Email Protection
Email is the #1 target for cybercriminals. It’s used to deliver phishing scams, malware, and social engineering attacks.
Best Practices:
-
Verify the sender, check the email address, not just the display name.
-
Look for red flags like poor grammar, urgent language, or mismatched URLs.
-
Avoid opening unexpected attachments especially .exe, .zip, or .docm files.
-
Never send sensitive data espcially passwords, personal information, and SSNs via email.
-
Use CSUF email for all university-related communication to ensure security and compliance.
-
Report suspicious emails to iso@fullerton.edu or use the “Report Suspicious” button in Outlook.
Example: If you receive an email saying "Your account will be deactivated in 24 hours”, don’t panic. Check the sender, get it verified, and report it (if suspicious).
Resources:
Malware Protection
Malware can steal data, damage systems, or lock you out of your files (ransomware).
Best Practices:
-
Install antivirus software on all devices and keep it updated.
-
Avoid downloading software or files from unknown or untrusted sources.
-
Avoid pirated software or downloads from untrusted websites.
-
Don’t plug in unknown USB drives or external devices.
-
Run regular scans to detect and remove threats.
-
Keep your operating system and apps updated to patch known vulnerabilities.
Example: A free PDF converter from an unknown site might install spyware. Always download from trusted sources.
Resources:
Password Protection
Strong passwords are your first line of defense against unauthorized access. Weak or reused passwords are a major risk.
Best Practices:
-
Use long, complex passwords (12+ characters with a mix of letters, numbers, and symbols).
-
Never reuse passwords across multiple accounts.
-
Use a password manager to generate and store secure passwords.
-
Enable Multi-Factor Authentication (MFA) on all accounts that support it.
-
Change passwords immediately if you suspect they’ve been compromised.
Example: Instead of “Titan123,” use a passphrase like “Titan$Graduate2025!” and store it in a password manager.
Resources:
Phishing Protection
Phishing is a deceptive attempt to trick you into revealing personal or financial information.
Best Practices:
-
Be skeptical of urgent or unexpected messages, especially those requesting action.
-
Hover over links to check where they lead before clicking.
-
Don’t download attachments from unknown senders.
-
Report phishing attempts to the ISO to help protect others.
Example: A fake email from “CSUF IT Support” asking you to reset your password immediately is likely a phishing attempt. Always verify before clicking.
Resources:
Public Wi-Fi Safety
Public Wi-Fi is convenient but often insecure, making it easy for attackers to intercept your data.
Best Practices:
-
Avoid accessing sensitive accounts (e.g., banking, CSUF systems) on public networks.
-
Use CSUF’s VPN to encrypt your connection when off-campus.
-
Turn off auto-connect features on your devices.
-
Use HTTPS websites and avoid entering personal information on unsecured sites.
Example: At a coffee shop, use your phone’s hotspot or VPN instead of connecting to open Wi-Fi.
Resources:
Device Security
Your devices are gateways to your data and the university’s systems.
Best Practices:
-
Lock your screen when stepping away, even for a moment.
-
Install security updates as soon as they’re available.
-
Avoid using personal devices for university work unless approved and secured.
-
Use antivirus and firewall protection on all devices.
Example: If your laptop is stolen but encrypted and password-protected, your data is much safer.
Resources:
Home Network Security
A secure home network is essential for remote work and learning.
Best Practices:
-
Change default router credentials and use a strong Wi-Fi password.
-
Enable WPA3 or WPA2 encryption on your router.
-
Keep router firmware updated to fix security flaws.
-
Create a guest network for visitors to isolate your main devices.
Example: Don’t use “admin/admin” as your router login. Change it to something unique and secure.
Resources:
Secure Remote Work
Remote access introduces new risks that must be managed.
Best Practices:
-
Use CSUF-approved tools like OneDrive, Teams, and VPN.
-
Avoid saving sensitive data on personal or unencrypted devices.
-
Follow CSUF’s remote access policies and report any issues promptly.
-
Back up important files to secure cloud storage.
Example: Don’t email student records to your personal Gmail. Use CSUF’s secure platforms.
Resources:
Data Handling & Storage
Improper data handling can lead to serious breaches.
Best Practices:
-
Store sensitive data only in approved, encrypted locations.
-
Use secure file transfer methods (e.g., encrypted email, SharePoint).
-
Avoid using USB drives unless encrypted and approved.
-
Follow CSU data classification standards when handling student, financial, or health data.
Example: Don’t store student related spreadsheets on your desktop. Use OneDrive or SharePoint with encryption.
Resources:
Incident Awareness
Knowing how to respond to a security incident is just as important as prevention.
Best Practices:
-
Recognize signs of compromise (e.g., slow performance, unexpected pop-ups, unauthorized access).
-
Don’t try to fix it yourself, you may make it worse or destroy evidence.
-
Report incidents immediately to the ISO for investigation and containment.
Resources: