Happy New Year, Panthers!

As the Chief Information Security Officer (CISO) here at Chapman University, January is a great time to refresh the habits that keep our community safe online. I’m guessing most of you are not like me and didn’t make any New Year’s cybersecurity resolutions. No worries, I made some for you. To kick off 2026, here are practical New Year’s Cybersecurity Resolutions you can adopt today—at work, in class, and at home.

1) Use strong, unique passphrases everywhere

Make your passwords long (three to five random words, each at least 12 characters) and unique for each account. Avoid reusing passwords across services. Use a password manager and not your browser’s password manager. Use passkeys whenever they are available. Lock your computer whenever you step away, even “just for a minute.” These simple practices are among the most effective safeguards.

2) Keep devices up to date

Enable automatic updates for your operating system, browsers, and apps. Patching closes known vulnerabilities before attackers can exploit them. Do this for your laptop, tablets, and mobile phones. This is a standing best practice.

3) Turn on Multi‑Factor Authentication (MFA)

Wherever MFA is available, use it. A second verification step (e.g., an app prompt) dramatically reduces account‑takeover risk and is strongly recommended across our Chapman InfoSec’s guidance. Biometrics, such as fingerprints, are even better. Enable them whenever you can. 

4) Exercise caution whenever you share content or use screen-sharing features

Check that no sensitive data (passwords, PII, HR/health info) is visible before you present or record. Use privacy filters for public spaces and mask sensitive details in screenshots.

5) Use encrypted networks—and VPN off campus

Avoid open Wi‑Fi. When traveling or working remotely, connect through VPN to encrypt traffic and protect University data.

6) Share data only through Chapman‑approved apps

When collaborating, use approved cloud tools and set expiration dates on external sharing links. For guidance, see the University’s Cloud Storage page.

7) Recognize and report phishing fast

Look for mismatched links, urgent requests, and unexpected attachments. Use Microsoft “Report a phish” in Outlook/Teams, or forward suspected messages to abuse@chapman.edu. You can also explore common scam types at chapman.edu/scams.

8) Know how and where to report incidents

If you suspect a security incident (lost device, misdirected email, suspicious login, data exposure), notify the Information Security Office immediately at infosec@chapman.edu. Early reporting helps us contain risk and protect the community.

Why this matters

Cybersecurity requires teamwork. The University’s Information Security Program outlines our shared responsibilities, and everyday habits such as locking your screen, patching software, using MFA, and reporting issues are essential.

Treat cybersecurity like self-care: stay alert, enable MFA, and avoid suspicious links. You don’t want to start the year dealing with a security incident!

Here’s to a safer, stronger, and more cyber‑secure 2026 – and remember: friends don’t let friends reuse passwords.


Stay safe, stay vigilant!
Keith Barros
Chief Information Security Officer (CISO)