INFORMATION TECHNOLOGY

Cybercriminals use many types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very low risk for the attacker. The best defense against malicious email attempts is an educated user. Learn more about scam emails and use these best practices to protect yourself and the University. View the most recent scam attempts. Stay alert!

Virtual Private Network (VPN) establishes a "secure tunnel" for your computer on the Northwestern network. It provides strong encryption, enables authenticated access to the Northwestern network from external and untrusted environments, and proxies your network traffic so it appears to originate from within the Northwestern network. Stay secure with VPN

Northwestern University has partnered with Box to deliver file sharing services to faculty, staff, and students. Northwestern Box provides individual, flexible online space for unlimited file storing or sharing. All Box content can be accessed online from computers or mobile devices. Learn more about Northwestern Box. There are also helpful best practices and tips to get the most out of your Box experience.

There's no denying that new devices are fun, but while there are more opportunities to interact with people, share information, and stay connected, we also need to be aware of the risks these things may introduce. The Internet of Things (IoT) continues to expand as more of our “things” become connected. The IoT can include watches, televisions, appliances, smart speakers, security systems, vehicles and much more. Networked “smart homes” are common.

Make sure all connected devices have security precautions. Understand what information your devices collect and how that information is managed and used. To ensure that a new device is an asset, rather than a liability, here are a few things to keep in mind:

• Be aware of what's being collected. Most IoT devices require data collection. Take the time to understand what information your connected devices collect and how that information is managed and used. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the device provider important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don't need the maintenance options or to monitor or interact with the device remotely, turn off the device's connectivity.
• Understand how to keep IoT devices up to date. This includes any software updates that might be needed and passwords or other ways of securing devices.
• Own your online presence. Be careful about how personal information is collected through apps. Set the privacy and security setting levels for information sharing. Review company policies periodically for changes in terms of agreement.
• Check your privacy settings. How have you secured your social media accounts? Always be cautious about what you post publicly.

Using your devices to store and process sensitive information every day makes protecting your desktop, laptop, tablet, smartphone, and other devices an important part of securing both your identity and your data. Tips for Securing Your Devices

You can use multi-factor authentication (MFA) around the world. Using the Duo Mobile app on your Android or iPhone is recommended because it gives you the flexibility to accept an identity-verifying phone call or receive a text message while you're in the US, use Duo Mobile Push over wireless anywhere in the world, or use stored passcodes when you don't have access to wireless at all. Find out more about using multi-factor-authentication while traveling abroad in the Northwestern Knowledge Base.

Remember to use Northwestern VPN on your laptop, smartphone, or tablet to create an encrypted connection to University resources. You can also connect securely by using the eduroam network at participating institutions. 

Unencrypted connections may put your communications at risk. Tips for Staying Secure During Travel

The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it's habit to grab your reusable bags, lock the car, and make sure you've safely put away your credit card or cash before heading home with the day's purchases. Similar precautions need to be taken when you're shopping online from the comfort of your own home.

• Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
• Lock down your login. One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like e-mail, banking, and social media.
• Get savvy about Wi-Fi hotspots. If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts, such as e-mail and banking. Adjust the security settings on your device to limit who can access your phone. If you must use open Wi-Fi connections, connect to a virtual private network (VPN) first.
• Check the address bar. Look for the lock icon  and https:// in the URL before using your credit card online.

Before you shop, check out other ways to ensure your information and identity are protected.

Multi-factor Authentication adds an extra layer of login protection for Northwestern systems to:

• Further protect sensitive data, even in the event that your NetID password has been compromised.
• Help mitigate phishing attacks by preventing access to sensitive information.
• Conveniently function on- and off-campus via a variety of phone types.

This technology, powered by Duo, integrates your phone into the login process, resulting in two types of authentication to verify your identity:

• Something you know – your Northwestern NetID/NetID password
• Something you have – your phone (mobile, office, or home)

Learn more about Multi-factor Authentication

• Be aware of default settings on mobile devices that automatically back up photos, files, and other potentially sensitive information to the Cloud.
• Don’t reuse your account passwords, and take advantage of Multi-factor Authentication where possible. It’s bad enough when someone gets into your Gmail, but it’s even worse when you’re also storing all of your sensitive documents in Google Drive.
• Pay special attention to sharing settings: are you sharing with one specific person or with anyone who has a link? Is your content discoverable by accident?
• Check for “https” in the URL to ensure that your uploads are encrypted. Take advantage of the secure file sharing services provided by Northwestern.