Protecting Your Data and Protecting U Data
By: Laura Farvour, Incident Response Security Analyst (University Information Security)
Laura is a Security Analyst with the University. She’s been with the Office of Information Technology for nearly a decade, the last three years with University Information Security.
Your Data is Valuable!
When I have conversations with family and friends about protecting their personal data, inevitably I hear the same story over and over again: “My digital life is so boring! Who cares if someone accesses my data -- I have nothing to hide!”
My first response is inevitably “Of course your data is valuable!”
However, I also ask them to consider these questions:
- Did you know there is malicious software that will encrypt your files and hold them for ransom? How much would you pay to regain access to your photo library?
- What would happen if an attacker gets access to your email?
- Most financial account passwords can be reset via email
- An attacker could use your account to send a scam or phishing message to your contacts
- Did you know that name, social security number, and date of birth are all that attackers need to steal an identity?
- Is this data available on your computer or in the cloud for yourself? For others in your family?
Protecting our personal data is also protecting the data of others
You may be thinking right now that you don’t have access to other people’s data as part of your personal life or work at the University.
However, even if you do not work with other people’s data directly, you might connect to the same network where that information is stored, accessed, or transmitted. For example, you might connect to the University of Minnesota's wireless network or you might use the Virtual Private Network (VPN) to connect to campus resources from home.
Being on the network at all puts you right in the middle of University data! If a hacker is able to compromise your credentials and gain access to the network, they could use that access to compromise other credentials with privileged access and use those to compromise other credentials until they are at the very top of the heap and able to access all the data they like!
Even one compromised credential can give an attacker a vital foothold from which they can launch an attack.
How to Protect Yourself and Others
So, what can you do to protect yourself and, by extension, the University?
- Understand the value of your personal data
- Report suspected compromise of your University accounts to [email protected]
- Choose strong, unique passphrases for every account. Never share passwords across accounts
- Keep your personal and work devices, apps, and software up to date with the latest patches
- Keep up to date on the latest phishing and scams at the University by subscribing to the Phishing blog
- Use secure practices in all areas of your digital life -- work and personal!
Bonus: Holiday Security Tips
This is a hot time of year for consumer technology! If you’ve got a tech gift in mind, we recommend checking it against Mozilla foundation’s Privacy Not Included list.