When you start at a new university, you open the door to a new world of digital security issues. New accounts, email addresses, and services are all part of the university experience, but they create new digital vulnerabilities.
Malicious actors know that university email addresses follow a predictable format, what personal information they can uncover if they access your accounts, and the best times to send you a phishing email.
Whether you’re starting your first year or last year at university, you should take the time to review your digital privacy. Audit all your accounts, update passwords, and familiarize yourself with any new security features.
In this article, we’ll walk you through essential privacy habits you should follow as a college student.
5
Take note of your university’s official email address format
Weed out fake emails yourself
When you join a university, it gives you a personal email address for university communications.
It’s a useful way to separate your school and work emails, but it opens up another avenue for malicious actors to send you spam or phishing links.
While you may think you’re aware of how to avoid phishing attacks, your university email address is significantly more vulnerable. Here’s why.
When you first open your university email address, or return to it after summer break, you’ll likely have a flood of welcome emails, reminders, and important back-to-school notifications.
These will be sent from official university emails, contain themed assets like banners and logos, and include information about the university.
All this information is publicly available, making it very easy for nefarious folks to mimic official communications.
To avoid falling for a phishing link, take note of what a phishing email looks like.
For example, let’s say your university communications use the format lastname.firstname@university.org or department@university.org. A malevolent individual may therefore use a format like lastname.firstname@uniiversity.org to try and trick you.
Your university may have set up flags to alert you when an email comes from outside the university, but if not, you should always double-check the sender’s email address before clicking links.
4
Do not log in to university accounts on unsecured networks
Public networks are a massive security issue
It’s nice to take a break from campus life and work off-site, but this leaves you vulnerable to mischievous rascals over public networks.
University Wi-Fi networks usually require a password to prevent unauthorized access, so you can safely access your personal information. However, public Wi-Fi networks don’t have the same level of security.
When you’re connected to a public Wi-Fi network, malicious actors can scan for open ports, intercept internet traffic, or set up fake Wi-Fi hotspots to monitor all traffic. If you do use public Wi-Fi networks, follow these steps to safeguard your data.
- Verify the name of the Wi-Fi network you are connecting to. Look for a sign showing the correct name of the local network.
- Disable file-sharing and discovery settings on your devices.
- Set up antivirus software before downloading any files.
- Install the latest security updates on your device before connecting.
- Disable public AirDrop on Apple devices.
- Check that you have a firewall enabled.
- Do not access sensitive accounts, such as bank accounts or medical records.
The best practice is to save your work offline before you head to a coffee shop. Keep your Wi-Fi disabled whenever possible.
3
Use different passwords and 2FA for your university accounts
It seems obvious, but make sure you protect your accounts
You should follow good password practices in all aspects of your life, but this is especially important for your university accounts.
Your university login will often grant you access to multiple accounts, each of which requires a separate password. It is therefore straightforward for malicious individuals to know which accounts they can access if they discover your password.
The best solution to managing your accounts is through a password manager.
There are plenty of secure password managers to choose from, but we don’t recommend using one built into your devices or apps, like Chrome’s password manager. These are relatively easy to access compared to dedicated password managers. A dedicated service is usually the better choice.
You should also use 2FA, or two-factor authentication, to further protect your accounts. Even if an evil-minded character knows your password and email address, they won’t be able to access any accounts without your 2FA details.
The simplest 2FA method is through an app like Google Authenticator or Authy. These are effective 2FA apps, but you must keep these apps secure. Disable them remotely if you lose the device they are installed on, and never use the same password for other accounts.
2
Familiarize yourself with your university’s IT resources
Know where to go if something goes wrong
In my first year at university, I fell victim to a phishing scam that locked me out of my accounts. Fortunately, I knew that the IT department had resources to restore my accounts.
Within the hour, I had my accounts restored and learned a valuable lesson in the process.
The most important takeaway from this story is that no matter how many steps you take, you are always vulnerable. There are steps you can take if you click a phishing link, but you should also know what to do if things go too far.
Your university’s IT office will often have backdoor access to your accounts so they can restore them if you are locked out. Make sure you’re aware of how to contact it, when it’s open, and what security resources you can access.
1
Know where your data is stored on your university accounts
You might be surprised by how much of your personal information is stored by your university
It’s easy to dismiss the importance of securing your university accounts. While your schoolwork (probably) isn’t valuable to a hacker, your university accounts are filled with valuable information for others.
Universities offer financial support, medical resources, job advice, and other resources that use your personal information to help you succeed.
If a hacker can access your university accounts, they unlock a vault containing more of your personal information in one place than anywhere else.
For example, a hacker could pause regular payments to your university, then send you an official-looking email informing you of a new way you need to make your payments.
Privacy tips discussed earlier in this article can prevent this from happening in the first place, but you should also take time to know what personal data is stored by your university, where it’s stored, how you can access it, and how secure it is.
Remove any references to unnecessary data, and check that you have protections against the most at-risk accounts. Your university will inform you of any changes to how your data is stored. Act on these as soon as possible.
Use all the digital resources at your disposal
Your university may have additional privacy measures on top of those listed in this article. It should make you aware of these, but it’s worth checking all the resources available to you.
The data stored in your university accounts is incredibly valuable to others, so you should take every step you can to secure it.
