Protecting Your Digital Life

October is National Cyber Security Awareness Month. That may not sound like it means much to you, but trust us, it should.

What We Do

In OIT, it’s our job to ensure that your digital identity stays secure. That identity includes all kinds of your personal data, whether that’s your email inbox, your academic records, your billing information or your employment files.

We do that job in several ways.

• In-person password resets. All employees are required to come to the Help Desk in Moody 309 to have their university passwords reset by OIT. (We don’t do resets by phone or email request.) A photo ID is required. We recognize this is a burden, but this way, we’re able to verify you are who you say you are.
• Self-service recovery options. To ease that burden, we also offer self-service password reset options at account.stedwards.edu, with a phone or text recovery option. This is why it’s so important to keep your phone number on file up to date, which you can also do at account.stedwards.edu.
• Account security questions. When you first arrive at St. Edward’s and activate your account, you set up security questions as an option for recovering your account down the road. When coming up with the answers to these questions, we recommend making them information that isn’t available anywhere else. If they’re so difficult you can’t answer them, you can always use the text recovery option.
• Two-factor authentication. We’re beginning to explore other options to protect your university account. Any of those options would involve two-factor authentication. What does that mean? When logging in, you’d be required to present another piece of data besides your password (like a special code sent by text to your phone).
• Technology security checks. Anytime we bring new technology to campus (whether it’s G Suite or new lab computers), we run it through some kind of security and privacy evaluation to make sure it meets certain standards. We also routinely perform or request security audits on our systems and services, across the board.
• Computer encryption. We check frequently on industry standards when it comes to university security. Starting this fall, we'll begin rolling out full-disk encryption to all faculty and staff computers on campus. Under this arrangement, new devices will come encrypted and older computers will be encrypted when they're reimaged or repaired. 

What You Can Do

There are a number of steps you can take right now to ensure the accounts in your day-to-day life are protected.

• Respond to data breaches. Given the severity and scope of the Equifax cyberattack, it’s important to be proactive in dealing with it. (Even if the response from the company is less than ideal.) The U.S. Federal Trade Commission has several potential steps to take if you’re concerned your information might have been exposed. Those steps include placing a credit freeze and fraud alerts on your information with all three credit agencies.
• Monitor your credit. Beyond those immediate steps, it’s important to keep tabs on your credit reports and activities year-round. Consider an app like Credit Karma, which lets you easily see your information and spot suspicious accounts in your name.
• Set up multi-factor authentication where you can. Google has simple two-step verification that will send a sign-in code to your phone by text, call or mobile app. If you have a TIAA retirement plan through the university, you can also add two-factor security through your account settings. Typically, you can enable this added security with your cellphone provider, too.
• Lock down your banking. We’ve said it several times now, but we’ll say it again: enable multi-factor authentication for access to your bank accounts — whether on the web or via a mobile app. (UFCU offers this service.) You should also set alerts on your bank transactions. The sooner you spot something fraudulent, the easier it is to address with your bank.
• Beware low-tech schemes. Sometimes, it really is the simple things to watch out for: an unsolicited phone call, or even a paper form or a letter. Hackers can use stolen information to make these low-tech cons, at a glance, seem legitimate. If you receive these kinds of communications — especially if you weren't expecting them — always double-check the source in some other way (e.g., confirming with someone you already know or someone who can independently verify at an organization).