5 steps to stay cyber smart

Ransomware attacks. Hacked social-media accounts. Phishing scams. Online threats—from the merely annoying to the potentially devastating—seem to be virtually everywhere.

But Information Technology Services provides some relatively simple steps can dramatically reduce your risk of falling victim. 

1. Avoid and report phishing scams

Phishing refers to emails, texts, or even phone calls that try to steal passwords or other private information. They might directly ask for your info or lure you to a shady website. ITS provides a comprehensive primer on phishing and how you can avoid it.

Universities are tempting targets for scammers. While the UI screens out thousands of fraudulent emails every day, phishing remains the campus’s most pervasive cybersecurity threat.

If a message looks or sounds suspicious, it probably is. Delete it.

2. Use Two-Step Login and similar systems

Two-Step Login is the university’s multi-factor authentication system. It works by asking you to verify HawkID logins using a device only you possess, usually your phone.

Social-media platforms, online banking, and other services often offer similar systems. Use them whenever available. They can stop thieves from accessing your accounts using stolen passwords.

Two-Step Login push notifications to the Duo Mobile app on a phone or tablet are fastest, most convenient, and potentially most secure way to complete your HawkID logins. If you’re still using phone calls or texts, switch to push notifications.

3. Use strong passwords

The best passwords use keystroke combinations that are impossible to guess and unique to each tool you use.

Password-management apps can help by suggesting strong passwords and keeping them easily within reach. If you get notice that it’s time to change a password, act on it.

Also, pay attention to news about data breaches at online services or websites you use. Some technologies (such as iOS 15) will alert you if your passwords have been compromised or are easy to guess. If you hear about a hack, change your password and follow any other recommendations.

4. Back up your data

If you fall victim to a cyberattack, having a secure, remote backup can save your files and reduce disruptions to your life and work. You’ll also be protected should your hardware fail for other reasons.

Common operating systems for computers and other devices make it easy to back up to the cloud or another piece of hardware, often automatically.

If you’re not backing up, take some time to research your options. If you are backing up, periodically check to make sure your systems are running.

5. Update your software

It’s easy to ignore software-update notifications. But by delaying until tomorrow—or next week, or next month—you could be missing vital security patches.

Instead of putting it off, run operating system and application updates whenever you get notifications. If you aren’t getting notifications, proactively check to see if updates are available.

Remember that a cybersecurity breach can affect not just you, but also the people around you. Online safety is a shared responsibility. Taking even a few of the steps outlined here can help you do your part.


  1. How do we stop receiving scammers from calling our office numbers? I have put my office number on the DO NOT CALL LIST and they still are able to call it. I just received one today that came up on caller-ID with the area code of 563. However, when I answered the call they were not speaking in English. Why is this happening and how can we stop this? Thanks much! Bev

    • Hi Bev,

      It sounds like you’ve done the right thing! Thank you for being so diligent about protecting our systems. For assistance, contact the HCIS Help Desk at 319-356-0001 or by email at helpdesk-hcis@uiowa.edu

Comments are closed.