As digital hacking and identity theft become prevalent, it's important to build habits that will protect your online accounts, safeguard your devices, and, most importantly, guard your identity.
Use Memorable, Long “Passphrases”
Easy to remember; hard to guess. A strong password is often a passphrase, like “Elementary m’dear Watts1”, with substitutions so that it is not common English. Refer to our Password Management Best Practices FAQ for more information.
Before you click on an email link, take a moment to question the legitimacy of the email and think about what sort of information the sender is asking you to provide. When in doubt, contact the sender to check if it’s valid, or report the email by forwarding it to firstname.lastname@example.org.
Phishing attack examples:
Google Docs OAuth Attack (2016). An attacker sent an invitation to edit a Google Doc. When clicked, a pop-up window asked the user to allow the “application” to perform certain actions (i.e. view contacts, etc). Clicking then gave the attacker rights to perform those authorized actions.
Banner Credentials Attack (2017). A compromised Davidson account was used to send demands for “Outstanding payments.” The link led to a page asking for Banner credentials and, upon entering any information, the page displayed a “wrong password” alert. This technique is often used to gain further credentials and to dissuade users from reporting a phish.
Dropbox Trojan (2017). A compromised Davidson account was used to send invitations to edit a “Dropbox document.” After clicking on the link, a virus called a Trojan, a type of malware that performs activities without the user’s knowledge, was downloaded.
Keep your Devices Updated
Software updates for your browsers, plugins, operating systems, etc. often fix weaknesses that can be exploited by hackers. Failing to perform updates puts your system at risk.
Seek out “Secure” https:// sites
Sites that have “https” in the url have an added layer of protection that helps ensure the safety of visitors. If you are ever unsure about the legitimacy of a website, check the top left side of the URL box in your browser for an indicator. (See the image below.)
Enable Two-Factor Authentication
If the information you’re accessing is confidential or sensitive, you might consider enabling two-factor authentication (usually under an app’s security settings) as an added layer of protection.
Note: All Davidson students and employees are required to have Duo Two-Factor Authentication. If you are new to campus, you will automatically be prompted as part of the on-boarding process or when accessing a Duo protected account, such as Outlook. To manage your device, go to duo.davidson.edu while on campus.
Store Important Info Deliberately
Be aware that sites like Google Drive and Dropbox may not be as secure as you would like. Before storing important information in them, be sure to educate yourself on the security implications for both.
For employees: If you handle “Confidential” Data, as defined in the ADS policy, be sure to contact T&I about the appropriate way to store those materials.