INFORMATION TECHNOLOGY

Your NetID and password are powerful assets and give you access to a number of Northwestern systems: networking, financial records, email, and more. Securing your password means securing Northwestern’s data—and your own.Here are a few things to remember:

• Create a long and strong passphrase/password
• Never share your passphrase/password with anyone
• Log out completely, especially on public computers

Find more tips on creating a secure password.

Cybercriminals use many types of social engineering—manipulating people into doing what they want—as the most common way to steal information and money. Social engineering is at the heart of all types of phishing attacks—those conducted via email, SMS, and phone calls. Technology makes these sorts of attacks easy and very low risk for the attacker. The best defense against malicious email attempts is an educated user. Learn more about scam emails and use these best practices to protect yourself and the University. View the most recent scam attempts. Stay alert!

Northwestern University has partnered with Box to deliver file sharing services to faculty, staff, and students. Northwestern Box provides individual, flexible online space for unlimited file storing or sharing. All Box content can be accessed online from computers or mobile devices. Learn more about Northwestern Box. There are also helpful best practices and tips to get the most out of your Box experience.

There's no denying that new devices are fun, but while there are more opportunities to interact with people, share information, and stay connected, we also need to be aware of the risks these things may introduce. The Internet of Things (IoT) continues to expand as more of our “things” become connected. The IoT can include watches, televisions, appliances, smart speakers, security systems, vehicles and much more. Networked “smart homes” are common.

Make sure all connected devices have security precautions. Understand what information your devices collect and how that information is managed and used. To ensure that a new device is an asset, rather than a liability, here are a few things to keep in mind:

• Be aware of what's being collected. Most IoT devices require data collection. Take the time to understand what information your connected devices collect and how that information is managed and used. Ask whether you need that device to be connected. What are the advantages of having your fridge broadcast the whereabouts of your cheese? Is the potential to activate remote maintenance with the device provider important to you? Do you want to interact with that device remotely? Then by all means, keep that connection. If you don't need the maintenance options or to monitor or interact with the device remotely, turn off the device's connectivity.
• Understand how to keep IoT devices up to date. This includes any software updates that might be needed and passwords or other ways of securing devices.
• Own your online presence. Be careful about how personal information is collected through apps. Set the privacy and security setting levels for information sharing. Review company policies periodically for changes in terms of agreement.
• Check your privacy settings. How have you secured your social media accounts? Always be cautious about what you post publicly.

Using your devices to store and process sensitive information every day makes protecting your desktop, laptop, tablet, smartphone, and other devices an important part of securing both your identity and your data. Tips for Securing Your Devices

You can use multi-factor authentication (MFA) around the world. Using the Duo Mobile app on your Android or iPhone is recommended because it gives you the flexibility to accept an identity-verifying phone call or receive a text message while you're in the US, use Duo Mobile Push over wireless anywhere in the world, or use stored passcodes when you don't have access to wireless at all. Find out more about using multi-factor-authentication while traveling abroad in the Northwestern Knowledge Base.

Remember to use Northwestern VPN on your laptop, smartphone, or tablet to create an encrypted connection to University resources. You can also connect securely by using the eduroam network at participating institutions. 

Unencrypted connections may put your communications at risk. Tips for Staying Secure During Travel

The holiday season is the perfect time for cybercriminals to take advantage of unsuspecting online shoppers. When you go to the grocery store or local shop, it's habit to grab your reusable bags, lock the car, and make sure you've safely put away your credit card or cash before heading home with the day's purchases. Similar precautions need to be taken when you're shopping online from the comfort of your own home.

• Personal information is like money: value it and protect it. When making a purchase online, be alert to the kinds of information being collected to complete the transaction. Make sure you think it is necessary for the vendor to request that information. Remember that you only need to fill out required fields at checkout.
• Lock down your login.  One of the most critical things you can do in preparation for the online shopping season is to fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys, or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like e-mail, banking, and social media.
• Get savvy about Wi-Fi hotspots.  If you are out and about, limit the type of business you conduct over open public Wi-Fi connections, including logging in to key accounts, such as e-mail and banking. Adjust the security settings on your device to limit who can access your phone. If you must use open Wi-Fi connections, connect to a virtual private network (VPN) first.
• Check the address bar. Look for the lock icon  and https:// in the URL before using your credit card online.

Before you shop, check out other ways to ensure your information and identity are protected.

Multi-factor Authentication adds an extra layer of login protection for Northwestern systems to:

• Further protect sensitive data, even in the event that your NetID password has been compromised.
• Help mitigate phishing attacks by preventing access to sensitive information.
• Conveniently function on- and off-campus via a variety of phone types.

This technology, powered by Duo, integrates your phone into the login process, resulting in two types of authentication to verify your identity:

• Something you know – your Northwestern NetID/NetID password
• Something you have – your phone (mobile, office, or home)

Learn more about Multi-factor Authentication

Virtual Private Network (VPN) establishes a "secure tunnel" for your computer on the Northwestern network. It provides strong encryption, enables authenticated access to the Northwestern network from external and untrusted environments, and proxies your network traffic so it appears to originate from within the Northwestern network.  Stay secure with VPN

A positive online reputation is vital in today's digital world. Like it or not, your information is out there. What you can do is help to control it and what it says about you.

Social media is so ingrained in our society that almost everyone is connected to it in some way. With every account you sign up for, every picture you share, and every post you make, you are sharing information about yourself with not only your friends and family but the entire digital world. How can you make sure your information and reputation stay safe online? Here are a few easy steps to get you started.

• Keep it clean and positive. Make sure to post content that you feel positively reflects you, your creativity, your values, and your skills. Use the 24-hour rule before posting, allowing yourself a day before posting content that may be questionable and for time to reflect on whether it's a good idea.
• Make sure you're professional. Every post is a reflection of you. Remember that future employers may look at your social media accounts before hiring you. Your posts allow you to put your best foot forward. A positive social media presence can help create both personal and professional opportunities.
• Oversharing and geotagging. Never click and tell. It can seem like everyone posts personal information all the time, including where they are and where they live.
• Don't rely on privacy settings. Make sure to keep your social media apps up to date and check the privacy settings frequently. These settings make it harder to see your full account, but it's not impossible. There is always the chance that one of the people with access to your private account could screenshot and share the content.  Tips for Securing Your Devices

Using social media positively doesn't mean you can't have fun and use it to express yourself; however, you want to ensure that you're okay with anyone seeing everything you post. Once you post something online, it's out there forever.