National Cybersecurity Awareness Month 2023

• Complexity is Key: Make each password long and strong.  The more characters in your password, the stronger it is. Mix special characters (e.g., &,! #) with numbers and letters to increase your password’s strength. You can see Kent State University’s password requirements here.
• Avoid Password Reuse: Never use the same password for multiple accounts.  A breach of one account could jeopardize the security of all of your other accounts, if they share the same password. If you’ve used your FlashLine password with services outside of the university, please change your password to something unique.
• Make a Passphrase: To make passwords easier to remember, use multiple words to create a passphrase, such as “Dont4getYourLunch!”
• Use Password Managers: Password Managers, like LastPass, Apple Keychain and 1Password, can take the hassle out of remembering your passwords and can auto-fill them into login forms.  Additionally, they can assist with creating strong passwords for you. Even better, they can sync across all of your devices (computers, phones, tablets, etc.). Check out this tip sheet to learn more about password managers.

Want something fun to do? Check out this Cybersecurity Word Search!  Complete and submit your finished word search by Friday, Oct. 6th  and be entered to win a prize at the end of the month!  You can submit your completed search here.

It is worth noting that hackers are resilient.  While MFA does improve your security, a tactic that has started becoming more common is something known as an MFA fatigue attack (or MFA bombing).  This is when a hacker repeatedly tries to log in with stolen credentials until the victim approves one of the requests. If you run into this situation (either with your kent.edu account, or any personal account), do not approve unknown requests and change your password immediately.

To make sure your kent.edu account is as secure as possible, please visit https://LoginHealthCheck.kent.edu to make sure MFA works on your account and has up-to-date information. It is worth noting that Kent State’s version of MFA is risk- based, meaning that you will only receive an MFA request if an application requires a check every time OR if there is something unique about your login (e.g., unknown location / unknown device).

See it so you do not click on it. 

The signs can be a bit subtle at times, so the first thing is to slow down, take a few seconds and look over the email and think if it looks legit. Here are some tips on how to spot a phish email and not take the bait! 

Think about what you see: 

• Does it contain an offer that is too good to be true?
• Does it have language that is urgent, alarming, or threatening in any way?
• Is the greeting generic or just plain odd?
• Does it include requests to send personal information or log in with your credentials on a provided link, or asking payment information?
• Does it stress an urgent action to click on unfamiliar hyperlinks or attachments?
• Look closely at the sender’s email address, does it match the company it’s coming from, or should come from?
• Look for emails with bad grammar and misspellings like pavpal.com. or anazon.com for examples
• Is it requesting you to log in with your credentials on a link, asking for payment information or sensitive data?

OK you think you see a phish email now what do you do?

If the email came to your Kent University email address, report it to phish@kent.edu to be analyzed. It is best to report it quickly and if it is a phish, it will be destroyed along with any others like it. So, recognizing and reporting phish not only helps you be safe, but you help others before they possibly take the bait, because they are not yet able to spot a phish.

If the email went to your personal email address, do not do what the email says if you think it might be phishing. Do not click on any links, or don’t even unsubscribe by clicking that unsubscribe link, and do not reply to the email.

REMEMBER: DON’T CLICK ON THE LINKS, JUST REPORT IT AND THEN DELETE IT!

You can take your protection a step further and block the sending address from your email program. 

• Keep up with patching: Regularly update the operating systems, software, and applications on all of your devices (computers, tablets, and phones). Software developers release patches and updates to address known vulnerabilities. Ignoring these updates can leave your devices exposed to potential cyber threats.
• Make it easier with automatic updates: Enable automatic updates whenever possible. This ensures that you receive the latest security fixes without having to intervene manually.
• Device Firmware: Don't forget about your routers, IoT devices like home security cameras and digital assistants.
• Backup Your Data: Before performing updates, back up your data to prevent any potential data loss during the process.
• Stay Informed: Keep an eye on security news and advisories. Sometimes, updates are released in response to active threats, so it's essential to stay informed.

These proactive measures can prevent significant security breaches and protect your data and identity. Stay updated and secure, and let's make the digital world a safer place during Cyber Security Awareness Month.