPN for home and other off-campus locations

More info

• Passwords infographic
• LastPass Enterprise Password Manager

Update your software

Keeping software updated is one of the easiest ways and most important ways to protect your devices and data from security vulnerabilities. Regular updates to your computer, phone, laptop, and other devices can address potential security risks, such as malware.

To keep your personal devices secure:

• Enable automatic updates on your operating system, and manually check if automatic updates are not available.
• Back up your data before updating, and schedule regular backups so you’re prepared when automatic updates occur.
• Keep applications updated and delete any that you no longer use.
• Accept browser updates when you are prompted and check regularly for updates.
• For home devices like routers, review manufacturer documentation for update instructions.
• Ensure anti-virus software is up to date and running on all devices.

If you’re updating UW-owned technology, consult your IT support team or vendor for guidance. For more detailed information, review our update and patch guidance, which includes tips like Microsoft’s Patch Tuesday and other ways to keep software updated.

More info

• Update and Patch
• CISA: Update Software

Recognize and report phishing

Phishing is a common form of email fraud in which cyber criminals and other adversaries try to trick you into clicking links or downloading attachments so they can steal valuable information, like your UW NetID login credentials or download malware on your device. These phishing attempts can come through emails, texts, or phone calls and are the most common way UW and personal data are compromised.

• Be cautious of unsolicited emails, texts, or calls asking for personal information.
• Be skeptical of urgency in emails – it can be a warning sign of a fraudulent message.
• Never share sensitive information like login credentials over the phone, texts, or in email.
• Don’t click on links, open attachments, or scan QR codes from unknown sources.
• Verify requests for information by contacting the person or organization through a trusted method.
• Beware of spear phishing tactics in which criminals target individuals or groups, like researchers, to steal certain data.

Tips to Stay Safe

• Think before you click on any links or attachments, even if it’s from someone you know. If you’re unsure, call the sender to verify.
• Review the phishing examples page to see currently active phishing campaigns.
• If you realize you’ve clicked a phishing link, contact help@uw.edu for guidance.
• For personal computers, use Sophos antivirus software and keep it updated. UW community members can download Sophos for personal use free of charge.
• Be cautious of money transfer requests, job offers, or gift cards solicitations.
• Scammers often send phony checks that clear initially, then bounce – leaving you responsible for the money.
• A password manager can help you by only prompting passwords on verified login pages.
• Always back up your data in case you are hit by a ransomware attack.
• Review our scams page and share the information with others.
• Report Suspicious Activity:
  • Phish and scams specifically targeting UW: security@uw.edu
  • Phishing messages: help@uw.edu

More info

• Phishing infographic
• Phishing guidance and training video
• Scams web page
• Spear phishing guidance

Federal Trade Commission:

How to Recognize and Avoid Phishing Scams

Back up data and devices

Backing up your data is essential, especially with the growing threat of ransomware. Ensuring your computers, phones, and critical data are securely backed up can protect you from data loss. If you are unsure of how to back up UW-owned devices or data, check with your IT support team.

Follow the 3-2-1 Rule
It’s important to use multiple methods to back up your data – make sure at least one backup is not connected to your computer. Backups connected to your system can become infected by ransomware or other malware.

An easy way to do this is to follow the 3-2-1 rule for effective backups:

• 3 copies or versions of data
• Stored on 2 different pieces of media
• 1 backup off-site and in an immutable format (meaning it can’t be deleted by the system that created it).

In this context, “immutable” means the backups can’t be altered or deleted by ransomware, giving you added protection from bad actors.

Backup Best Practices

• Ensure backups are stored offline or in an immutable form.
• Encrypt your backups for additional security.
• Restrict access to backups with multi-factor authentication
• Make sure backups can be restored quickly and test the restoration process regularly to ensure everything works before a security issue arises.

More info:

• • World Backup Day infographic
  • Ransomware video
  • U Drive Backups
  • UW-IT Data Backup service

  Dispose of data and devices securely

  Desktops computers, laptops, smartphones, and portable storage devices may still contain personal or UW data, even after the data has been deleted. It’s critical to securely wipe devices before disposing of them or sending them to UW Surplus.

  • For personal computers or laptops, follow the manufacturer’s guidelines for securely wiping data before disposal.
  • For UW-owned devices, consult your supervisor or IT support team and follow procedures for device management and tracking before sending devices to UW Surplus.
  • For smartphones, follow the manufacturer’s instructions to erase all content and reset the device to factory settings.
  • Visit the secure disposal page for more detailed instructions and links to specific vendor websites.

  More info:

  • Secure Disposal of Computers and Devices
  • UW Surplus: Preparing items for surplus