Useful Tips and Tricks

Password Security

A network/Office 365 password is used to access many applications and services at Columbia College, such as email, and applications that the college uses. It is important to choose a strong network/Office 365 password to make sure no one but you gains access.

To Reset Forgotten Columbia Email Password, please follow the instructions list in the knowledgebase article.

Strengthen Your Passwords

Secure passwords have a combination of letters, numbers, and symbols. Choose passwords that are easy to remember but not easily guessed. Below are more helpful tips to choose a strong password.

Do use:

Longer passwords
The longer your password, the harder it is to guess.
Multiple character sets
Use a mixture of upper and lower case letters, numbers, and punctuation such as !, @, #, etc. However, avoid using characters that do not appear on a standard keyboard, as these may not work correctly in all circumstances.

Do not use:

Do not include your username, first name, or last name.
Avoid using the obvious choices like your nickname, birthdate, spouse name, pet name, make/model of car, or favorite expression.
The name of your computer or user account
Using words contained in English or foreign language dictionaries are not wise, spelling lists or commonly digitized texts such as the Bible or an encyclopedia.

Never give out your password online or over the phone to others. Email and phone requests for this information and other private information are phishing scams.

Don't share your passwords with friends or family members. Especially do not give anyone your Network/Office 365 password to gain access to any Columbia College Chicago service. Giving this information out to others is giving them the authority to sign your name, which makes you responsible for all activities associated with your account.

The college, IT administrators or trustworthy companies will never request this kind of information through email, fax, or phone.

Device Security

It is important to keep your computer operating system and your software up to date to protect the college and personal data while working. You should also encrypt your devices to keep your data secure even if you lose a device or one is stolen from you. If a lost or stolen device is not encrypted, you can wipe all of its stored data remotely to be sure no one else can access it.

Your web browser software is particularly vulnerable to a variety of attacks. See the Browser Security page to learn what you can do to make your web browser safer to use.

Software and Computer Operating System

Most desktop security incidents occur due to flaws in your operating system and/or software. As flaws are detected, vendors will release patches to fix these security holes. Be sure to promptly accept updates to your operating system and software to be sure you always have the latest security patches.

Updating your operating system is perhaps the most critical and simplest of all the methods for securing your computer. Nearly all modern operating systems have some easy methods to make sure you have the latest version of all operating system software. Make sure you enable automatic updates whenever possible.

For instructions on updating your computer, follow the appropriate link below:

Wipe Your Lost or Stolen Device Data Remotely

We all carry sensitive information on our phones, tablets, and laptops. If our devices are lost or stolen, the data saved on them are vulnerable to thieves, especially if the device is not encrypted. Learn how to remotely wipe data from your macOS mobile or Android mobile device in case this ever happens to you.

Install and Update Antivirus Software

Viruses are the most well-known of several categories of maliciously targeted programs (generically called malware). Most malware programs install themselves through vulnerabilities in the operating system, software, or through social engineering. Once installed, the malware will deliver some sort of a payload (from simply spreading itself again to installing a keylogger to track everything you type) and attempt to spread itself further.

Antivirus software is only as effective as its latest definitions, or, the list of viruses the software can detect. Because of the high number of viruses for Windows, most antivirus software available for Windows has this capability built into the program to automatically update its definitions on a set schedule.

Wipe Data from Devices Before You Sell Them or Throw Them Away

Even devices you have not used in some time may still have sensitive information stored in memory. Be sure to wipe all desktop, laptop, and mobile device memory before you dispose of these devices or pass them on to anyone else. See the knowledge base article Data Wipe Electronic Devices to learn how.

Remember: simply deleting files from your device does not permanently remove the information from your hard drive. You must perform a wipe to permanently erase the data.

Recycle Your Old Devices

The computer Recycling Program accepts computers, laptops, monitors, keyboards, modems, printers, and scanners. Non-working computers will be processed in an environmentally sound manner. Hard drives are wiped or destroyed. Learn more at the Technology Recycling service page.

