Steps to follow to stay digitially safe when using MSU's WIFI
Students utilizing MSU’s digital and Wi-Fi services could be at risk of numerous security threats.
“MSU typically sees thousands of attempted network intrusions per day and hundreds of millions of attempted malware attacks on the network each month,” MSU Information Technology Services spokesperson Beth Bonsall said.
There are a number of steps individuals can take to ensure they don’t fall prey to one of these attacks.
Call the MSU IT Services Help Desk and the MSU police non-emergency line
Contacting IT Services is one of the first steps victims should take after discovering malicious misuse of one or more of their MSU accounts, both MSU police Det. Nicole Simi and MSU Chief Information Security Officer Rob McCurdy said.
After calling MSU IT Services to find out how to return their account to a secure state, victims should contact the MSU police non-emergency line.
“Even if you aren’t positive a crime is being committed, you should still contact MSUPD to be safe,” Simi said.
Change or reset compromised passwords
After resetting the passwords of compromised accounts, victims should determine if they use identical or similar password and login information for different accounts, McCurdy said.
“Similarly, if the password for a non-MSU account is compromised and it is the same or similar to your MSU password, change your MSU password,” McCurdy said.
If victims believe their financial wellbeing is at risk, they should contact their bank and work with MSU police.
If a victim’s online bank account info was used to steal money from their account, MSUPD can work with other law enforcement agencies to recover stolen funds.
But many of the digital threats facing the MSU community originate outside the U.S., making it more difficult to recover stolen funds.
“It can be difficult to track down where digitally stolen money goes,” MSU police Detective Sgt. Chris Rozman said. “In the cases we’ve handled, the money may go through several different banks inside and outside the US.”
After account security is restored, monitor your accounts closely for the next several months and take further preventative action.
Just because the threat appears to have been neutralized does not mean victims’ accounts are safe. McCurdy encourages victims to continually check their accounts for suspicious activity, “specifically focusing on any accounts for which you just reset the password.”
In addition to monitoring their accounts closely, victims should select strong passwords.
“Do not use passwords based on easily accessible information, such as your hometown or year of birth,” Simi said.
Utilize two-factor authentication options.
Two-factor authentication, also know as two-step verification, is a simple yet incredibly effective way to increase account security. Users provide a phone number to the service, and must enter a code sent via call or text in order to log in. MSU offers two-factor authentication for online accounts, as do other online services including Gmail and iCloud.
“Is it still possible to get in by stealing someone’s phone and password? Definitely, but you’ve made it a thousand times harder for an invalid user to log in and gain access,” associate professor in the MSU Department of Computer Science and Engineering Richard Enbody said.