Students, faculty and staff can take the following actions to protect their data, devices and identity: 

Use a VPN 

When using an unsecured Wi-Fi network, for example at a coffee shop, a virtual private network (VPN) can provide you with a secure connection for accessing sensitive information like Workday or your financial records. A VPN is often required for accessing on-campus remote desktops or other resources. Learn more about GlobalProtect, the VPN provided to students, faculty and staff.  

Use multi-factor authentication on personal accounts 

Multi-factor is required for your UARK account, but it's a great idea to enable it for personal accounts too. Multi-factor is more secure than a password alone because it involves using two or more factors to validate your identity, such as a trusted device or token.  

Protect your password 

Don't write it down. Don't share it. Don't reuse it. Password managers are great tools for creating strong passwords and keeping track of unique passwords for all your accounts. 

Encrypt sensitive data 

If you are sending sensitive information to another campus user, consider using OneDrive, which is encrypted by default. OneDrive has features such as limiting who can access or share a file and requiring a password to access. Alternatively, use Outlook's built-in email encryption when sending sensitive information, including university ID numbers and other personally identifiable information (PII).

Know how to identify and report phishing 

Phishing is the attempt to get passwords, university data, personal information or access to university systems by sending emails or text messages that appear to come from a trustworthy individual, business or institution.  

Use the Report Message button in Outlook if you think you have received a phishing email. 

If you provided personal information or entered your login information on a malicious site due to phishing attacks, change your UARK and other account passwords immediately.  

Be aware of physical cyberattacks

Physical cyberattacks use hardware, external storage devices or other physical types of attacks to infect, damage or otherwise compromise digital systems. The attack can hitch a ride on USB storage devices or flash drives, CDs, hard copies of video games and Internet of Things (IoT) devices such as smartphones, smart watches and even signal devices such as key fobs.

"Cyberattacks do not always have to come from the internet, and malware can hide easily on some of the data storage devices we trust and use daily," Ruth Parcells, IT governance, risk, and compliance specialist, said. "Please be aware of where you receive USB drives. If not from a trusted source, it could be malicious."

Always try to keep track of where your storage devices have been, and do not plug "lost-and-found" USB drives into your computer. Keep your personal and workplace data storage and other devices separate to avoid transferring malware from one system to another, just like washing your hands to prevent the flu from spreading.

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Simple steps such as storing data securely in OneDrive, avoiding and reporting suspicious messages and keeping software updated can go a long way toward protecting our campus community online. Throughout the month of October, get to know the basics of cybersecurity with the IT Services' Cybersecurity Checklist  and the Cybersecurity and Infrastructure Security Agency (CISA) resources.