October 2025

Cybercriminals Target KU Employees – Here's Why:

October is Cybersecurity Awareness Month, and this year KU is emphasizing one clear message: “Think Before You Click.” Your KU credentials, professional contact information and access to university systems are valuable targets for cybercriminals. Faculty and staff are often targeted due to their roles, access to sensitive data and public-facing profiles.

Here are a few practical tips and reminders to help you protect your digital identity and contribute to a safer university environment.

Understanding & Preventing Doxing

Doxing, when someone’s personal information is shared publicly online with the intent to harass or intimidate, can happen to anyone, even if you’re posting from a personal account on your own time. For KU employees it may be important to keep personal and professional information separate and take steps to protect your digital footprint.efdefaad

Inside Higher Ed offers a list of seven actionable items that may protect university employees against doxing:

  • Keep your personal and work accounts separate. Don’t list KU in personal social media handles.
  • Consider removing employer or work contact details from personal accounts.
  • Scrub your info from data broker sites (or use opt-out services).
  • Consider usingemail aliases or masks for non-work activities (so your personal address isn’t directly tied to you).
  • Think before you click ‘post’. Anything posted publicly could be screenshotted or shared far beyond your intended audience.
  • Use strong passwords multi-factor authentication on all accounts.
  • If you’re doxed: prioritize your physical safety, document threats, lock down accounts, and report to authorities or campus security. 

For additional guidance, visit the Online Harassment Field Manual - Managing Your Online Footprint and Protecting from Doxing.

Microsoft Copilot: Your Secure AI Tool

When opening an AI tool, it is important to "think before you click" and consider the security and confidentiality of the information being entered. Data shared with most public AI platforms can be stored, reused or exposed outside the university, creating risks for confidential or sensitive information.

Copilot is the only AI platform approved for use with sensitive or confidential University data. It provides the convenience of AI while keeping work protected under KU’s security standards, as outlined in the University Data Classification and Handling Policy.

Copilot is available to KU employees in several convenient ways:

  • Available online through a browser or mobile device.
  • Integrated into Microsoft Office applications.
  • Sign in with a KU Online ID.

When opening an AI tool, it is important to "think before you click" and consider the security and confidentiality of the information being entered. Data shared with most public AI platforms can be stored, reused or exposed outside the university, creating risks for confidential or sensitive information. Copilot provides the convenience of AI while keeping work protected under KU’s security standards. Additional tips, examples and best practices for responsible AI use are available on the University AI Guidelines page. Questions or comments may be directed to ai_taskforce@ku.edu.

Password Hygiene & MFA: Your First Defense

A stolen password can drain your bank account, lead to unauthorized access to university systems and risk exposure of sensitive data. That’s why KU requires Duo multi-factor authentication (MFA). 

  • Use a password manager – It generates and stores strong, unique passwords so you don't have to remember them all or resort to "Password123" variations.'
  • Choose passphrases or long randomized passwords – Choose passphrases or long randomized passwords, instead of predictable combos or use a password manager to generate one.
  • Never reuse passwords across critical systems – If one account falls, they shouldn't all fall with it.
    Always turn on MFA wherever it's offered – Even if a hacker gets your password, they still can't get in without your second factor authentication.
  • Never approve a Duo push you didn’t initiate – If you receive a login request you didn’t trigger, deny it and report it immediately. This could be a sign someone has your password.

Quick Tips & Reminders

  • Use separate accounts (personal vs KU).
  • Limit publicly visible personal info (on social media, bios, websites).
  • Enable strong passwords and MFA everywhere.
  • Use alias email or masking services for public signups.
  • Periodically “Google yourself” and request removal of data from public sites or data brokers.
  • Be cautious sharing your mobile number, address, or personal email in professional settings.
  • If an incident happens: document, screenshot, report, and contact law enforcement if needed.

Need tech help? Contact the IT Customer Service Center at 785-864-8080 or itcsc@ku.edu. Or, visit our walk-up location in Anschutz Library. Find hours and more on our IT support page.

 

@kutechnology/kutechnology@kutechnology