UIC Chief Information Officer & Chief Information Security Officer Give Cybersecurity Tips to Stay Safe Online

Posted on January 10, 2025
Banner including UIC CIO Matt Riley and UIC CISO Shefali Mookenchery

Cybersecurity is a shared responsibility across our university community, and each member plays a role in protecting personal and institutional data. Whether you’re a student, faculty member, or staff, embracing strong cybersecurity practices can prevent data breaches, identity theft, and even financial loss. Two key areas where we can all make a difference are password protection and awareness of online scams, particularly phishing emails.

 

Strong Password Protection Heading link

A cell phone with two factor authentication

Did you know? In 2022, over 24 billion passwords were exposed by hackers. (Digital Shadows, 2022), while more than 80% of confirmed breaches are related to stolen, weak, or reused passwords. (LastPass, 2021). Internet users who don’t use password managers are three times more likely to be affected by identity theft. (Security.org, 2023)

Passwords are our first line of defense, yet weak or reused passwords are one of the most common vulnerabilities in cybersecurity. Follow these best practices to avoid getting hacked:

  • Use Unique Passwords: A unique password for each account prevents attackers from gaining access to multiple accounts if one is compromised.
  • Create Complex Passwords: Aim for at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols. Avoid personal details like names or birth dates.
  • Consider a Password Manager: A password manager can create and securely store complex passwords, making them easy to manage without memorizing each one.
  • Enable Two-Factor Authentication (2FA): 2FA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone. This is especially important for university accounts. UIC uses Duo 2FA.

Cybersecurity and data privacy risks are increasingly complex and will likely continue to evolve with emerging technology. Remaining vigilant and being informed are key elements for safety!

Shefali Mookencherry  |  UIC CISO

Avoiding Online Scams: Recognizing Phishing Emails Heading link

Image representing a phishing email being identified

Phishing continues to be a major cyber threat in 2025, adapting with the help of AI tools and targeting both businesses and individuals. Research from GreatHorn reveals that 57% of organizations experience phishing attacks on a daily or weekly basis. Malicious emails make up nearly 1.2% of all emails sent, which translates to approximately 3.4 billion phishing emails sent every day.

Human error remains a critical factor in cybersecurity breaches, accounting for 74% of incidents. (Verizon Data Breach Investigations Report, 2023). Additionally, IBM highlights that phishing is the primary method of attack, initiating 41% of all security incidents.

Phishing scams often arrive as emails that look legitimate, intending to trick users into clicking malicious links, downloading attachments, or providing sensitive information. Here’s how to spot them:

  • Inspect the Sender’s Address: Phishing emails often use domains that look similar to real ones but may include slight misspellings or extra characters.
  • Check for Red Flags: Look out for misspellings, unexpected attachments, or vague greetings like “Dear User.”
  • Be Wary of Urgent Requests: Phishing emails may pressure you to “act now” or threaten consequences if you don’t. These tactics are common in scams.
  • Hover Over Links: Before clicking, hover over any links to check the URL destination. Suspicious or unrelated URLs can indicate a phishing attempt.
  • Report Suspected Phishing: If an email looks suspicious, report it to the IT department and delete it from your inbox.

By committing to password security and recognizing phishing scams, we can help create a safe and secure digital environment for our university community.

I hope we all take the need for strong password protection seriously.  While it may seem like a pain at times, the extra care taken with your password creation and protection, along with the support of multi-factor authentication, will help us all keep UIC’s information, and our own private information safe and secure.

Matt Riley  |  UIC CIO 

Taking Action Against Cyber Criminals Heading link

If you believe you may have clicked on a suspicious link or received/opened suspicious email, immediately change your UIC password at the Net ID Center, and forward the email to the Technology Solutions Security Team at security@uic.edu.

 

Modified on January 10, 2025