Cyber Security

Toolkit
For College Students
And Families
Assure Students And Families Of Your Commitment
To Cyber Security

Your Students And Their Families

Are Concerned

College students and their families are worried about the privacy of personal, financial
and healthcare information they provide to schools, and with good reason.

 "Phishing" attacks against higher education institutions (which can trigger

ransomware) are on the rise.1
 At least one in ten universities has experienced a ransomware attack in the past
year, significantly higher than government entities or healthcare organizations. 2
 In the UK alone, two-thirds of universities have been impacted by ransomware. 3

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

Like most colleges and universities, you’re working hard to defend against cyber attacks
by employing new strategies and tools. Yet, understandably, you don’t share your
tactics with the general public. As a result, many prospective students and families
aren’t sure how to evaluate your commitment to privacy or expertise in cyber security.

To compound the challenge, most university cyber policies are designed for employees
and IT teams, not students and families. While students may sign a “Responsible Use of
IT” agreement when using school resources, they often don’t understand the details or
adapt their behaviors to reduce risk.

When students and families are underinformed, they are more likely to engage in cyber
behaviors that put the entire school at risk.

Help is on the way. The Cyber Security Toolkit for College Students and Families is
your essential guide to communicate cyber best practices throughout your school
community.

How Schools Can Use This Toolkit

The Toolkit provides ready-made, easily digested and sharable resources you can use
to help college students and families understand your school’s cyber strategy.

You can add your own branding to the yellow highlighted text and edit the Toolkit as
needed to reflect your organization and the details of your own practices, tools, and
expectations for responsible cyber behavior.

Schools can also easily customize the Toolkit to reflect the details of their own
practices, tools, and expectations for responsible cyber behavior. You can edit the
Toolkit as you see fit to best reflect your organization.

To reinforce your institution’s commitment to cyber security and ensure essential

information is available to prospective students and families as they evaluate your
school, we recommend placing your version of the Toolkit on your website.

Keep in mind you are not limited to communicating these cyber best practices via your
website. You could also direct members of your school community to the page via email
or a regular newsletter. You may also choose to distribute a version of the Toolkit to
incoming students.

The Toolkit is copyrighted under the Creative Commons Attribution License. We

welcome schools to build upon this work and publish, providing credit to
www.thycotic.com.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

Cyber Security Guide

For NAME OF YOUR SCHOOL
Students And Families
We employ the latest cyber security strategies to keep information private and secure.
We also empower everyone in our community, including faculty, staff, students and their
families, to manage their own cyber security at school, at home and at work.

Name of your school is a highly connected environment, with students using laptops,
tablets, and phones to access data anywhere — both on and off campus. We allow
students the flexibility to create information and install and execute applications they
need to accomplish their educational goals.

It is important to allow access to resources while maintaining the highest security levels.
We have implemented a number of security strategies to reduce the risk that sensitive
information will be inadvertently or maliciously exposed.

NOTE: Your school may choose to edit this section to include information about
your security strategies.

The following are some examples of information to include:

How We Protect Your Information

We protect the confidentiality, integrity and availability of your online information assets
from unauthorized use, access, disclosure, modifications, damage or loss, and cyber
threats.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

Information We Collect
Different departments may collect a variety of personal or confidential information:

 Academic records – student coursework, grades, transcripts

 Financial information – financial aid, payment information
 Healthcare information – via our medical center and through insurance carriers
 Personal information – including social security numbers, demographic
information, photographs, personal phone numbers, and IP addresses.

We Meet All Laws And Regulations

For Privacy And Security
We comply with all relevant laws and regulations that govern data privacy and security.
Chief among these are the Family Education Rights and Privacy Act (FERPA) to protect
student records, HIPAA mandates for electronic personal health information, PCI
requirements for credit card payments, and FISMA/NIST regulations for any research
funded by the federal government.

We process data of all members of our community (students, families, donors, alumni,
etc.) who are residents in the E.U. according to stipulations of the GDPR.

Our data privacy and security practices are audited on a regular basis by independent
bodies.

We Require Authentication To
Access Confidential Information
User ID’s, passwords, and system credentials are the keys to protecting the files and
privacy of all users in our school community. We use an online authentication and
password protection system that that protects our student information system, online
learning tools, webmail, and more.

When providing access to school resources, we enforce password protection best

practices. This includes detecting and disabling weak passwords that can be easily
guessed or cracked and implementing password “aging” mechanisms to change
passwords at certain intervals.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

We Detect Threats In Real Time

In order to prevent malware from being downloaded onto the school network, we protect
computers that connect to our network and access and download software. Real-time
threat intelligence includes whitelists for approved applications and blacklists for known
dangerous applications.

Our Storage Is Secure – And We Back It Up

We offer students private, secure storage and regular backups for their academic and
personal files.

Anti-Virus Software Is Free For Everyone

In Our School Community
Anti-virus software can help protect your computer from attacks while detecting and
removing any malicious files that sneak through. It's important to keep your anti-virus
software installed and up to date on all of your computers.

