Some reminders from the VP/CIO for faculty and staff to keep yourself and UMD data safe from cybercriminals this semester:

In light of recent ransomware attacks in the state and region, I call your attention to five important precautionary measures you can take to minimize the chances of falling victim to scams and exposing UMD to ransomware attacks. As a reminder, ransomware involves a cybercriminal gaining access to a computer system and either encrypting data or threatening to publicly disclose data unless a ransom (often via cryptocurrency like Bitcoin) is paid.

Think twice before clicking on links

A major point of entry for ransomware and other malware is clicking on links included in email messages. Unless the email is expected or from a known UMD sender, do not click on hyperlinks included in an email message. Hover your mouse over a link to see where it takes you before clicking.

Ensure you have a backup

A critical defense against ransomware is to ensure you have a copy of all important files stored in a secure location other than on the primary device. For DIT-provided storage (such as Google and Box), backups are provided as part of that service. However, if you must store files on a laptop, departmental computer or departmental server, verify with your local IT support team that critical files are backed up. Available campus backup services include Code42 and IBM/Tivoli Spectrum Protect.

Ignore business email sent from personal accounts

We have recently seen targeted phishing attacks that use fraudulent Gmail accounts displaying names of UMD community members. If you receive email from a personal account (especially Gmail) that claims to be from a UMD faculty or staff member, please reply and ask them to contact you via their official UMD email address. Also ignore any requested action in the email until it is re-sent from an official UMD email address. If you read email on mobile devices, please be especially careful since these devices often show only the name of a person and not their email address, making it harder to detect phishing emails

Use your university-provided email account

Using non-UMD email accounts for university business creates confusion and can make university colleagues less suspicious of messages coming from non-UMD addresses. Also, many personal email accounts lack contractual terms to protect the privacy of university information.

Report all IT security incidents to DIT

Should you see indications of a security compromise on any UMD computer or involving any UMD account, it is imperative that you contact DIT's security team. DIT's security team will work with your local IT team to investigate and resolve any issues. Even if you or your local IT team are able to investigate and address the incident, it is important to contact DIT so we have awareness of all security issues at the campus level. Please email soc@umd.edu to report every IT security incident.

Thanks for your continued vigilance in keeping our systems secure.