Keeping information secure at MIT

December 6, 2023

Mark V. Silis, Vice President for Information Systems and Technology |

Dear MIT faculty and staff,

We regularly remind members of our community to follow digital security best practices. With recent trends in cyberfraud, including growing concerns about ransomware, we ask that you please remain vigilant and review the following guidance to help keep information secure at MIT.

Phishing and other scams

Phishing emails continue to be an effective way for scammers to steal money, compromise credentials, and/or install malware and ransomware. These emails may appear to come from someone you know. If you receive an email from a colleague or friend but something doesn’t seem right, reach out to that person directly via another method, such as by phone or Slack, to be sure it is not a scam.
Be suspicious of email language asking you to click a link or use a QR code to keep your account open or retrieve quarantined emails. If you want to visit that account, type the address directly in your browser.
Scams often involve fake login pages and may even replicate Touchstone. Do not accept any Duo requests that you did not initiate. If you receive a Duo push or call that you did not initiate, change your password immediately and notify the IS&T Information Security team.
Scammers may impersonate Dell, Microsoft, or Geek Squad and urge you to call tech support or install software. Contact the IS&T Service Desk directly if you are ever asked to contact tech support.
Report suspicious emails to the IS&T Information Security team. If your mailbox is in Office 365, there is a “PhishAlert” button to make the process easier. If your mailbox is not in Office 365, please forward the email as an attachment to phishing@mit.edu.

Protecting information

Use multi-factor authentication (e.g., Touchstone with Duo) when accessing MIT email systems. Most MIT email accounts (those on Office 365) require you to re-authenticate with Touchstone every 90 days. While this additional step can be inconvenient, it helps to safeguard your email account.
Work with your department’s IT staff or IS&T to implement the recommended protections for the risk level of the MIT data you have on your device.
Use an Institute-owned and managed device for your MIT work.
Enable automatic updates for your operating systems and software to protect against the latest security threats.
Install CrowdStrike Falcon and Sophos Anti-Virus to protect your computer against threats, viruses, and malware.
Use a password manager such as LastPass to generate and protect strong, unique passwords.
Back up your computers using Code42 to recover information from computers that have been lost, stolen, or compromised by malware.
Assist MIT in fulfilling its legal and regulatory obligations by reporting an incident as soon as you become aware of it.

Learn more

Take Information Protection at MIT, Awareness I: IT Security, Awareness II: IT Security courses in the Atlas Learning Center.
Visit KnowBe4 training portal, enter your MIT email address, and click on the Library tab for courses on security and phishing awareness.
Contact Jessica Murray, who directs IS&T’s security programs, with any questions or for training guidance.

Thank you for doing your part to help protect information at MIT.

Sincerely,

Mark V. Silis
Vice President for Information Systems and Technology