Lock Down Your Login

October is National Cyber Security Awareness Month! This annual campaign is intended to remind and inform us about cyber security awareness. The more aware we are, the safer and more resistant and resilient we can be to cyber attacks when they occur.

With the growing potential for being a victim of cyber crime, practicing good cyber security is absolutely critical. Taking time to learn how to stay safer and more secure in our ever-expanding digital lives is one step we can each take to become more cyber aware.

UC Santa Cruz is participating in National Cyber Security Awareness Month with the theme, "Lock Down Your Login" and by sharing these five steps to help you gain peace of mind and more control over your online security.

Cyber security is a shared responsibility. Please take time to learn about each of these five steps. 

Protect Accounts with Strong Authentication

What is strong authentication?

Strong authentication – sometimes called 2-step verification, multi- or two-factor authentication, or login approval – provides an extra layer of security beyond your username and password to protect against account hijacking. Many online services, including email, banks, and social networks, offer this free extra security protection to help ensure it’s actually you trying to access your account – not just someone who stole or guessed your password. UCSC Multi-Factor Authentication

How does it work?

Strong authentication requires you to have more than just your password to sign into your account. Strong authentication tools are widely available on major email and social networking sites. Here are the most common methods you can choose from:

  • Security keys: A small device that plugs into your USB port or is used in conjunction with a phone, which you use when logging in.
  • Biometrics: A fingerprint, facial recognition or other unique personal identifier, used during the login process.
  • One-time codes: A unique code sent after entering your username and password, usually by text to a mobile device that is then entered on the site to verify it’s you.

Don't be a Billy! Be Cybersmart

Watch this short video to learn some quick tips on how to be more thoughtful to get us all started on the road to Internet safety. This is straightforward practical advice on how to steer clear of Internet hazards.

Don't be a Billy!  2 minute video

Avoid Phishing Attempts

What is phishing?

Attempts by cybercriminals, nation states, or hacktivists to lure you into giving away personal information to gain access to accounts or to infect your machine with malware and viruses are called "phishing." Phishing attempts can happen through a variety of channels, including email, social media, or text messages, and can compromise security and lead to theft of personal and financial data. Highly targeted attacks on groups or individuals are known as "spear phishing".

What tactics are used in phishing attempts?

Phishing messages can come from hijacked accounts of people you know, making them hard to distinguish from real messages. Additionally, cybercriminals commonly use infected documents or PDF attachments as vectors for their phishing attempts. Another common trick attackers use it trying to get victims to sign in on a fake login page where their usernames and passwords can be stolen.

How do you avoid phishing attempts?

Phishing attempts can often get through spam filters and security software that you may already have in place, so stay vigilant and trust your instincts. Keep an eye out for things like unexpected urgency or a wrong salutation. Think twice about clicking a link or opening a document that seems suspicious. Double-check that every URL where you enter your password looks legitimate. And if anything raises doubt, delete or report the communication.

What to do if you receive a phishing attempt?

Visit UCSC's ITS page on phishing.

Use a Password Manager to Generate and Store Unique Passwords

Why are unique passwords important?

Password reuse for multiple accounts is one of the most commons ways accounts are hijacked. When passwords are reused, having your credentials stolen for one account means hackers can gain access to other accounts that use the same login details.

What makes for a strong password?

In addition to being unique, security experts agree that a strong password is at least 12 characters long, containing a mix of letters, numbers and symbols. Maintaining strong and unique passwords will decrease the risk of password guessing based on commonly used passwords, information about you that might be publicly available, or password cracking tools that hackers use. Strong passwords

 Get a Password Manager

 It is really hard to remember a lot of strong and unique passwords. Thankfully, there are a lot of tools out there to help. Using a password manager only requires you to remember one master password to access your other passwords. ITS recommends using LastPass. It's free to use, will safely store all your passwords, and can generate strong passwords for you. This makes it incredibly easy to use different, hard-to-remember passwords for every account, so you only have to remember the one master password to get in.

Protect Your Mobile Devices

Why should you secure your mobile devices?

Mobile phones and tablets contain a wealth of personal data, including emails, contacts, schedules, your locations, and direct access to apps. When your mobile device is lost or stolen, your data goes with it, making any information contained on the device vulnerable.

How do you secure your mobile devices?

The first layer of mobile security is locking your device with a passcode, touch ID features, or other biometric. In case your phone is ever lost or stolen, make sure you’re aware of the different offerings that exist to help you remotely locate or lock your device, or wipe data from it. Some of these features may be built in by the operating system, carrier, or available via an app. Your systems administrator might also have specific rules to follow if you lose a work device.

More information about mobile device security.