Online Safety and Best Practices
- Use strong passwords and change them often
- Use antivirus software for your computers
- Hover over hyperlink in messages to make sure they are taking you where you want to go
- Forward suspicious messages in your UMBC email to firstname.lastname@example.org
- Verify unusual request from UMBC, your bank, friend, etc. by calling them at a trusted number
- Use the most current versions of apps, virus protection, and any other software
Password Best Practices
Simple measures, like passwords, are things that we don’t put much thought into. How many of us have one or two general passwords that we use for all our accounts? Just thinking about it only makes you realize how much trouble you would be in if this actually came to pass. It’s always better to be safe than sorry so now’s the perfect time to reconsider how you protect your accounts. Here are some tips to consider in order to decrease the chances of your account getting hacked:
- Change your password periodically: Regular password changes are theoretically a good idea because they ensure someone can’t acquire your password and use it to snoop on you over an extended period of time. For example, if someone acquired your password they can log-in as you and monitor your private conversations as well as use your identity to send unwanted emails.
- Don’t use simple passwords: Avoid consecutive keyboard combinations such as “qwerty” or “1234”. Do not use personal information such as your name, date of birth, age, pets name, etc.
- Use a combination of letters/number/characters: Use at least 8 characters of numbers, letter, and/or symbols. A lot of sites include a password strength analyzer. Use this tool to create a strong combination to obtain the safest password. You can also make it fun! For example, the password “2B-or-Not_2b?” is a strong combination of letters, numbers, and symbols that says “to be or not to be”.
- Manage your passwords: It’s already hard enough trying to remember all of your passwords, but when you have to constantly reset your password it gets annoying. It’s okay to write your passwords down as long as they’re in a secure place. You can also use online tools to manage your passwords.
- Logout: A lot of times we forget to logout when we’re in a public place. Make sure to logout every time you step away from your computer. The next person to gain access to your computer can easily gain access to your accounts.
- Use the same password (or very similar ones) between multiple accounts
- Respond to suspicious emails, direct messages, or other correspondence
- Click any links in an unsolicited email, even one to “unsubscribe”
- Trust any offer which seems “too good to be true.” It probably is.
- Share any personal information by email, or on a site which does not begin with “https” and lacks the “lock” icon
UMBC will never prompt you to give a username or password except through its official WebAuth Site.
UMBC Phishing and Spam FAQs
Phishing attacks have been a problem for many years. Typically, hackers send messages asking members of our community to click on a link or reply to an email message with a password. Their goal is to trick our community members into giving them access to our accounts and information. Sometimes, they pretend to be DoIT and send messages to ask for your password or to tell you that there is a problem with your UMBC account.
Recently, hackers have expanded their efforts by trying to send messages as people from the campus community using that person’s name and title to request information. They try to choose a name or title that the community would trust. As examples, they have requested information about how to wire money out of the campus and get people to send checks to outside addresses. They have also requested that people send them files containing the social security numbers of community members. In some cases, they have also impersonated UMBC vendors. In each of these examples, they have tried to make their phishing messages appear to come from a person that the campus would trust.
Hackers are motivated by money and resources and will continue to try to get to our accounts, information, and resources. The only thing that can stop them is the UMBC community working together to block their attempts. Here are some questions that DoIT frequently receives and the answers:
- What is phishing/spam?
- How can I identify a phishing attack?
- What does DOIT do to protect me from phishing attacks?
- How do spammers get my email address?
- What information should I not send in an email?
- What should I do if I receive a suspicious email?
Security Awareness Training
For specific departments and individuals, UMBC provides a training program provided by KnowBe4, administered by the Division of Information Technology. These training modules help us to fulfill federal and state audit requirements, and provide good general knowledge on information about a variety of topics in information technology security. Our testing has shown these hand-picked topics to be timely, relevant, and informative.
This training incorporates several user roles, and those roles have been assigned based on type of sensitive data and level of access to which the user has been granted. Not everyone will get the same training, but the training should be appropriate to specific job functions. If you believe modules have been assigned in error, please contact your supervisor or email@example.com.
These training modules vary in length, averaging about 15 minutes each. They may be started and stopped at any time, and do not have to be all completed in one sitting. The link below will lead to the courses available.