Your digital identity and information are incredibly valuable to cybercriminals, whether it comes from your social media profiles, search engine history, or email accounts. If your account is compromised, cybercriminals may obtain personal information to commit identity theft, steal money, or conduct phishing attacks on others. According to the Verizon 2021 Data Breach Investigations Report, 61% of all breaches involve credentials, whether they be stolen via social engineering or hacked using brute force. In recent years, increased occurrences of identity theft and data breaches have been attributed to several factors, including a rise in the number of remote workers and the adoption of cloud technologies.
Here are a few best practices that can, if followed, reduce the opportunity for a cybercriminal to steal your identity and associated information:
Think Before You Click
Attackers often send fraudulent emails and text messages, referred to as phishing, to trick individuals into providing information such as usernames and passwords or downloading malware. If you receive an enticing offer via email or text, don't click without thinking. Go directly to the company's website to verify its legitimacy. If you're not sure who an email is from—even if the details appear correct—or if the email looks to be "phishy," do not respond and do not click on any links or open any files in the email as it may contain malware.
Report suspicious emails or ask GW Information Security questions you may have by emailing abuse@gwu.edu.
Share With Care
Cybercriminals can use publicly available personal information for various purposes, such as impersonating a user and guessing usernames and passwords. Think before posting about yourself and others online. Take into account what a post reveals, who could view it, and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your personal information you share.
Practice Good Password Hygiene
Never use the same password for your social media accounts, financial institutions, work accounts, or any other site that collects personally identifiable information (PII). Best practices for password hygiene include choosing long passwords, selecting a unique password for each account, resisting the temptation to select passwords that are simple to remember or guess, and never emailing or sharing passwords with others.
Use Two-Step Authentication (2SA)
Two-Step Authentication (2SA) is a security measure that requires users to go over two steps to verify their digital identity (something you know and something you own). With 2SA, a user is granted access to their account after entering the correct username and password credentials (Something you know) and completing the second authentication process using an authenticator app, SMS text, or phone call to authenticate a piece of information (Something you own).
For GW accounts, 2SA is enabled on GW Box, Google Apps (GW email, calendar, Drive), GWeb, and various other applications. Visit our website at https://it.gwu.edu/two-step-authentication and learn more.
Download a Password Manager
Remembering passphrases and complex password combinations can be difficult for people to do. Password managers are encrypted digital tools that store passwords and online credentials in a centralized location secured by a single, strong master password. Additionally, password managers can also be used for generating unique passwords for each of your accounts. GW utilizes LastPass for managing passwords within certain departments and units.
Some of the blog content is provided by https://staysafeonline.org/identity-management-day/identity-management-tips-advice/, modified to align with the University’s mission and common terminologies.
Visit the GW Information Security site at it.gwu.edu/gw-information-security
IT Support Questions? For IT support, please contact the Information Technology Support Center at 202-994-GWIT (4948), ithelp@gwu.edu, or visit GW IT site at it.gwu.edu. For self-help resources and answers to frequently asked questions, please visit the GWiz knowledge base at go.gwu.edu/GWiz
