Your online account contains important digital assets such as documents, email conversations, access to private services, etc., It is important to always be aware of best security practices and common mistakes to identify and avoid possible threats. These practices will apply not only to your UBNet account but all your online accounts in general. Spend few minutes to know about keeping your account safe and secure.
The more you know about the best practices, the safer you are.
How to secure your account?
Let's see what you can do to keep your account secure.
1. Strong and Unique password
Yes, it is another new password. The most common way to fall victim to a data breach is with a weak password. Always choose a strong password (combination of alphanumeric and symbols) to increase the complexity of any software program to hack. Do not make it easy to guess with having names or birthdays in it.
It is also a common practice to use the same password for multiple online services. Do not use the same password for any other service. Even if your password is strong, if you fall for phishing or another social engineering (more on these below) attacks, your password will be exposed. In these cases, having a password unique to each service will keep the loss of data/access to just one service and prevent the hacker from accessing other services.
Imagine, having one key for your car, house, office and someone stole it. Avoid this situation by having different passwords.
2. Add account recovery options
With added complexities, sometimes we all forget passwords used for certain services. In these cases, to access your account you should set up recovery options with your service provider. A recovery option is one additional verification step to make sure your identity is verified and get back to your account when you lose it. It is commonly verified by a phone/SMS, other email address that you can access. (Setup verification for your UBNet account)
3. Update passwords frequently
Your account is more secure when the password is updated frequently. This will help keep your account safe in case an old password was exposed at some point. (Update your UBNet account password here)
4. Do not share your passwords
Do not share your passwords with anyone. Even with all the above steps, your account will be vulnerable if you chose to share your password with someone especially in emails, text, written notes, etc., You cannot assume that other's accounts are secure to share your credentials. If they fall victim to a data breach, so will you. If you have already shared passwords, it is time to update them.
5. Sign out everywhere
Always make sure to sign out of your online accounts before leaving your desk. Do not leave a computer session running when you are not in the office. Make a habit of logging out of systems after use.
6. Do not visit insecure websites
A website is considered insecure if it does not contain 'HTTPS' as the prefix of the address. For example, https://www.bridgeport.edu is a secure link but, http://www.bridgeport.edu is not.
How to be safe and prevent a threat?
Technology is changing fast and it is hard to keep up with a variety of ways hackers try to access your data.
So, it is also important for us to be proactive and look out for possible threats to be on the safe side. Let's look at the following
1. Phishing attacks
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
An attack can have devastating results. For individuals, this includes unauthorized purchases, the stealing of funds, or identify theft.
Examples of phishing attacks:
- A spoofed email from bridgeport.edu is mass-distributed to as many student/ faculty members as possible.
- An email asking to log in with your credentials on a website to access unknown documents/tracking shipments.
- An email warning to change your password on a different website.
These are the type of attacks commonly people fall for. The best way to avoid these is to be skeptical about the address of the email(look for unknown senders), time of the email (look for unusual hours), suspicious links (check the address of the website). All emails originating outside the organization will have a notice in the message. All the University of Bridgeport managed websites will have bridgeport.edu in address. If you are suspicious about an email, ask firstname.lastname@example.org to verify the authenticity.
2. Impersonation attacks
An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data, or payroll information), or revealing login credentials that attackers can use to hack into a company’s computer network. CEO fraud, business email compromise, and whaling are specific forms of impersonation attacks where malicious individuals pose as high-level executives within a company.
How to recognize an impersonation attack?
Unlike common phishing attacks, which are often unspecific and filled with grammar or spelling mistakes, impersonation attacks are highly targeted and well-crafted to appear realistic and authentic. There are a few things, however, that point to a potentially fraudulent email:
- An urgent and possibly threatening tone. Most impersonation attacks request or demand that the recipient act immediately. Some impersonation emails may threaten negative consequences if the recipient doesn’t act quickly enough. This is intended to prevent the employee from taking time to double-check before acting
- An emphasis on confidentiality. Some impersonation attacks will suggest that the action is part of a confidential development or secret program that should not be discussed with colleagues or immediate superiors.
- A request to send money or share sensitive information. Any request to transfer money or to release sensitive financial data, payroll information, or intellectual property should be corroborated through multiple channels. (source)