September 08, 2020
Back to School Cybersecurity
The start of the school year brings changes for everyone, whether you’re a student, a staff member, or an educator. You may need to navigate new digital environments, create new online accounts, and safely share data, documents, and personal details. The following security tips can help you— and any students in your care—start the year strong. Be sure to check out the security resources in the sidebar after reading!
Prepare for New Networks
With COVID-19 keeping many students and personnel away from campus, it is important that our community members take security precautions when it comes to protecting their devices and network activity. The university’s network block protections are not effective on non-campus networks; therefore, each member should secure their network activity by connecting to the CMU network through a Virtual Private Network (VPN). Carnegie Mellon University offers a Campus VPN which encrypts your connection only when you're using campus resources, as well as a Full VPN which encrypts your online activity and redirects it through the CMU network.
If you’ve been sharing your computer’s library of music or videos on your home network, be careful not to accidentally share it with the entire CMU network and risk a violation of the Digital Millennium Copyright Act (DMCA). Before you join CMU's network, check your device’s settings, and disable file sharing. It’s also a good idea to check the sharing settings on any cloud storage services you may be using.
Secure Your Accounts
Your Andrew account is your gateway to the computing environment at Carnegie Mellon. Andrew accounts are created as part of the onboarding process for all new students, faculty, and staff to give access to email, network registration, public computer labs and other resources. In the rush to start the new year, it’s easy to overlook important security measures. For example, you might be tempted to use the same password to create multiple new accounts—but that’s a serious mistake. Instead, always create a strong, unique password for each account, and consider using a password manager to keep track of them. Carnegie Mellon University’s password guidelines suggest a password be at least 8 characters in length and have a combination of uppercase and lowercase alphabetic characters, at least one number, and at least one special character (e.g. ~!@#$%^&*()_-+=). The longer your password, the more secure it becomes.
Carnegie Mellon University requires all staff, faculty, and employed students to enable DUO two-factor authentication (2FA). DUO combines your Andrew account password, as well as your token, such as a push notification on a smartphone, in order to login to your CMU accounts. DUO 2FA should be installed prior to accessing any computing resources at Carnegie Mellon University.
Keep Software Updated
A strong countermeasure all community members should follow is to ensure that they have the latest security software patches and updates on their devices. Software updates help to limit vulnerabilities that may otherwise be targeted by cybercriminals and help to improve the devices functionality.
In addition to patching software, members should keep their shield up by installing a strong antivirus software. A good antivirus software can act as a line of defense by detecting and blocking known malware.
Get Smart About Sharing
The start of the year is also a good time to review your social media. Even if the photos, activities, and opinions you posted seemed fine previously, they may not represent you now. Take some time to go through your social accounts and remove anything that you are not content with sharing now, or with a new set of friends and followers.
Unfortunately, even if you delete a post or photo, someone could have already taken a screenshot or downloaded the image. Going forward, assume that everything posted on social networks is not only public, but also permanent.