When thinking of hacks, it’s best to think “when,” not “if.” So, how can you protect yourself against increasing cyberattacks?
You may be unable to stop these kinds of attacks — and so could we — we can collectively take steps to reduce the likelihood and impact, especially where your St. Edward's account is concerned.
What We Do
In OIT, it’s our job to ensure that your digital identity stays secure. That identity includes all kinds of personal data, from your email inbox and academic records to billing information and employment files.
We do that job in several ways.
- In-person password resets: To have their university passwords reset by OIT, all employees must verify their identity in person or over a video call. We recognize this is a burden, but this allows us to verify you are who you say you are.
- Self-service recovery options. To ease that burden, we also offer self-service password reset options at identity.stedwards.edu, with a phone or text recovery option. This is why it’s important to keep your phone number on file updated, which you can also do at identity.stedwards.edu.
- Account security questions: When you start at St. Edward’s and activate your account, you have the option to set up security questions for recovering your account. We suggest creating answers that are unique to you and not found anywhere else.
- Multi-factor authentication (MFA): When logging in, you must present another piece of data besides your password (like a special code sent by text to your phone). Find out more about MFA here.
- Technology security checks: Anytime we bring new technology to campus, we run it through a security and privacy evaluation to ensure it meets certain standards. We also routinely perform or request security audits on our systems and services across the board.
- Computer encryption: We check frequently on industry standards when it comes to university security. We use full disk encryption for all faculty and staff computers on campus.
What You Can Do
There are several steps you can take to ensure your accounts stay protected:
- Respond to data breaches. Given the severity and scope of many high-profile cyberattacks, it’s important to be proactive in dealing with them. (Even if the response from the company is less than ideal.) After the 2017 Equifax breach, the U.S. Federal Trade Commission identified several potential steps to take if you’re concerned your information might have been exposed. Those steps include placing a credit freeze and fraud alerts on your information with all three credit agencies.
- Monitor your credit: Beyond those immediate steps, it’s important to keep tabs on your credit reports and activities year-round. Consider an app like Credit Karma, which lets you easily see your information and spot suspicious accounts in your name.
- Set up multi-factor authentication where you can: Google has simple two-step verification that will send a sign-in code to your phone by text, call or mobile app. If you have a TIAA retirement plan through the university, you can add two-factor security through your account settings. Typically, you can enable this added security with your cellphone provider, too.
- Lock down your banking: Enable multi-factor authentication for access to your bank accounts — whether on the web or via a mobile app. (UFCU offers this service.) You should also set alerts on your bank transactions. The sooner you spot something fraudulent, the easier to address it with your bank.
- Avoid phishing attempts: Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information through emails or instant messages that claim to be from a business or organization you interact with, like your bank, a credit card company or a government agency. We have some tips for avoiding phishing attempts to help you keep your account safe.
- Beware low-tech schemes: Sometimes, it is the simple things to watch out for: an unsolicited phone call, a paper form or a letter. Hackers can use stolen information to make these low-tech cons seem legitimate. If you receive these kinds of communications, especially if you weren't expecting them, always double-check the source in some other way (e.g., confirming with someone you already know or someone who can independently verify at an organization).