February 4, 2016

Take precautions to protect your email

With a required password change every 90 days, students and staff often opt for simple, easy to remember and rarely varied combinations of words and letters. Passwords for email are considered a necessary evil by most, but the importance of protecting information is lost to the hands of convenience.

In the world of digital security, failing to take necessary precautions can have seriously crippling effects.

"Users have a misperceived notion that email is private," says David Wright, chief data officer at Wichita State University. "Once it gets communicated out, it's open to the world."

A compromised student account can give outside access to a considerable amount of information, giving others the ability to deliver massive amounts of spam from the account. This can allow users to drop classes, access academic records, impersonate students with instructors, steal financial aid and spy on email transactions.

"You lock your car because you know people will steal it," says Wright. "You need to know that people will steal your email any chance that they get."

An email containing a retail receipt may seem unimportant, but it can give hackers a starting point with which to communicate with stores on your behalf and extract more information.
The wichita.edu domain is protected by a Web of hardware, software and staff who work tirelessly to protect student and staff information.

"We spend nearly $1 million a year to protect ourselves from risk," says Wright.

The university receives an average of 3.3 million emails each week, only 10 percent of which are valid. What most students and staff fail to realize is that forwarding their email to an alternate address puts them outside the protection provided by the university.

Wright and Rob Phillips, manager of server support, suggest several precautions students and staff can take to prevent breaches in the security:
-- Don't ever give away your access. If a request wasn't solicited by you, don't assume it's legitimate.
-- Don't reuse your passwords. If you always use the same password for every site, a compromise on any site means your account is compromised on all sites.
-- Don't use easy or simple passwords. Your passwords should have at least eight characters with a mix of upper and lowercase, numbers and symbols.
-- Close the browser before you leave any computer. Personal information and session details are cached in an open browser session.
-- Lock your computer when you walk away.
-- Don't ever send banking or credit card information over email.
-- Don't ever send your birthdate or other personal information over email.
-- Don't click on links in email. They could install malware on your machine that will steal your credentials.
-- Make certain your operating system patching and antivirus software are up to date.
-- Don't use public unencrypted Wi-Fi to access university systems without the use of a virtual private network (VPN).

Taking a little time to secure your digital access can go a long way to protecting your identity and information.

Go to http://www.wichita.edu/j/?4565 to learn more ways you can keep your information safe and secure.
# # # # #
Contact: David Wright, chief data officer, 316-978-7157 or david.wright@wichita.edu.