Koch Institute Technology Services is advising the community to please be aware of some steps that can help protect you from these attacks security threats and to be vigilant when it comes to checking the source of any request that seems suspicious to you. If you are interested in learning more about how to protect your information here at MIT, you . can visit the IS&T Security Information Protection page here.
It is important to note that neither KITS nor IS&T will ever ask for your password or send an unprompted email to you with a direct link to reset your password, and you should never share your account credentials via voice or text with anyone. In cases like this, if it looks suspicious, it almost certainly is and we do ask that you forward these to ki-help@mit.edu and phishing@mit.edu as an attachment so we can follow up with the IS&T Security Team.
...
- Suspicious Links - Never click on a link or download an attachment in an email you were not expecting, even if it is from someone you know and trust. Best to check with that person in a separate email to confirm that it is, in fact, genuine.
- Confirm the Sender - Make sure you confirm the sender’s email address before responding to them. If it did not come from an MIT email address, it would be wise to follow up in a separate email to that person’s MIT address to confirm it is legitimate. Spoofing legitimate email addresses is a very easy and common tactic, so again, please make sure you follow up in a separate email instead of replying directly to the original.
- Password Managers - IS&T has licensed LastPass for the MIT Community, and we strongly recommend the use of that, Apple’s, or Google’s built-in password vaults to maintain account security. For the best protection, please consider using auto-generated strong passwords suggested by these apps.
- Check Your Accounts - There have been quite a few data breaches over the past few years, and your accounts may have been affected by one or more of these. We strongly recommend the use of the password managers mentioned above, many of which allow for automated resets of breached accounts with suggested strong passwords. Alternately, you can check to see if your accounts have been compromised here.
There are also some things you should do to secure your computer, and we do recommend that all members of the department Koch Institute follow these easy steps.
- Turn on Automatic Updates – Windows 10 Devices | macOS Devices
- Install Anti-Malware Applications – For the best protection, KITS recommends using software that protects from known threats (Sophos Anti-Virus) as well as heuristically through machine learning and AI (Crowdstrike Falcon).
- Use Cloud-based Backup and Storage - KITS recommends the use of Crashplan backup software, along with storing the majority of your data in the cloud through Dropbox or Microsoft OneDrive.
- Connect to MITNet via VPN - IS&T maintains a VPN client called Prisma Access GlobalProtect
IS&T also maintains a security awareness and education page here with links to security awareness training in Atlas.