Be Alert: Heightened Cybersecurity Awareness


As you may have seen in the news, a major vulnerability named Log4Shell was found in a foundational Java library, which has had a critical impact on tech giants such as Microsoft, Apple, Twitter, and more. As companies rush to fix this vulnerability, we are reminded to stay vigilant, particularly during the holidays. The FBI has warned of an uptick in cyberattacks over the holidays, as people are distracted and less likely to scrutinize suspicious emails and other activity.  To help keep you safer, I have outlined important prevention measures below to protect your KU and personal accounts.

Contact KU IT

If you believe you may have been the target of a cyberattack, including receiving a Duo request you did not initiate, please contact us immediately at 785-864-8080 (24/7). Any other questions or concerns about IT security at KU can be directed to the IT Security Team at itsec@ku.edu.

Change Your Password

You may have been required recently to change your KU password, even though it wasn’t due to expire. This was based on an abundance of caution due to the Log4Shell security threat. The IT Security Office strongly recommends everyone change their KU and personal passwords (particularly on sensitive accounts such as banking, health care portals, etc.). Visit MyIdentity Services to change your KU password, and set up challenge questions and a recovery email address if you haven’t already done so.

Duo Multifactor Authentication Reminder

(KU employees only)

Duo multifactor authentication is a critical line of defense in protecting your KU accounts. If you receive a Duo notification that you didn’t initiate, it probably means your KU Online ID and password have already been compromised and a hacker is trying to access your account.

Important Reminders:

  • DO NOT approve any Duo push or phone call notification you receive unless you are actively logging in to a system.
  • NEVER provide a Duo code to anyone who requests one. Duo codes are only to be entered into a verified KU log in page. When logging in, double-check the URL of page to ensure it is an authentic KU website (i.e., URL ends in “ku.edu”).
  • If you receive a Duo request you didn’t initiate, immediately call KU IT at 785-864-8080 and report it.

Heightened Cybersecurity Awareness

  • Be Vigilant: Be vigilant in scrutinizing emails that include links or attachments, regardless of the account they come from. Be cautious if a link takes you to a log in page that asks for your username and password.
  • Be Extra Cautious on Mobile Devices: It can be more difficult to see important clues to evaluate emails when reading on a mobile device.
  • Verify log in page URLs: When logging in to KU systems, always confirm the URL in the browser is a legitimate KU address before entering your KU Online ID and password. Criminals can create fake web pages that look nearly identical to our KU log in page.

Online Shopping Tips

  • Protect your payment information: Credit cards provide more consumer protections than debit cards if your information is stolen. Consider using a third-party service such as PayPal or Google Pay for an added layer of protection.
  • Research the merchant: Do a quick online search to assess the reputation of sellers you are not familiar with. Fraudulent sellers often have an abundance of negative reviews.
  • Review your card statements: Make a habit of checking your bank or credit card statements and keep an eye out for any unauthorized activity. Hackers will often start with small transactions, and slowly work their way up to larger purchases to evade detection.
  • Use a secure browser: Check for the “lock” icon in your browser status bar, and be sure “https” appears in the address bar to ensure your private information is encrypted.
  • Use a secure network: Avoid using public computers or public wireless connections to conduct transactions, as they are at high risk of being compromised. 

Guidance for Electronic Gifts

  • Make sure you update the firmware, applied patches, etc. when setting up new devices.
  • Put Internet of Things (IoT) devices (e.g., smart speakers) on their own network or separate them in some other way from computers and devices that have personal or sensitive information.
  • Set up strong passwords and multi-factor authentication on all your accounts that have access to your home security/camera systems.
  • If you haven’t already, subscribe to a family password manager, and consider using a USB security key, such as YubiKey, for any accounts that contain highly sensitive information.
  • If giving a game console as a gift, set it up in advance so it is playable immediately after opening (your kids will appreciate this and it will make the holiday less stressful).

Email and Device Security Best Practices

  • Report suspicious messages using the Report Message button in Outlook.
  • Review our guidance for working remotely and IT security when traveling.
  • If you click on a link in a suspicious message or think you have fallen for a phishing message and compromised your KU Online ID or password, call 785-864-8080 IMMEDIATELY!
  • Keep your home computer up to date, restarting it frequently, and be sure to install all system updates. KU-managed workstations automatically receive updates.
  • Install antivirus software on your devices and keep it running.
  • Protect your online accounts with strong passwords, and don’t share them with anyone.
  • Keep your software up to date, and remove any unused programs from your computer.
  • Back up your data on an ongoing basis, ideally to a cloud account.

Cybersecurity Awareness Training

(KU employees only)

IT security is a community responsibility. Being informed about common cyber-threats will help you protect yourself and the KU community. If you have not already completed KU’s You Are The Shield – Annual Security Awareness Training in MyTalent, please do so at your earliest convenience.

Contact Us for Help

Unfortunately, many cybercriminals are good at what they do, and people make mistakes that can be exploited by cybercriminals. We understand that, and our focus in the IT Security Office is on working to resolve potential security issues when students, faculty or staff are victims of a cybercrime. Please contact us immediately at 785-864-8080 (24/7) if you clicked a link in a suspicious email or think your account may have been compromised in any other way.

If you have any questions or concerns about IT security at KU, please contact the IT Security Team at itsec@ku.edu.