Stay Smart, Stay Secure – Your Guide to Information Security on Campus

Why Should You Care about Information Security ?

You’re entering a university that runs on data:

• Your grades
• Your tuition and bank info
• Research data
• Email, cloud storage, logins – all digital

That means you are a target. Not because you're famous, but because you're connected..

Why Should You Care about Information Security ?

You might think, "I'm just a student, who would target me?" The truth is, everyone is a target. Here's why information security is crucial for you:

​

Protecting Your Academic Work: Your research papers, assignments, projects are valuable. Imagine losing a semester's worth of work to a ransomware attack.

​

Safeguarding Personal Information: Your student ID, bank details, home address, and even your grades are highly sensitive. Cybercriminals can use this information for identity theft, financial fraud, or targeted phishing attacks.

​

Maintaining Your Reputation: Online scams or compromised accounts can damage your reputation.

​

Ensuring University System Integrity: Your actions online can impact the entire university network. A compromised account can be a gateway for attackers to access sensitive university data, disrupt services, or launch further attacks.

​

Financial Security: Many scams aim to get your money, whether directly or by gaining access to your bank accounts.

Common Threats You’ll Face:

• Phishing: Fake emails that trick you into giving away passwords.
• Social Engineering: When someone pretends to be IT or a professor to get info from you.
• Malware & Ransomware: Dangerous software that can steal or lock your files.
• Account Hijacking: If someone guesses or steals your password, they can impersonate you.

Key Information Security Principles:

1. Strong & Unique Passwords - This is your first line of defense!

​

• Complexity: Use a mix of uppercase and lowercase letters, numbers, and symbols. Aim for at least 12 characters, uppercase and lowercase letters, digits, special characters.

​

• Uniqueness: Never reuse passwords across different accounts. If one service is breached, all your accounts using that same password are at risk.

​

• Password Managers: Use a reputable password manager (e.g., Keepass, Google Password Manager). They generate strong, unique passwords and securely store them for you. You only need to remember one master password.

​

• Two-Factor Authentication (2FA/MFA): Enable 2FA on every account that offers it – especially for email, banking, social media, and university systems. This adds an extra layer of security, usually requiring a code from your phone or a physical key in addition to your password.

Key Information Security Principles:

2. Be Wary of Phishing and Social Engineering. Phishing is the most common attack vector. Attackers try to trick you into revealing sensitive information or clicking malicious links.

​

• Check the Sender: Always verify the sender's email address. Hover over the name to see the actual email address. Be suspicious of generic greetings ("Dear User") or urgent, threatening language.

​

• Examine Links: Before clicking, hover over any link to see the true URL. Does it match where it claims to go? Be especially cautious of shortened URLs. If in doubt, use free online services like https://www.virustotal.com/gui/home/url for checking

​

• Spelling & Grammar: Professional organizations rarely send emails with obvious errors.

​

• Unexpected Requests: Be skeptical of emails asking for personal information, passwords, or urgent financial transactions, even if they appear to be from the university or a known person. If in doubt, contact the alleged sender through a known, official channel (not by replying to the email).

​

• Report Suspicious Emails: If you receive a suspicious email, forward it to our IT security team it_security@nu.edu.kz

Key Information Security Principles:

3. Secure Your Devices - Your personal devices are gateways to your

digital life.

​

• Keep Software Updated: Enable automatic updates for your operating system (Windows, macOS, Linux, iOS, Android), web browsers, and all applications. Updates often include critical security patches.

​

• Antivirus/Anti-Malware Software: Install and regularly update reputable antivirus/anti-malware software on your computer.

​

• Firewall: Ensure your device's firewall is enabled.

​

• Lock Your Devices: Use strong PINs, passcodes, or biometric authentication (fingerprint, face ID) on your phone, tablet, and laptop.

​

• Be Careful on Public Wi-Fi: Public Wi-Fi networks are often unsecured. Avoid accessing sensitive information (banking, online shopping) on public Wi-Fi. Use a Virtual Private Network (VPN) if possible.

​

• Back Up Your Data: Regularly back up your important files to an external hard drive or a cloud service. This protects you against data loss from hardware failure, theft, or ransomware.

​

• Do not download counterfeit software. You can get malware or run into legal issues.

Key Information Security Principles:

4. Think Before You Share Online - What you post online can have lasting consequences.

​

• Privacy Settings: Review and adjust privacy settings on all your social media accounts. Limit who can see your personal information and posts.

​

• Personal Information: Avoid sharing too much personal information (e.g., full birthdate, home address, specific travel plans) publicly.

​

• Location Services: Be mindful of enabling location services on apps, especially social media.

​

• Online Footprint: Remember that anything you post online can potentially be permanent and accessible to others, including future employers or academic institutions.

​

• Collaborating in Google workspace: If you share files with other students, provide access only to the intended group of people with the lowest privileges. For example, if you want them to view your document, but not edit, do not grant editor’s permissions.

Conclusion: Your Role in Security

Information security is a shared responsibility. While the university has robust systems in place, you are the most important line of defense for your own data and for helping keep our entire community secure.

​

By following these best practices – using strong, unique passwords, enabling 2FA, being vigilant about phishing, and securing your devices – you are playing a crucial role in protecting yourself and contributing to a safer digital environment for everyone at the university.

​

Thank you, and have a secure and successful academic year!

​

Remember, for any information security incident or suspicious IT activity, turn to IT security team it_security@nu.edu.kz for help.