Personal Information Security
Our whole lives are lived online these days so know that the digital best practices that we encourage (and require) here at UofM are things that you should also embrace in your personal digital lives. Just as you would lock your house or auto when you leave (and store the keys in a safe place) it makes sense to properly secure your digital life.
4.2.20 Secure Social Networking
Social Media: whether you love it or hate it, it's here to stay. Unfortunately, hackers often use social media to glean personal details about you so they can trick you or someone else into divulging sensitive information. This devious practice is called Social Engineering.
Here are some tips to stay safe while tweeting, posting or sharing that perfect Insta-worthy moment. #PracticeSafeSocializing
Don't overshare. Assume that anything you post online is permanent. Everything you say on social media is going to stay "out there" forever. You can delete a photo, a post or even your account but someone may have saved a copy of it and could re-post it later to haunt you. Things you post online could also affect a future job application or reflect badly on your current employer. So, think twice before you post, tweet or share every thought. #ItNeverGoesAway
Read the privacy disclaimer before using a website, app or service. Many services sell the info you enter, that's how they make money and remain free to use. Privacy = security, so the more info about you that is out there, the easier it will be for a hacker to trick you or someone else. #ReadTheFinePrint because #NothingIsEverReallyFree
Be selective about who you accept as friends or followers. Don't friend people you don't know in person and if you do accept a friend request, be sure it's really them and not an imposter. Send a private message to confirm and ask something only they will know. #WhatWasTheNameOfOurThirdGradeTeacher
Info you share on social media is only as secure as your friends' passwords are strong. If a friend's account gets hacked due to their weak password, the hacker will then have access to everything you share because he/she is logged on as your friend. The more friends or followers you have, the higher the risk to you so keep your list to a meaningful level. #KeepItReal
Social engineering is the art of human manipulation. It encompasses everything below with the express purpose of getting a person to act a certain way.
Phishing is the potentially fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by pretending to be trustworthy in some type of communication. The University will never request personal information (i.e., your SSN, UUID and password, birth date, or any account numbers) via email. Other institutions, such as your bank, credit card company, or loan officers, would not email you requesting this type of information, either.
Email Scams are unsolicited emails that claim the prospect of a bargain or something for nothing. Some spam messages ask for business, others invite victims to a website with a detailed sales pitch. Once the email is opened, malware of various sorts may be triggered. While our spam filters catch most of these emails, be alert and delete any suspicious emails without opening them. Use caution in replying to any unsolicited email.
Unsuspecting phone customers receive voicemail messages with call back numbers with international area codes (examples: Area Codes 809, 876, and 284). When calls are made to those numbers, callers are kept on the line with pitches that result in hefty charges. Because these are legitimate area codes, they cannot be blocked. So be alert to these scams, and call back ONLY when you know that the call is authentic.
Portable and Hand-Held Devices
Remember that PDAs, notebooks, iPads, smart phones, etc. are also vulnerable to security breaches. Be cautious about what information you store on your mobile devices, so that you are less vulnerable if a device is lost or stolen. Always use a lock screen on your device. Make sure to change the default PIN or password on it. Just because you have a bio-metric scanner on it (fingerprint), doesn't mean that someone else can't unlock it unless you change the default.