IT Office Shares Advice for National Cybersecurity Awareness Month

Students work on a laptop on South Campus Image by Jim Higgins
With an average of four internet-connected devices each on campus, students can take some basic steps to guard against cybercrime.

10/19/2017
By Ed Brennen

October is National Cybersecurity Awareness Month. But for the university’s Information Technology office, cybersecurity is a 24/7, 365-days-a-year affair.

“As the university has grown in size, so too have the cyber threats and the risks posed by those threats,” says Assoc. Chief Information Officer and Chief Information Security Officer James Packard, whose office is responsible for protecting the university’s sensitive data and computer systems from attacks by an invisible army of cybercriminals.

While the university invests in an array of technological defenses (such as firewalls, encryption and multifactor authentication) to help thwart cybercrime, Packard says the most important line of defense is ultimately the students, faculty and staff who log on to university systems each day to learn, collaborate and work.

“We have many layers of best-of-breed technologies,” Packard says, “but the human element will always be the weakest link in any security strategy.”

That said, here are some safety tips to keep in mind when working on a computer or mobile device:

A student works on his laptop at the McGauvran Center Image by Adrien Bisson
Students should protect their computers and mobile devices with passwords and antivirus software.

Don’t get phished in

Ever get an email from Facebook, Amazon, your bank or even UMass Lowell asking for your username or password? Don’t answer. Legitimate companies won’t ask for those details in an email.

Phishing emails are becoming more sophisticated, with logos and links that look authentic. But pay attention to obvious alarms like misspelled words, punctuation errors and poor grammar. They often sound urgent in tone. “You MUST do this now …”

And be extra careful when checking email from your phone, as you’re more likely to be in a hurry and let your guard down. Plus, it’s harder to see a suspicious sender address or bad formatting on your phone’s small screen. According to Packard, 90 percent of people who respond to phishing attempts do so from their mobile phones.

Protect your password

Need to change your password but complex rules make it difficult to think of a new one? Try using a passphrase, which is constructed by using the first letter of a sentence that is easy to remember. For example, “I went on vacation to Disney World in 2005” would be the passphrase “IwovtDWi2005.”

You can also use a password manager such as LastPass to help you create non-guessable passwords that you can then store in a secure “password vault.”

Log out

Always remember to log out of SiS, Exchange or any other UMass Lowell password-protected application. You wouldn't want someone else to gain access to your account when you walk away from a shared computer.

Students look at their phones in front of Southwick Hall Image by Jim Higgins
Phishing emails are harder to spot on a mobile phone, so students should be extra careful when checking their email on the go.

Mobile security

Between laptops, phones, tablets and gaming systems, students have an average of four internet-connected devices on campus. These devices are more powerful than ever and can store large amounts of data. Always keep your devices in a secure place (locked if possible) and always use a password or pin (which is required if you access your UML email on your phone). And of course, make sure your device has the latest security updates.

Run antivirus software

Did you know the university provides free antivirus software to all students, faculty and staff? You can get McAfee for your personal or university-owned computer — for both Apple and Windows operating systems.

Stay educated

The IT office will soon be offering faculty and staff free online training for security awareness. The training will take about 10 minutes and has a quiz at the end.

“A lot of folks know the basics,” Packard says, “but this level of training will get into some of the things that might not be readily known, like how to figure out if a URL is real or not.”

You can also learn more on the Information Security page. And if you ever feel like you’re the target of a cybercrime, call the IT Service Desk at 978-934-4357.