Fall Back into Cybersecurity: October is Cybersecurity Awareness Month
Posted Date:
October 9, 2024
Each October on campus, the leaves change color, the air gets crisp, and it's Cybersecurity Awareness Month. Northwestern IT has once again partnered with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance to provide best practices around cybersecurity.
Take the time to refresh your knowledge of the four key pillars to stay safe.
Use Strong Passwords and a Password Manager
While having a unique password for every account may seem cumbersome, it doesn't have to be. To create a password that is both strong and memorable, try a passphrase. A passphrase could be your favorite song lyrics, an inside joke, or an uncommon phrase. Passphrases are secure because they are easy to remember but hard to crack. We are fighting against computer algorithms that can guess passwords at a fantastic rate, so the longer the passphrase, the better—this is part of why NetIDs now require a minimum 12-character password.
While passphrases help make it easier to remember passwords, a password manager combines easy recall with seamless passphrase generation. Many options on the marketplace are available, with some of the most popular being 1Password, Bitwarden, and Dashlane. Apple also released a new password manager that is available on devices running iOS 18 or macOS 15.
When vetting password managers, be mindful that "free" services often collect and sell your personal data.
Turn on Multi-factor Authentication
Multi-factor Authentication adds an additional layer of protection by depending not just on something you know (your password/passphrase) but also on something you have (a hardware token, mobile phone app, or biometric authenticator). Northwestern IT took a major step forward in its Multi-factor Authentication (MFA) Enhancement project earlier this year, requiring more secure methods of MFA and Duo’s Verified Push.
Verified Push provides an additional layer of security against harassment and fatigue attacks by asking users to enter a verification code while approving an authentication request. This change ensures that you cannot accidentally approve login requests—since implementing Verified Push in July, Northwestern has measured a significant decrease in account takeovers.
While Duo MFA is a standard for systems at Northwestern, MFA is available for most services and applications available today. If you don't have MFA turned on for your bank, personal email, or other services, turn it on. It's a huge leap toward keeping your personal information and services secure.
Recognize and Report Phishing
Phishing remains one of the top cyberthreats to the Northwestern community. Despite the University's robust email defense system that catches hundreds of millions of malicious emails annually, many can make it to Northwestern inboxes. If you think something smells “phishy,” report it. While many phishing attempts are targeted to collect credentials or other sensitive information, they can also download malware or be a gateway for other threatening or criminal activity.
Northwestern IT has a few tips and resources to help identify and avoid phishing:
- Verify the sender. Bring a healthy level of skepticism to any messages that have odd language, urgent calls for action, or request personal information.
- Never open links directly from emails. Always verify any link's URL address in a separate browser or by using a URL checker tool. Also, consider where the link takes you—it may be a "login page" that is actually a Google Form to collect your password.
- Report it. If you think a message might be phishing or otherwise suspicious, report it to the Information Security Office—they can investigate and let you know if an email is safe. If you suspect a security incident has occurred, immediately contact your school or department's local technical support staff or the Northwestern IT Service Desk.
- Call the Northwestern IT Service Desk at 847-491-4357 (1-HELP).
- Email the Northwestern IT Information Security Office at security@northwestern.edu.
- Any incidents involving online harassment or physical device theft should be reported to University Police.
- Find more tips and see examples of phishing at Northwestern.
Update Software
You are not imagining it—you are getting prompted more often to update software on your devices. Nearly all technology today—laptops, smartphones, streaming devices, and the applications they use—are pushing out updates at an increasing rate. While these updates can include new user features like expanded emoji packs or built-in generative AI, they often contain fixes to critical vulnerabilities that threat actors can use to compromise your system or data.
According to the National Vulnerability Database (NVD), more than 28,000 vulnerabilities were identified in 2023. So far, we've already surpassed that number in 2024—more than 29,000 vulnerabilities have been identified, and there are still two months left to the year.
While it's easy to hit "Remind Me Later" and postpone an update, running the latest software ensures you have the latest security patches and precautions. Outdated technology can increase your target for attack because it can have weaker defense and widely known exploits. So, take the time to update your systems and applications when there is an update available.
Now that you’re familiar with the four key elements, join peers at Northwestern to test your knowledge against conference rivals by joining the Big Ten Academic Alliance Cybersecurity Gameshow!
Stay Secure All Year
The Information Security Office provides essential resources to help keep your personal, institutional, and research data safe. Visit the Secure Northwestern site for additional resources and tips to help keep your information secure.
Follow Northwestern IT on X and Instagram for the latest tips, news, and information to stay secure.