Cybersecurity Tips & Best Practices
By applying cybersecurity best practices, we can collectively contribute to the security of our campus community. GW IT is here to support you with resources and guidance to ensure that our digital landscape remains resilient.
Beware the Phish
Phishing is a type of online scam that uses false emails, forms, and websites to trick a person into providing personal information. This can include usernames, passwords, Social Security numbers, credit cards and other personal information. If you believe that you have received a phishing message, please report it to [email protected]. Your report will play a key role in helping others at GW avoid similar scams.
Two good rules to follow
1. Do not click on links or download attachments from unknown sources. Always verify the sender’s identity before responding to emails.
2. Before entering sensitive information, ensure that the website you’re on has a secure connection (https://) and that the URL is correct. Be wary of misspelled domains.
Know the Data
To best secure data in your possession, you must first know what you have and how sensitive it is. Knowing your data, is a key component of the Information Security Policy. The Security policy requires each person to understand the data classification guidelines and apply it to the way that data is handled and secured through its lifecycle. Regulated data, which is the highest criticality data possible under the data classification guideline, may only be stored and transmitted in certain, pre-approved methods. Data Management and Protection Standard.
Encryption is one of the most effective controls for securing the confidentiality and integrity of data. Whether at rest or in transit, encryption technology protects our non-public data. Three ways that you can secure GW data using encryption:
- Full-disk encryption – Full-disk encryption provides encryption of data at rest as it protects the contents of the hard drive in your computer or portable media such as DVDs and portable hard disk drives. If your computer is ever lost or stolen, the thief will not be able to access the contents of your drive without the decryption key. GW managed devices should be encrypted when delivered to GW users. Learn more about data encryption.
- HTTPS, or Hypertext Transfer Protocol, is a protocol that secures data when in transit. When submitting information via web forms, always ensure that the web browser uses “https” instead of “http”. The “s” means your form submittal, and the transmission is encrypted in transit.
- Email encryption – GW IT offers email encryption to the GW community. Sign up for email encryption service to help protect restricted data and private conversations between you and non-GW personnel.
All software can be vulnerable to attack and exploitation by criminals. To reduce the risk of these attacks, it is important that all software be routinely updated. This includes your operating system (Mac OS, Windows), web browser (Chrome, Firefox, Safari), and other applications such as Adobe Acrobat, and antivirus software. In addition to updating your software regularly, make sure that you only download software from legitimate sources. Some websites may advertise cheap or free software but beware - some of this software may have been altered to run malicious code alongside the legitimate application. On GW owned and managed equipment, some updates are automatically installed.
Avoiding web-based attacks requires vigilance. Ad blockers can help reduce the risk of “malvertising” or malicious code hidden in advertising. Taking care in typing website addresses is also important. Attackers often buy domain names that are incorrect spellings of popular websites to victimize people who incorrectly type a website address. Finally, using antivirus software can help mitigate the threat of known malware encountered during browsing the web.