A recent FBI report on an uptick in cybercrimes in the higher education sector is a reminder to all employees that protecting University systems and data is a shared responsibility, and everyone has a role to play. While WVU has taken many steps to secure networks, computers and data, the threats are constantly changing, and faculty and staff must remain vigilant.
Here are some ways you can help defend WVU’s data:
Never use your WVU Login username and/or password on non-WVU sites. When those credentials are stolen from Netflix or Facebook, cybercriminals can use them to open a door into WVU systems.
Secure your WVU Login password. Don’t share it with anyone or write it down for someone to find.
Use a strong password or phrase. Ten characters is good, 12 even better. Use these tips to create strong passwords.
Be skeptical. Receive a suspicious-looking email? Don’t reply or click any links. Use the Report Message button in Outlook email or forward it as an attachment to DefendYourData@mail.wvu.edu.
WVU has already implemented many of the FBI’s recommended security measures to secure networks, computers and data, including: implementing two-factor authentication systemwide; limiting remote access to WVU systems, devices and data; enabling remote, automatic security updates to all WVU-owned and -managed computers; training and conducting phishing simulations; restricting access for people with administrative privileges on databases and servers; and segmenting networks to prevent unauthorized access.
“Security-related changes to the way WVU works are just part of the modern reality,” says Interim Chief Information Officer Brice Knotts. “Research universities like ours are data-rich targets for bad guys, and the threats are relentless and constantly changing. We need to be proactive in addressing them.”
That’s why developing a comprehensive, long-range Information Security Strategy is one of the foundational projects in the WVU Modernization Program,” Knotts said.
According to the report from the FBI’s Internet Crime Complaint Center (IC3), Russian cybercriminals in January 2022 sold or shared public access to college and university networks across the country, including Virtual Private Network (VPN) access. WVU was not affected.
The previous year, in May 2021, the FBI identified more than 36,000 email and password combinations for .edu accounts on a publicly available instant messaging platform. Usernames and stolen passwords can help criminals obtain and sell information or launch cyberattacks such as ransomware. This type of malicious software stops legitimate access to computer files, systems or networks by encrypting those resources and demanding a ransom to regain access.
The ITS Information Security Services team is notified when any WVU account has been leaked onto the Internet by malicious actors. Employees will be informed of actions to take, such as changing your WVU Login password or switching the email address you use for a personal service like LinkedIn to a personal email.
Learn more at DefendYourData.wvu.edu.