By Julie Goldstein, cyber-risk IT security analyst, UCOP. The need for cybersecurity is increasingly evident. Major cyber attacks, ransomware attacks, and data breaches are in the news regularly. Criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal personal or private information or passwords, or trick you into giving out information you shouldn’t reveal. Last year’s cyber attack on UCLA is a reminder that UC is also a target.
Fortunately, each of us can take simple steps to protect ourselves at work and at home. The following rules of thumb can help:
Protect yourself from phishing and ransomware
- Never click on unknown links or files in emails, texts, social media sites, etc.
- Don’t click on links in pop-ups.
- Beware of messages or phone calls asking for login or other private information.
- Back up your important files.
- Report threatening or suspicious email and texts. Don’t respond to them.
Keep your passwords secure
- Never reveal your password to anyone.
- Use long passwords that contain a mixture of letters, numbers, and special characters.
- Use different passwords for work and non-work accounts.
- Use two-factor authentication where available.
Protect your phone and other portable devices
- Don’t store any information too sensitive to be stolen.
- Back it up.
- Use complex passwords and automatic screen locking.
- Don’t leave it lying around – even just for a second.
- Don’t jailbreak or hack your phone or tablet.
Keep your private information private
- Once you share it online, you can’t take it back!
- Check your privacy settings regularly.
- Never give private information – by phone, email, IM, text, Facebook, Twitter, etc. or in person – to anyone you don’t know or who doesn’t have a legitimate business need for it
- And again, never share your password.
By taking these precautions, you will help protect yourself, your family, and the UC community.
Visit UC’s National Cyber Security Awareness Month web page for a schedule of cybersecurity webinars throughout October, posters, fact sheets, videos, a student cybersecurity presentation, outreach ideas, and more, plus links to the security sites for each campus.
I don’t agree with the advice of not jailbreaking or hacking your phone. In Android phones one of the best things you can do to stay safe and protect your privacy is to NOT run stock firmware from manufacturers. They are notorious for not releasing security patches quickly and for pre-installing permissive bloatware. Running a vanilla version of Android (AOSP), adding security settings only available on rooted devices (Xposed framework), or installing third party bootloaders (twrp) to help backup and encrypt your phone can be tremendously more secure than not doing so. As blanket advice saying to run stock firmware seems pretty lousy.
Thank you for your comment. The main point is that for the average person, jailbreaking or rooting a device introduces risks that can outweigh the perceived benefits, including malware specifically targeting jailbroken or rooted devices. This is best practice in information security, and why the recommendation was made.