We offer virus protection options at no cost for enrolled students. For more information,
visit www.yourschoolname.edu.

We Take The Extra Step – Two-Step Verification

Two-step verification confirms that users are who they say they are. It provides an
additional layer of protection when you are accessing school websites and applications.
To enroll in name of your of school’s two-step verification visit URL.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

How Students Can Stay Safe

Students play an essential role in keeping information safe and private. You can take
steps to keep your information safe even before they become a part of our school
community.

1. Join Our Training And Awareness Program

Every enrolled student is required to complete cyber security training in order to become
a responsible cyber security citizen. Our list of training resources includes tip-sheets,
videos, in-person sessions and campus-wide events (link to your schedule and
individual resources).

2. Create Timeouts And Login Screens For Your Devices

Make sure you set up passwords and/or fingerprint authentication for your devices and
set them to be required after your device is unused for a set amount of time.

3. Register Your device

A lost or stolen tablet is more likely to find its way back to you if campus police already
have your name, address, phone number and the tablet’s serial number. You can
register your device by contacting your school’s contact information.

4. Set Up Device Tracking Software

Laptop or phone tracking software allow you to track your device if it’s misplaced or
stolen. Some applications allow you to remotely lock down your device or erase
sensitive data.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

5. Keep Your OS and Software Up To Date

Having the latest version of operating systems, apps, and anti-virus software is key to
defending against viruses, malware and other threats. Turn on auto updates for all your
devices’ operating systems, antivirus software and apps. If you don’t want to auto
update, make sure you install updates when they’re available.

You should shut down/restart your computer at least once each week to make sure
software and security updates are properly installed and keep your computer running
smoothly.

6. Keep Your Passwords Secure

Create strong passwords with an online password generator.

 Make sure you choose strong passwords, with a mix of letters, numbers, and
symbols.
 Don’t use the same password for multiple devices or software
 Change your passwords regularly.
 Never provide password information to anyone over email or social media.
 Never share passwords with anyone, even if they seem well intentioned.
 Don’t write your passwords down and store them on your computer or on a post-
in note.

DID YOU KNOW:

25 common passwords make up 10% of ALL passwords used! 4

7. Know How To Recognize Email Phishing Attempts

Phishing works because criminals camouflage their "bait" as legitimate email
communication. Their goal is to trick you into clicking on malware that would be installed on
your computer. Once the malware is installed, hackers can log your keystrokes, change
your information, or cause other damage.

DID YOU KNOW:

30% of phishing emails get opened!5

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

Some phishing attacks are targeted specifically at students, including the name and
logo of the school and asking for login credentials. Name of your school will NEVER
request your log in credentials via emails.

Can you ID a scam?

Learn more about how you can spot a phishing attempt.
If you doubt an email's authenticity, don't click on it, and report it at your school’s
support email address.

7. Don’t Download Free Media 

Torrents, direct download websites, and streaming hosts can invite malware and viruses
onto your computer. You will reduce your risk of downloading malicious software if you
avoid illegal content and piracy websites.

8. Don’t Overshare on Social Media

Use your privacy settings and limit who can see your posts. Avoid adding strangers to
your friend lists, since these accounts may be connected to spam, malware and viruses.

9. Learn To Use The VPN

When you are off-campus and connecting to the school resources, you can connect via
name of your school’s virtual private network (VPN) instead of public networks.

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

What If I Have Questions?

If you would like assistance with implementing any of the cyber security steps above,
contact your local IT service desk (www.nameofyourschool.edu/supportinfo), call your
school’s phone number or send an email to name@nameofyourschool.edu.

More Resources
Cyber security is a joint effort and takes all of us to succeed. These resources can help
all members of the name of your school community learn about responsible cyber
security practices.

 Wiley’s Cybersecurity for Dummies

 The National Cyber Security Alliance and STOP. THINK. CONNECT.™

program

 Stay Safe Online.org, run by the National Cyber Security Alliance (NCSA),
has free checkups and tools, tips for individuals and families

 Cybrary’s Dictionary of Cybersecurity Terms

 Free password and privileged account discovery tools from www.thycotic.com

ENDNOTES

1. https://www.wdsu.com/article/college-students-are-the-latest-targets-of-aggressive-
phishing-scams/8730682

2. https://www.insidehighered.com/news/2017/01/24/experts-warn-ethical-implications-
paying-ransom-unlock-hacked-files

3. https://www.newsweek.com/two-thirds-universities-hit-ransomware-492988

Cyber Security Best Practices Suggested By www.thycotic.com

 Cyber Security Toolkit
for College Students and Families thycotic.com

4. https://www.csoonline.com/article/3244004/security/top-25-worst-most-insecure-
passwords-used-in-2017.html

5. https://www.verizonenterprise.com/verizon-insights-lab/dbir/

Cyber Security Best Practices Suggested By www.thycotic.com