This message was sent to all UW faculty, staff and students.
This message is being sent to all UW faculty, staff and students with approval from the Vice President for UW Information Technology and CIO.
Links have been left out of this message. To find this message on the web, search the UW website for “CISO Annual Communications,” where you will find hyperlinks to all the related resources mentioned.
As part of National Cybersecurity Awareness Month, we want to share some best practices to secure your personal data and the University’s institutional information from theft and accidental disclosure. Cyberthieves and other adversaries are constantly adapting their tactics in order to take advantage of vulnerabilities, especially during challenging times. Securing data is our shared responsibility, so please be mindful of cyber threats and use University resources appropriately.
Be aware of phishing and scams
- Learn to recognize phishing emails, which may urge you to download malicious attachments or click on links that lead to web pages specifically crafted to steal login credentials, such as your UW NetID and password.
- These emails may appear to be from someone you know but are actually from a spoofed or compromised account.
- Recent scams have used the new remote working conditions, fears about the coronavirus or funding from the Coronavirus Aid, Relief, and Economic Security (CARES) Act to try to trick people into giving up personal and banking information. Other scams:
- Entice people to apply for fake jobs or buy gift cards by impersonating University employees.
- Raise alarm about an unemployment claim or a financial aid loan by impersonating an office at the University, such as the Financial Aid Office. They use a phony website to harvest login credentials for student financial aid accounts so they can use their own account for the direct deposit.
- Think before you click on links in email; only open attachments if you can verify the sender.
- Report phishing and other email scams to help @uw.edu (no spaces).
- Use strong passwords. Create strong passwords and don’t use your UW NetID password for other accounts.
- Use two-factor authentication (2FA). 2FA adds a layer of security when you sign in with your UW NetID. With 2FA, first you enter your password, then use a 2FA device to prove it’s really you.
- Opt in to use 2FA on the web. Employees and students can opt in to use 2FA when signing in with their UW NetID on the web. For more information, search for “Opt in to use 2FA on the web” on the UW website.
- Choose encryption. Use a virtual private network (VPN), such as Husky OnNet, to securely connect to University computers and networks from home and remote locations. Use eduroam, a free, encrypted service, for Wi-Fi while on campus.
- Secure data, devices and connections when working from home. Review “Working Remotely” online training and the “Securing Laptops” risk advisory linked from the home page of the UW Office of the Chief Information Security Officer’s (CISO) website.
- Back up your data. Back up your files and systems in at least two different secure places, such as on an external hard drive, shared drive, or secure cloud location, so that you aren’t vulnerable to data loss from ransomware. Be sure that at least one backup is offline and not connected to your computer.
- Report spam and phishing. Further instructions can be found on the “Protecting your email” page on the IT Connect website.
- Safeguard UW and personal information. More information about safeguarding the UW and personal information can be found on the Office of the CISO’s website. A digital postcard with information security tips for students is linked on the CISO home page.
- Know the rules. Some of the laws and policies governing your use of UW computing and networking resources can be found on the Appropriate Use web page on IT Connect.
If you have any questions or concerns, please contact help @uw.edu (no spaces).