Each week, we have a section in OIT Weekly about information security.  We give tips and tricks to help you protect yourself from bad actors.  Given how much information security is in the news, this information can feel boring or redundant.  Recently though, the University of Michigan experienced a significant information security event that had them shut down the internet on the first day of classes across three campuses.  This event is a not-so-gentle reminder that the threat is real and ever-present.  We have been and will be accelerating our activities to beef up our defenses and reduce our risk profile.  You, though, are still an active part of our security plan!  Bad actors know that their best targets of opportunity are within the organization itself.  While it may be inconvenient and a little frustrating because we have so many things we want to accomplish, pausing to determine the authenticity of an email or a web page is worth its weight in gold.  When in doubt, don’t click.  It’s okay to ask – we will be happy to assist in verification.  Thank you for everything you do – it is greatly appreciated.   Now, for this week’s security item:

Guarding Against Credential Harvesting

In today’s digital age, securing your online credentials is crucial. Let’s explore the threat of credential harvesting and how you can protect yourself and our university more succinctly.

Understanding Credential Harvesting

Credential harvesting, also known as phishing, is when cybercriminals trick individuals into revealing sensitive information, like usernames and passwords. These attackers often use deceptive emails, fake websites, or phone calls to achieve their goals.

Why Higher Education is a Target

Universities, including ours, are appealing targets for cybercriminals due to the wealth of sensitive data, diverse user base, and complex IT environments.

Protecting Yourself and Our University

To defend against credential harvesting:

• Verify Emails: Confirm the sender’s identity before clicking links or downloading email attachments. Always report suspicious emails to the IT Help Desk.
• Strong, Unique Passwords: Use complex, unique passwords for each account, and consider a password manager for secure management.
• Multi-Factor Authentication (MFA): Enable MFA for added security.
• Stay Informed: Keep up with cybersecurity threats and university updates.
• Report Suspicious Activity: Promptly report any threats to the IT Help Desk.
• Educate Others: Share your knowledge to raise awareness.

By following these steps, you protect your identity and contribute to our university’s cybersecurity. Safeguarding credentials is vital in today’s digital landscape. By staying vigilant and informed, you enhance both personal and institutional security.