Security Tips as the Campus Instructs and Works Remotely

Security Tips as the Campus Instructs and Works Remotely
Photo Submitted

Coronavirus (COVID-19) information is everywhere online right now. Stories of hardship and sacrifice are mixed in with fun and creative ways people are dealing with the pandemic. Videos of mishaps while learning to teleconference are some of the most entertaining. 

Unfortunately, the rapid spread of work-from-home directives, business closures and service changes all create opportunities for online scams. Fear and misinformation drive the perfect environment for scammers to profit from an unsuspecting public. If well-informed, you can avoid falling victim to these traps. 

General information about working remotely is available from IT Services on the  Working Remotely page.

Official University of Arkansas information

Official COVID-19 information from University of Arkansas COVID-19 is posted on health.uark.edu/coronavirus. This is the only official resource for the University of Arkansas. Messages directing you to other locations may be fraudulent. 

The site is updated frequently as new information becomes available, and it should be your first stop for information on coronavirus impacts to campus. 

Email messages and scams

Our IT security team works with Microsoft to filter spam, scams and phishing emails, but bad content can still get through to your Inbox. Non-UARK email services may have few if any filters, and criminals are using COVID-19 concerns to target communities with messages designed to steal money and account credentials. 

Stay safe by not clicking on links or downloading files within unsolicited messages. Always visit official company or university websites to verify anything emailed to you. 

Note: Email is not a secure method of communication and should never be used to transmit data classified as sensitive by university policy.

Malicious websites

There are many websites now offering all kinds of information, graphics, disease maps and more about the coronavirus. Some contain useful information, and some do not. Paying attention to the sources of documents is important. Does the information you are seeking come from a credible and known source like the Centers for Disease Control, or does it come from an unknown party? 

There is an on-going attack using web searches for coronavirus maps. Many sites offering coronavirus maps include an embedded malicious file that steals information and logon credentials from users. Be wary of the sites you visit and the links you click on.

A credible coronavirus map is available from Johns Hopkins University at https://coronavirus.jhu.edu/map.html.

Use security software

University-managed computers may have current virus scanning software installed. The university provides Symantec Antivirus to the campus community at no charge for both university-owned and personal computers. Please ensure you are using the current version by visiting the university's Download Symantec AntiVirus page

When connecting to university systems hosted on campus (not cloud services such as Office 365 or Box) from remote locations, it is always a good idea to use the university's virtual private network (VPN) software. VPN software will ask you to use your University of Arkansas account to create a secured, encrypted connection between your computer and the university network to function as if you were on-campus. 

Installing the software does not enable VPN protection. You will need to log into the VPN software each time you establish a new connection to the university network. To get started, visit the university's Off-Campus Network Access (VPN) page.

Multi-factor authentication is our most recent tool to help campus be better secured when accessing university computing resources. Multi-factor adds another step to verify a user's account information that prevents use of a stolen username and password from being used by malicious parties. Learn more on the university's About Mult-Factor Authentication page

Update your software and operating system

One of the easiest ways to exploit a computer is to take advantage of security flaws in the operating system and applications software. Patches and updates from vendors are designed to address these issues and should be applied in a timely manner. Delaying updates to your software makes you vulnerable to these exploits. Need help? Contact the IT Help Desk

Change your password

Username and password combinations can be complicated to remember. Having unique passwords across multiple accounts can be challenging to manage. Unfortunately, there have been many successful attacks against web and social media service providers where usernames and passwords have been stolen. If your credentials are among them, a hacker can easily use those to access your account. If you use the same username/password across multiple services, your exposure to malicious activity is much broader.

Consider using a password manager application to keep track of all of your accounts. This type of application will allow you to have unique usernames and passwords for each service you use and will provide a central location to update those on a regular basis. LastPass, 1Password and BitWarden are all examples of password management software.

If you would prefer not to use a password manager, best practices are to have a unique password for each service you use. Those passwords should also be changed regularly (annually at the least). 

Passwords should be "strong," meaning hard to guess or to use an automated tool to crack. Strong passwords are considered over 8 characters in length contain both upper and lowercase letters, numbers and symbols. Do not use single dictionary words, as those are easy to use in an automated attack. Use of a long phrase unique to you, for example Mud Creek Crawfish could become MudCr33kCraw4ish#.

Ask us. We would like to help: General questions about campus operations: feedback@uark.edu

IT Help Desk 
helpdesk@uark.edu
479-575-HELP

Contacts

Chris Butler, director of customer engagement
University Information Technology Services
479-387-3836, chrisb@uark.edu

News Daily