Malware

Malware, or malicious software, is hostile, intrusive code that can compromise your data or even disable your devices. There are a number of different kinds of malware, including:

viruses
spyware
adware
ransomware
worms
trojan horses

Malware can spread rapidly through many different channels. Malicious email attachments, infected document files, websites concealing hostile code, and unprotected file shares are common vectors of malware infection.

Modern antivirus software helps protect against the malware, spyware, viruses, and other invasive methods data thieves use to infiltrate computers and networks. Because criminals are always finding new ways to break into systems, it is critical to keep antivirus software current on your personal and University-owned computers. There is an antivirus built into Windows 10 and is very good and highly rated. It's important to remember that no matter if you have a MAC or a PC you need to install antivirus software to ensure your data is secured.

When you choose antivirus software, select a product from a trusted company. Do not click on internet pop-up ads for antivirus software. This is a common tactic used to trick users into downloading malware.

Be sure to use only one antivirus software product per computer. Multiple products can make the machine more vulnerable to attack, not less.

Phishing, Smishing, and Spear-Phishing

Can I report a phishing scam?

If you would like to report a phishing attempt related to a college unit or service, or you have questions about the validity of an email you have received, please contact itphishing@colum.edu.

Please review our Identify Phishing Scams page for a more detailed discussion of how to identify phishing emails. You should also check out the latest phishing scams reported to Information Security.

You may report scams to the federal government at spam@uce.gov, which collects information to build cases against phishers.

What Is a Phishing Scam?

A phishing scam is an email that looks legitimate and appears to come from a reliable organization or website. However, it is really an attempt to gather personal and financial information from a recipient. Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Using text messages, or short message service (SMS), for phishing attempts is known as “Smishing”.

Two Common Types of Phishing Scams

The first type of scam asks you to respond to an email with your account password or Social Security number in order to prevent immediate closure of your bank account, email account, or some other service. No reputable organization will ever send an unsolicited message requesting this kind of information. If you ever receive a message that asks you to send in your password, for example, it is a fraudulent email.

The second type of scam asks you to click a link to a fake site that might somewhat resemble a site or service you actually use and log in with your password to verify your account. Information Technology will never request your password, nor will we ask you to change or “validate” your password.

If you’ve responded to either of these types of scams, you’ve placed your personal information in the hands of scammers, who can misuse it.

How do I know if a message I received is a phishing attempt?

Review the simple guidelines for identifying phishing emails included below.

The email asks you to confirm personal information
The domain name is misspelled.
The email is poorly written.
It includes suspicious attachments or links.
The message creates a sense of urgency.

Convincing Smishing Scam from a Popular Mobile Carrier

Not only do internet criminals phish your email inbox, but they also send text messages to try their malicious tricks. Recently, smishing scammers have been sending text messages that appear to come from the popular cell phone service provider, Verizon. The text message is designed to look like a security alert. It warns you to click the link and validate your account before your account access is disabled. If you fall for this alert and click on the link, you’re brought to a very convincing fake website that looks identical to Verizon’s login page. You’re instructed to sign in to your account to “validate your account security”, but if you mistakenly enter your credentials here, the attackers will have your login information and be able to take over your account.

Remember the tips below to protect yourself from smishing scams:

Links sent through text messages are usually shortened. Therefore, you can’t see where the link will actually take you. If your mobile device allows it, before clicking the link, hold your finger down to see the full web address of where the link will take you.
Always log in to your online accounts through your phone’s browser or through the mobile application you’ve installed on your phone, instead of clicking an unexpected link.
Never use the same password for multiple accounts. If you did fall for a scam such as this you may not even realize it happened, but the attackers would be able to break into all of the accounts where you use the same password.

What is a Spear Phishing Scam?

Another type of scam is Spear phishing, an email or electronic communications scam that targets individuals from a known or trusted sender in order to induce targeted individuals to reveal confidential information. An example of this would be when your “manager” sends you an email asking you to purchase a bunch of gift cards. All of this communication would only transpire through email because your “manger” states they are too busy to talk. Although this scam is intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.