Security Awareness Tips

Getting some "phishy" emails? Remember the mantra: STOP! VALIDATE! DELETE!

Learn more about phishing and what to look for here: A Deeper Dive: All About Phishing

Sometimes, hackers can get a little sneaky. Social engineering is when malicious actors forgo the use of complicated hacking techniques in favor of their own wits. So instead of using computing tools and technologies, they utilize psychological manipulation in order to get users (you!) to divulge personal information. Phishing is actually a form of social engineering.

Social engineering has been a wildly successful way to weasel money out of unsuspecting users. In fact, it is being used in more than two-thirds of hacking activities, according to numbers compiled by Social-Engineer.Org. And as more avenues of attack open up, humans have become the number-one target for hackers, displacing machines in the top spot.

The best way to avoid the dangers of social engineering is to stay vigilant! If you experience anything suspicious (for instance, if you get an email from President Crawford asking for your bank account information), please contact InfoSec@MiamiOH.edu right away.

Ransomware is an important concept to understand within the information security field. This is a kind of malware that keeps users from accessing their systems by locking either the screen or files. A specialized kind of this family of malware is called ‘crypto-ransomware,’ in which the malicious program encrypts all of the user’s files, making it even more difficult to recover the data. These programs get their name from the fact that they hold data for ransom—asking for varying amounts of money in order to get the data unlocked.

Ransomware is a real threat. Companies lose billions of dollars every year thanks to these kinds of schemes. This exorbitant loss includes the cost incurred from lost productivity, lost files, and damage of reputation, among others.

To protect against ransomware, there are a few things you can do:

1. Back up your data.
2. Update your computer’s software.
3. Be suspicious of links sent to you in emails or social media messages, even if they appear to come from trusted friends.

If you suspect your computer has been compromised, immediately disconnect from the wireless network in order to prevent a possible infection from spreading.

In order to access Miami University files and programs from a location off campus, you have to use what is called a ‘Virtual Private Network.’ This is essentially an added layer of protection on our proprietary data, keeping Miami information safe from anything malicious that may be lurking on outside networks.

When you sign in with your computer or mobile device, the VPN encrypts all data sent from your computer to Miami—meaning that even if a hacker were to intercept the information, it’s not that easily decoded. This comes in handy when you need to do some quick work from home or access a file (such as your W-2) from another device.

For more information about VPN and how to configure it for your devices, visit the Knowledge Base.

Your MUnet password is used to log in to services like myMiami, Canvas, BannerWeb, Miami Directory, and email. We require that you change your password once every 180 or 365 days, depending on the complexity/strength of the code you choose. Essentially, the stronger the password, the more complex: For example, using letters, numbers, and special characters makes it harder for potential malicious actors to guess your password.

The full policy regarding how often, why, and when you change your password can be found in the Knowledge Base.

This is an important concept when it comes to password strength. Multi-factor authentication puts up another wall between your private information and would-be attackers. It requires users to fulfill another step or steps in order to log in to their accounts. Often, the service asks for a PIN or a temporary passcode that can be retrieved via an app or text message.