UW-IT’s annual cybersecurity message for 2023 was sent to all University of Washington students, faculty and staff and UW Medicine employees with approval from the Interim Chief Information Security Officer:
As National Cybersecurity Awareness Month (NCSAM) draws to a close, we are writing to remind you about ways to be safer and more secure online. Besides sharing the following cybersecurity tips, we want you to know that we have changed our name from Office of the Chief Information Security Officer to Office of Information Security to better describe the focus of our work. We look forward to working with you to protect personal data and UW institutional information.
Top 7 cybersecurity tips
1. Recognize phishing and scams.
Scammers commonly use phishing emails to trick you into giving them your personal information, such as passwords or credit card numbers, and they’re often successful. Be skeptical of any email that urges you to click on links or download attachments.
Phishing emails may appear to come from a recognizable person or organization, such as your supervisor, UW organizations, or the health department. Be suspicious of unsolicited job opportunities, offers of financial aid, requests to purchase gift cards or opportunities that seem too good to be true.
2. Secure your UW NetID and other accounts.
Be careful not to use your UW NetID password with any other account. Multi-factor authentication (MFA) helps prevent others from signing in as you, even if they know your password. Duo, a two-factor authentication (2FA) service, is widely used at UW for MFA and we recommend that you also use some form of MFA (or 2FA) for other accounts and services, such as personal email, social media, and bank and financial accounts.
3. Secure your computer and other devices.
Keep computers, devices and all applications — including antivirus software — updated and patched. Encrypt computers and devices, and keep track of the encryption key.
4. Secure UW institutional data.
Learn what types of data you are responsible for and take steps to secure data appropriately in applications. Four* data classifications are described on the UW Privacy Office website: UW Confidential, Restricted, Public, and Special Categories of Personal Data. Certain data types are protected by laws and regulations. Back up your data in at least two different ways, including one offline version.
5. Secure your Wi-Fi communications.
Configure your devices to use eduroam — a free, encrypted Wi-Fi network available at the UW (and at any eduroam-enabled institution throughout the world). There are instructions for how to set up your device to access eduroam on IT Connect.
6. Secure communications while working remotely.
Use a virtual private network (VPN), such as Husky OnNet, when working at home or remotely to access resources on the UW network. Take steps to secure your home Wi-Fi network by using strong passwords and the strongest encryption possible on home routers.
7. Know the rules.
State law prohibits the use of UW computing resources, tools or services for commercial or political purposes. Follow copyright laws for software, images, music or other intellectual property, such as books and videos. For more information, review the Appropriate Use web page on IT Connect.
If you have any questions or concerns, please contact help@uw.edu.
Thank you for helping to secure your personal and UW data.
Mark T. Nardone CISSP, CISM, CIPM
UW Interim Chief Information Security Officer
Office of Information Security
*Note: The email version of this message erroneously referred to three UW data classifications. There are four.