Information Security

Information Security is a shared responsibility. The Information Security staff is responsible for helping the University of Richmond community protect information resources by building security awareness and having the appropriate security controls in place. This includes minimizing risk in new and existing system deployments, providing information on vulnerability mitigation, and assisting with security updates. Information Security coordinates with other departments for several activities including incident response, vulnerability scanning, and security consultations.

4 fundamental things you can do to stay cyber safe

Step1 Step2 Step3 Step4
Enable Multifactor Authentication (MFA) Update Your Software Think Before You Click Use Strong Passwords
Always use MFA if it is available on your accounts.  This makes it significantly less likely that you will be hacked. Apply security updates as soon as practical.  In fact, turn on automatic updates whenever possible. Most successful cyber attacks start with a phishing email.  Stay alert and stay cyber safe! A password manager can be used to generate and manage complex,unique passwords.


Multifactor Authentication

Multifactor Authentication (MFA), sometimes refered to as Two-Factor Authentication (2FA), is when you are able to verify your identity using multiple, distinct authentication factors.  This allows trusted websites and services to confirm you really are who you say you are and reduces the chance that someone can impersonate you.  

Authentication factors are:

  1. Something you know.  This includes passwords, PINS, and combinations.
  2. Something you have. This is a physical object, such as a token, key, or mobile device.
  3. Something you are. This is also known as biometric authentication.  It could be your fingerprint, a retina scan, or voice pattern.

Opt-in to MFA today to stay cyber safe. Start with your email account, then financial services, then social media accounts, then online stores, and don’t forget your gaming and streaming entertainment services! Learn more about MFA here.

Update your software

Bad actors will exploit flaws in your systems. Its a fact. Cyber defenders work hard to identify and fix vulnerabilities, but their success relies on all of us updating our software with the latest fixes.  

Make sure you update the operating system on your mobile phones, tablets, and laptops as soon as practical. And don't forget your applications – especially web browsers – on all your devices too.   Leverage automatic updates for all devices, applications, and operating systems to make it simpler to ensure you staying current with all the most recent security updates. 

Think before you click

Have you ever seen a link that looks a little off? It looks like something you’ve seen before, but it says you need to change or enter a password. Or maybe it asks you to verify personal information. It could be a text message or even a phone call. They may pretend to be your email service, your boss, your bank, a friend…. The message may claim it needs your information because you’ve been a victim of cybercrime.   

It’s likely a phishing scheme:  a link or webpage that looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it to impersonate you or access your accounts. And they may try to get you to run malicious software, also known as malware.   

If it’s a link you don’t recognize, trust your instincts and think before you click!  Learn more about how you can recognize and protect yourself from phishing attacks here.

Use strong passwords

Did you know the most common password is “password”? Followed by “123456”? Using a family members name with their birthday isn’t much better.   

Picking a password that is easy is like locking your door but hanging the key on the doorknob. Anyone can get in.   

Here are some tips for creating a stronger password. Make sure it’s: 

  • long – at least 16 characters,  
  • unique – never used anywhere else, 
  • and randomly generated – usually by a computer or password manager. They’re better than humans at being random. 

Make sure you’re not recycling the same password across all your apps and websites. You can use a password manager to store all of your passwords - the University offers all students, staff, and faculty free access to LastPass. That way you don’t have to remember them all! If you go this route, make sure your master password is strong and memorable, and secure your password manager account with MFA! Find out more about working with your free LastPass license here.