The following message was sent to the Harvard community by UCIO Klara Jelinkova on Tuesday, March 22, 2022.
Dear Members of the Harvard Community,
Recent headlines have shown that cyber criminals are becoming more brazen and creative in their attempts to gain access to our data and accounts. Sophisticated criminal enterprises are targeting both institutions and private individuals; from large-scale theft of intellectual property to individual identity theft, including filing fraudulent tax returns.
We all have a role to play in protecting Harvard’s data and systems—and our own. Practicing good security habits is always important, especially so in times of heightened risk. The following small actions can make a big difference in keeping information safe and secure.
Be alert for suspicious messages
Cyberattacks often begin with fraudulent “phishing” messages intended to make you open a file, click a link, install a plug-in or tool, or make a payment. These messages often impersonate trusted contacts and use emotive or urgent language to ask you to do something out of the ordinary, or something ordinary in an unusual way.
If you receive a suspicious message:
- Do not click any links or open any attachments
- Forward the message to phishing@harvard.edu
- Delete the message
Find more tips on how to spot phishing messages here.
Protect your accounts
Two-step verification significantly improves the security of your HarvardKey account. However, if you see repeated Duo push notifications asking you to approve a login that you didn’t initiate, it could mean someone else is attempting to access your account.
If you receive an uninitiated Duo push notification:
- Do not approve the login
- Change your HarvardKey password
- Report the incident to ithelp@harvard.edu
Find more tips on protecting your accounts and logins here.
Apply updates to your devices and apps
Cyberattacks exploit vulnerabilities in devices or apps to install malicious code and enable unauthorized access to systems and data. Installing the latest security updates minimizes this risk.
- Harvard devices and apps: Allow updates to install and reboot as soon as you can. Do not defer important security updates.
- Personal devices and apps: Ensure automatic updates are enabled and reboot your devices at least once a week:
Find more details on keeping your devices and apps up to date here.
If you have security questions or concerns, or if you need to report an incident, please contact ithelp@harvard.edu. Thank you again for your commitment to keeping Harvard’s data safe and secure.
Sincerely,
Klara Jelinkova
Vice President and University Chief Information Officer