Stay Cybersecure at CSU

Safeguarding CSU data and personal information online requires everyone to be vigilant and educated on how to stay cybersecure. Here are quick tips to protect your information: 

  • How to report a suspicious email

    Watch: How to Report an Outlook email (15 sec.) or follow the steps below:

    • Right-click on the email to open up the options menu
    • Navigate to the ‘Report’ option.
    • Select the ‘Report Phishing’ option.

    Uncertain if an email is malicious? Contact the Cybersecurity Team to Report an Incident. View a sample phishing email and stay informed about current cybersecurity alerts by visiting the Cybersecurity webpage. 

  • How to stay safe when emailing and texting
    • Don’t rush to respond: Avoid hastily responding to official-sounding emails that urge immediate action. Phishing attacks often create a false sense of urgency, pressuring recipients to click links or share confidential information. 
    • Verify links and attachments: Refrain from clicking, opening, or downloading links or attachments in emails or texts unless you trust the sender. Confirm the legitimacy of the sender before taking any action. 
    • Government or official sources: If an email appears to be from a government agency or financial institution, avoid clicking provided links. Instead, conduct an internet search to find the official website and use the contact information listed there. 
    • Avoid sharing sensitive information: Never include confidential details, such as social security numbers or passwords, in emails or texts, even if prompted. Requests for such information are clear indicators of phishing attempts. 
    • Duo push notifications: Pay attention to Duo push notifications and avoid automatically approving authentication requests if not in the process of logging in. 
  • How to recognize phishing attempts
    • Impersonation of trusted organizations: Phishing scams often involve attackers posing as representatives of trusted organizations and soliciting information. 
    • Financial risks: Phishing can lead to significant financial damage if personal information is surrendered to attackers. Remember that CSU will NEVER request passwords, Social Security numbers, or other sensitive information via email. 
    • Appearance and content: Some phishing attempts may contain errors, but sophisticated ones may appear trustworthy. Be cautious of emails asking to open files, click links, or enter information into forms.  
    • Beware of NetID requests: Exercise caution with emails requesting NetID information. 
    • Job scams: Students seeking employment should be aware of potential job scams. 
    • Verification: If an email seems suspicious, contact the sender directly rather than clicking on links. Clicking on a phishing email, even to check its legitimacy, can lead to system infections. 
  • How to monitor your personal information
    • Credit Reports: Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Consumers may also directly contact the three major credit reporting bureaus listed below to request a free copy of their credit report.
    • Think you’ve been phished? Place a “fraud alert” on a credit file:  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If consumers are the victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Fraud alters are at no cost to you. To request a fraud alert, please contact any of the three major credit reporting bureaus listed below.
    Equifax Experian TransUnion
    https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
    1-888-298-0045 1-888-397-3742 1-800-916-8800
    Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
    Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094

     

    • Place a “credit freeze” on a credit report: This will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in a consumer’s name without consent. However, consumers should be aware that using a credit freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application they make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. By law, consumers cannot be charged to place or lift a credit freeze on their credit report. To request a credit freeze, individuals may need to provide some or all of the following information:
      • Full name (including middle initial as well as Jr., Sr., II, III, etc.);
      • Social Security number;
      • Date of birth;
      • Addresses for the prior two to five years;
      • Proof of current address, such as a current utility bill or telephone bill;
      • A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and
      • A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if they are a victim of identity theft.
  • Password Do’s and Don’ts

    Do:

    • Use a combination of words, symbols, and numbers to create your passwords.
    • Create passwords with at least 15 characters. The more characters the more difficult it is to break. Ex. a 6 character password takes 6 seconds to break.
    • Use modified phrases to improve password strength. Modify the password with numbers and symbols. Ex. StarGateReady could be modified as StarG8R3ady4499@.
    • Change your password regularly. It’s a simple practice that will keep you secure.

    Don’t:

    • Don’t use public information like your birthday, family or pet name, street address, season, year, etc. to create your password.
    • Don’t use keyboard patterns like QWERTY or 123456. These are common and broken in less than 6 seconds. Don’t re-use passwords. Once the password is compromised, the attacker can get into ANY other account using that email and password combination.
    • Don’t give your passwords to anyone else or display them. The IT help desk, the IRS, and your bank will NEVER ask you for your password.
  • Password Manager Tips

    A password manager provides a more secure way to manage your passwords. With password managers, you can automatically identify weak and duplicate passwords, and enhance their security. Additionally, password managers can assist you in managing your password updating schedule. It’s worth noting that CSU does not endorse any particular password manager. The main takeaway is the importance of safeguarding your passwords at all times.

    There are two types of password managers:

    Freestanding

    These managers are labeled as freestanding because they do not communicate with other devices. They are managed on one device but files can be transferred to different devices. Examples are Password Safe, pwSafe, Keepass.

    Cloud-based

    Cloud-based managers are accessed through an app that uses a master password to access your password vault, the place where all your passwords are stored. You can sync your generated password instantly across devices. Examples are LastPass, Dashlane, and 1Password.

    Using a cloud-based manager doesn’t come without risk. Passwords are stored on the cloud company’s servers so you don’t own or control your password database file. Cloud storage is expensive, therefor it’s rare to find unlimited and free services. If your web-browser is compromised,

    Best Practices for Password Managers

    Always enable Multi-Factor or 2-Factor authentication, for example, CSU uses DUO 2FA. When using a cloud-based manager, NEVER select “Remember My Password” if the browser window offers. If your browser is compromised, there’s a good chance your password manager will be too. Cloud-based managers are convenient and easy but you should never link these managers to accounts that deal with financial data, for example, credit card or banking information.