Phishing
Phishing is an attempt to obtain your personal and confidential information (financial or otherwise) by posing as a legitimate organization; most commonly, phishing is executed via email.
CITES has created a complete guide to spotting phishing attempts.
You can report phishing attempts by forwarding the message to report-spam@illinois.edu*. When forwarding the message be sure to include the full email header, Google has a guide to finding message headers with full instructions for various email clients.
*If the message you report has already been recognized as a phishing attempt by CITES, the email you forward to them will be returned as undeliverable and you may simply delete the message.
If you are unsure if you are having legitimate phone or email communication with the University you can email consult@illinois.edu or call 217-244-7000 for help in determining the legitimacy of the communication.
CITES and the Office of Privacy and Information Assurance (OPIA) have begun blocking users on campus networks from visiting certain domains and websites known to be malicious or contain malicious elements. A Full explanation of this blocking service is available on the OPIA website. If you believe a blocked site is legitimate and should not be blocked send an email to consult@illinois.edu for OPIA to review.
Passwords
It is important to create strong passwords for all of your personal and University accounts that require password logins, this includes email accounts, your Active Directory account, financial institution accounts, and others.
A strong password:
- Is at least 8 characters in length.
- Is a combination of uppercase letters, lowercase letters, numbers, and symbols (!, @, $, etc.).
- Does not include any dictionary words.
CITES has created a complete guide to creating a strong password.
The University uses a two-factor authentication service called DUO. If you are registered, this service requires a second authentication factor when logging in to your University account after entering your netid and AD password. This is a way to help prevent an unauthorized person from accessing your account even if they know your password.
More information on two-factor identification and register for DUO.
It is important to use a different password for each of the password-login accounts you hold so that if one of your passwords is compromised a person would not have access to more than one of your accounts. CITES provides a full description of the importance of using different passwords for each of your accounts.
Password managers allow you to only have to remember one, very strong, master password that will give you access to all of your other passwords stored in an encrypted database. Password managers are more secure than saving passwords in your web browser because password managers encrypt the data.
CITES has created a guide to University-endorsed password managers.
Sensitive Data
The loss of sensitive data, personal or University-related, is a real and present danger.
Sensitive data includes, but is not limited to: Patron data, human subject data in research, CFOPs, resumes, Social Security Numbers, etc.
A complete guide to what data the University considers sensitive can be found using our Data Classification Guide.
CITES recommends asking yourself 4 basic questions before accessing sensitive data:
- Do you really need to access the sensitive data?
- Do you really need to make a copy of the sensitive data?
- Do you really need to share the sensitive data with someone else?
- How long do yo really need to keep a copy of the sensitive data?
The University provides multiple options for your storing/sharing work data:
- H and G drives
- Use a Box account to store and share University data.
- Send secure emails using PEAR
- Use Eraser to remove sensitive data from your hard drive
- Disposing of hard copies
It is best not to send any sensitive data over email, however, here is a list of information that should NEVER be sent over email:
- Social Security Numbers
- Financial information (credit card number, bank accounts, etc.)
- Passwords
- Answers to password reset questions
Phishing attempts often ask for this type of information to be sent over email, never responding to requests like these is one way to help keep your information safe.
Working Away From the Office
When working away from the office, it is important to take precautions when conducting University business.
We have laptops available for all Library faculty and staff to borrow when they need to work away from their office computers. These machines are equipped with antivirus software and allow you to access your G and H drives securely. Sign up to loan out a laptop.
The University VPN provides a secure and encrypted connection to campus from anywhere; some University resources are only available off-campus through the VPN. Instructions on how to download and install the VPN.
A Box account is a secure way to store and share University data without being connected to the VPN.
When using a home wireless network, it is important to follow the necessary steps to secure your wireless network.
Security Training
The campus Security Office provides general computer security training for University affiliates.