Cybersecurity for students

Cybersecurity tips for college students

As you head to campus, cybersecurity is probably the last thing on your mind. But as a college student, you’re a prime target for hackers. A clean credit report, constant internet connection, and multiple social media channels are lucrative opportunities for cyberthieves.

By using good cybersecurity practices, you can spend more time being a student and less time on the phone with your college’s IT department — or worse, your credit card company. Use these tips and strategies from Grinnell Mutual’s Information Security engineers, Zach Monaghan and Bryce Williams, to help protect your data, identity, and finances.

Lock it up

Physically lock up any digital devices or documents with your personal information. This can include your full name, Social Security number, birthdate, phone number, and/or address. Laptop locks and security boxes can help protect laptops, tablets, USBs, and external hard drives.

Keep it in sight

Keep it with you, keep it in your sight, or where it can’t be easily picked up and taken away,” says Monaghan. Even if you’re stepping away to go to the bathroom, have a friend watch it or just take it with you.

Register and track devices

As a college student, you’re constantly on the move between classes, study spots, and side jobs. By registering your devices with campus police, it will be easier and faster if you need to report a missing device. You can also enable tools such as “Find my iPhone” to track down your gadgets.

Choose a strong password

According to the UK’s National Cyber Security Centre, the most common password of 2018 was “123456.” While this may sound silly, for hackers, passwords like these are basically a free pass to do whatever they want with your data. Always use best practices for password creation.

In addition, do not reuse passwords across sites. “You can have a strong password, but it won’t matter if it’s hacked from one site,” Monaghan said.

For mobile phones, Williams recommends using a six-digit PIN or an actual alphanumeric password if possible.


A great rule of thumb is to always use “HTTPS” sites over “HTTP” sites whenever possible. “HTTPS” sites are considered “secure,” which is what the “s” stands for. That means your connection to the website, and any occurring transactions, are encrypted from hackers.

Spotting the difference is easy. Simply look at your browser’s address bar, and if you see a lock, a green checkmark, or “HTTPS,” it’s secured. If it’s not, it will say “Not secure.”

Check links

Want to check out a link before you even click on it? Free sources like Link Checker and CheckShortURL are great resources to help you decide what to click. Try Quad9 to see or block risky websites.

Always review suspicious links before you click on them. Red flags include links that have been shortened by a generator like, have strange characters, or came from an unsolicited sender.

Check emails for authenticity

One of the most common methods hackers use to get your information is through fake emails. Unfortunately, even the most careful person can be duped into clicking a bad email link.

Here are a couple of ways you can tell if an email is fake or malicious:

  • Look at the name of the sender. If you’re getting an email from, say, your university’s president, the email should come from, or have the same domain name (the name after “@”) as your university email address. The name and the domain name should match, too. If the email says it’s from the president but is signed as “Vice President,” then those are signs something is amiss.
  • Check the contents. Monaghan advises being thorough. “See if it looks like something that person would send you. Does the text make sense? Have you discussed it in person? What are they asking for?”
  • Don’t overreact. If an email is sent to you threatening to share your private information, such as photos you really don’t want mom or dad to see, don’t jump to conclusions immediately. More likely than not, a scammer is using the possibility of you overreacting and clicking on things, thus giving them your private information needlessly.
  • Analyze the grammar. Many of these email scams come from non-native English speakers, so their grammar and spelling may not be the best.
  • Scan attachments. Do not open Word documents or PDFs if they seem even remotely questionable. In addition, Monaghan says never enable a document’s macros, because your computer may get infected.

Be careful of public Wi-Fi

College students often use the free Wi-Fi found in their favorite campus coffeeshops or study areas. If you’re accessing free internet in a public space, know that your internet connection could possibly be vulnerable to hackers.

To protect yourself, make sure the Wi-Fi you’re accessing is the real one provided by the business or building, and not a “spoofed” signal, a fraudulent account made to look real. “It’s easy for hackers to set up fake Wi-Fi that looks like the real thing,” Williams says. Instead, he suggests using your own personal hotspot to connect your devices to the internet.

Log out of public devices

Sometimes, you just need something bigger than your laptop screen. When using a university computer, always make sure to log out of all your accounts. And always lock the computer before stepping way, even for a moment.


In the midst of new roommates and way-too-soon midterms, don’t let your insurance fall on the wayside.

Insurance tips for students