Cybersecurity
What You Need to Know
Safe computing practices are a combination of computer software and security settings. Be safe online and follow these tips to help you protect your computer and your information.
What You Need to Do
Beware of Phishing Scams
Phishing is extremely common and can be very problematic for the entire SJSU community. Good prevention practices and being vigilant are key to protecting us all.
- Prevent and Report Phishing Attacks
- SJSU Frauds and Scams Video
- Phishing Quiz - Can You Spot When You're Being Phished?
- How to Spot a Phishing Attempt
- DocuSign Phishing
- Information Security Awareness Training
- Know the available resources to keep your device safe. Use the Federal Communications Commission's Smartphone Security Checker on a regular basis.
- Do Your Boss a Favor and Don't Fall for a Gift Card Scam
Stay Safe Online
Use a Password Manager
Passwords shouldn't be written on sticky notes, stored in email or saved in plain old documents. A password manager is a secure app that keeps passwords encrypted and backed up for safekeeping. Find out more about the Password Mangers available to you through SJSU!
Multi-Factor Authentication
SJSU has now completly transitioned to requiring a second factor of authentication when logging in. Multi-Factor Authentication requires at least a second additional login step before you can access an account after proving your username and password. It combines something you know (your password) with something you have (a key or code), keeping you safer online. Find out more about SJSU's adoption of Duo Multi Factor Authentication on our Duo Website.
Generate Secure Passwords
The best password is the one you don't know. Use a password generator to create long, complex passwords, and use a different password for every single account.
Don't Remember Me
Don't select the "remember me" option on websites. Always logout when you're finished using your device, and let a password manager remember all your passwords and login for you next time.
Stay Up to Date
Software updates contain important security and usability improvements. Always update browsers, apps, and your operating system promptly so that old bugs don't give hackers a way into your devices.
Browse on HTTPS
Using HTTP means that anyone can spy on the data you're sending over the web, making it easier for someone to steal your username and password. Look for HTTPS for a secure connection on the web.
Lock Your Screen
Keep prying eyes away from your computer and mobile devices with automatic lock screens. Set your screen to time out after a few minutes of inactivity and require a PIN or passcode to get back in to your device.
Be Stingy with Permissions
Before you download that app or sign up for that new website, read the privacy and permissions policy so you understand how it plans to store your data.
Protect Your Personal Information
Protect Your Identity
Limit the amount of personal information you share or provide. The following is a list of information that you should not post online:
- Address (city and state may be safe) do not post your Residence Hall, sorority house
address, or even your home address
- Your class schedule or where you work
- Social Security Number
- Birthday (if you do list it, post month and day only, and leave out the year)
- Cell phone number or home phone number
- Passwords or account information
Secure Your Accounts
Ask for protection beyond passwords. Many account providers now offer additional ways for you verify your identity before you conduct business on that site.
Make Passwords Long and Strong
Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique Account, Unique Password
Separate passwords for every account helps to thwart cybercriminals.
Write It Down and Keep It Safe
Everyone can forget a password. Keep a list that's stored in a safe, secure place away from your computer.
Own Your Online Presence
When available, set the privacy and security settings on websites to your comfort level for information sharing. It's ok to limit how and with whom you share information.
Secure Your Mobile Devices
Use Strong Passwords
Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords.
Keep Software Up-to-Date
Install updates for apps and your device's operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities.
Disable Remote Connectivity
Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use.
Be Careful What You Post and When
Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.
Guard Your Mobile Device
To prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it's not in use.
Know Your Apps
Review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security.
Download the Following Applications
Anti-Virus Sophos
- A cross-platform security solution featuring antivirus, client firewall, Network Access Control, and data encryption visible in one simplified, cloud-based console.
- Access Sophos and get your Free Sophos (Anti-Virus) software.
- Learn more about Sophos: What You Need to Know about Sophos Antivirus Software & Sophos Home Premium Antivirus Software
Duo Two-Factor (MFA) Authentication
- A security application that requires two methods (known as factors) to verify your identity before accessing your system.
- These factors may include a username and password in combination with a smartphone app to approve authentication requests.
- Once MFA is activated on your device, it authenticates anywhere and anytime, making it much more difficult for unauthorized users to exploit weak or stolen credentials and gain access to your system or data.
- Access Duo MFA, plus instructions and more on What You Need to Know about MFA
Sophos Safeguard Encryption
- An automatic full disk encryption security application that transparently protects your data against malware, theft and accidental data loss
- Continuously validates your identity, application, and device using Windows BitLocker and Mac FileVault without disruption to your workflow
- Your data stays encrypted even if it’s shared or uploaded to a cloud-based, file-sharing system
Properly Dispose of Level 1 & Level 2 Data
Secure Media Disposal
SJSU IT has a free HIPAA, PCI-DSS and NSA-certified device shredding service for all electronic media, including: hard drives, SSDs, thumb drives, and cell phones. Any devices, components, or electronic media containing confidential Level 1 or Level 2 data must be destroyed by an approved data destruction process.
What Happens if You Don’t Act
Security is everyone’s business in the SJSU community. It has to be in order to keep us all safe from cyber attacks.
Student/faculty/staff safety, personal information, trade secrets, our networks, etc. are all vulnerable in today’s digital world, so we must all work together to keep SJSU and our community as safe as possible.
The steps above are easy to take. We promise you that the old adage is true: “an ounce of prevention is worth a pound of cure.” If you haven't been hacked yourself, ask a friend who has. The time, costs, and trouble to recover can translate to hundreds, thousands, and even millions of dollars.
