Online Safety and Security

Over the past months, we have noticed an increase in cybercrime incidents that include attacks on government and academic institutions. To minimize the risks and to ensure the protection of the university's digital assets as well as your personal data, the MIS Office will be doing the following:

1. Enforce strong password in Google Workspace and Microsoft accounts - all users will be required to use passwords with at least 12 characters in length, as well as a combination of upper and lower case letters and special characters.

2. Enable Multi-Factor Authentication (MFA) / 2-Factor Authentication (2FA) - we will be configuring Google Workspace and Microsoft to enforce MFA/2FA in your accounts to prevent brute force and other forms of attacks on your account.

3. Deactivate/Disable compromised accounts - certain user accounts found to be compromised will either be automatically deactivated/disabled by our systems, or explicitly deactivated/disabled by our personnel. There have been many users whose passwords have been found in compromised websites over the past weeks.
   
   If you find that your account has been disabled, you may contact the MIS office through the following number: (082) 221-8090 local 123. You may also fill out the MIS support ticket form.
   
   

4. Perform a monthly security audit - we will conduct a monthly inspection on all of UIC's computers (including the laboratories) to ensure that no unlicensed / cracked software are installed. These illegal software can serve as entry points for attacks and data breaches. Anyone found to be violating the university's Data Privacy Policy and Terms of Use will be reported for disciplinary or legal action (DPO-PO-001 Sections 1-d and 5-g).

In addition, we are also reminding everyone be responsible as well by doing the following:

1. Install anti-virus/anti-malware in ALL of your devices. Cyber attacks do not only happen on PCs anymore but also in mobile devices REGARDLESS OF THE OPERATING SYSTEM (ex. Android, iOS, etc.) used. This reduces the chances where you become the entry point of cyber-attacks.

2. Remove any cracked/unlicensed software in your personal devices. You may not be aware of the malicious scripts/programs embedded in such cracked/unlicensed software.

3. Change your passwords from time-to-time and make sure to use strong passwords. You may follow Google's guide to Create a strong password & a more secure account.

4. Turn on MFA for your accounts. Using MFA reduces the risk of compromising your account (especially those involving personal and financial data). For Google accounts, you may follow this guide. For Microsoft accounts, you may follow this guide. For other applications (e.g. banking applications), please read their corresponding guidelines.

5. Update your software - Updates often include security patches that fix vulnerabilities used by attackers. Please do not ignore operating system updates as well.

6. Perform a regular virus/malware scanning of your device - Whether you are using a laptop or a cellular phone, you have to regularly scan for malware.

7. Practice safe online habits 

   • Avoid clicking strange links

     • Example
       
       
       
       
       

   • Avoid visiting non-https websites. Example: 
     vs.
     
     
     
     

   • Do not download untrustworthy files.

   • Make sure to check the URL before entering your login credentials or personal information.

     • Example 1. These links are not the same:
       
       

     • Example 2. The page below appears to be from PayPal but the URL is different. There are also pages or apps that appear to be legitimate banks or social media platforms.