We all know that cyber threats are only increasing in quantity and sophistication as time goes on. And hopefully at this point we have also accepted that no business is too big or too small to be the target of these attacks.

We have spent considerable time planning and implementing proper technical controls to secure the Medaille network and devices that “live” on our network but any company’s greatest vulnerability will always be our people.

While regular, professional training is ideal, the IT Department must at minimum make sure our users know to:

1. Use strong, unique passwords

In 2015, despite all of the headlines and hubbub about data breaches, the 5 most popular passwords were “123456,” “password,” “12345678,” “qwerty,” and “12345.”  We can’t let these be the only thing between hackers and our institutional data.

2. Lock their computers when they step away

How easy would it be for someone today to walk into your office, go up to a computer, and access sensitive, proprietary information from the Medaille network? To make changes? To send bogus emails?

According to the International Facility Management Association, around 70 percent of offices today have open floor plans. So, chances are it wouldn’t be all that difficult. We need to train faculty and staff to lock their machines every time they leave their space — even if it’s only for a moment — and we set a central information technology (IT) policy to automatically lock machines after inactivity as backup.

3. Call to verify suspicious emails

Email spoofing has cost businesses nearly $750 million between October 2013 and August 2015. Just this April, many users received a message from a Medaille email address requesting they wire nearly $20,000 to a bank account in Missouri.

We can no longer take for granted that an email is truly coming from its apparent source, and we must approach any email that feels even the littlest bit “off” with serious caution. In this example — besides the fact that no one from Medaille would ever request a wire transfer — the very formal, very uncharacteristic “kind regards” in the email signature was a dead giveaway that the message was forged.

Before clicking attachments, links, or sending any money or sensitive information, we should know to call the supposed sender to verify that the original message is legitimate or call the Medaille Helpdesk to trace out the sender’s real address.

4. Turn their machine off immediately if they’ve been compromised

If you aren’t able to prevent an attack in the first place, the next best thing is to stop it from spreading to the rest of the Medaille network.

If you ever suspect that your machine is infected with any kind of malware or virus, be sure to (1) shut your machine off, and (2) call the Medaille IT Helpdesk. The more time you lose to panic or confusion, the more time that malware has to infect the rest of your environment.

5. Save your files where they’ll be backed up!

The Medaille University backup system only does daily backups of data stored on NETWORK DRIVES!  Backups of a user’s C: drive is not part of our backup scheme at this time.

All users should be saving all Medaille data to their network drives.  Please see the following policy: http://it.medaille.edu/file-server-policy

Above all, don’t let the fate of Medaille University’s data rest on assumptions and good intentions. The risk is far, far too high.