With the start of the spring semester, the Office of Technology Services (OTS) would ask for your attention to these important reminders about security and the protection of personal and sensitive information.

Please note it is our collective responsibility to protect Illinois Tech from cybersecurity events and the affiliated undesired outcomes to the university’s finances, reputation, and more.

Important Security Practices You Need to Follow

A. What to Do If You Think You Have Been Impacted by a Cybersecurity Incident

• Disconnect the network cable and/or turn off the wireless to prevent the device from communicating with the attacker and/or infecting other users. DO NOT TURN OFF THE POWER.
• Call the Support Desk at 312-567-3375 (on campus x7DESK) (at Conviser Law Center, call the ITS Help Desk at 312-906-5300 (on campus x65300)) and let them know what you have observed, the actions you have taken, and where the device is located.
• As soon as possible from another device, not the one you were using when you first suspected a cyberattack, change your myIIT.edu password. For instructions on how to reset your password, please click here. 

B. Measures You Need to Take to Maintain Security

• Beware of Phishing Attempts!
  • Think twice before opening emails with an external “[Ext]” designation.
  • Don’t click on links (or open attachments) that you find in your spam/junk folder. Even if the emails/links look legitimate, they are placed in your spam/junk folder for a reason!
  • Be wary if an email:
    • Contains an unusual or unexpected message;
    • Asks you for a favor and to reply to the email;
    • Asks you to click on a link, especially a shortened, small URL;
    • Purports to come from a sender whose name does not match the displayed name or comes unexpectedly from someone in a university leadership position;
    • Contains text that conveys a sense of urgency; and/or
    • Comes with an unexpected attachment. AVOID opening the attachment.
• Protect Your Credentials!
  • Never give or share your password with anyone. No IIT person or department will ever ask you for your password.
  • IIT will never ask you to re-verify your IIT Gmail account or indicate it will be disabled if you do not reply or click on a link.
• Avoid “Drive-By Downloads!”
  • A “drive-by” download is a type of cyberattack wherein a computer becomes infected with malicious software just by visiting a website, without your stopping or clicking anywhere on the infected page.
  • To help prevent this:
    • Update your software quickly and consistently or, alternatively, (re)configure your settings for auto-updates. This effort should also include routinely updating your browsers, browser plug-ins, and operating systems;
    • Remove unnecessary software and add-ons; and
    • Do not download applications from the Internet that are not work-related.
• New security measure implemented this month: you can only access your remote desktop and work remotely, if you have first connected to IIT’s VPN.

C. Personal and Sensitive Information

• Please review IIT’s Record and Email Retention Policy to familiarize yourself with data retention, records’ disposal, governmental and statutory compliance, etc.
• Remove ALL personal and sensitive information from your personal computer. Such information, which includes, but is not limited to, students’ grades, social security numbers, addresses, health records, etc., should be stored on the IIT network and in its data systems, and, ONLY if absolutely necessary, should it be stored on your personal device for the briefest possible period.

D. Passwords

• Illinois Tech has minimum standards for passwords. (Exhibit I of IIT’s Use of Technology Resources Policy). You always want to create a strong password and refrain from keeping it on your desk/in a visible location.
• Please take a moment to also review the password construction tips found in Appendix A of that same policy.

Thank you for doing your part to help keep Illinois Tech secure.