• Be Cyber Smart

     

  • Fight The Phish

     

  • Social Media Never Click and Tell

     

  • Think Before You Click
     

Winter Guide to staying Cybersafe

As we enter finals week and approach the holiday season it is important to remember to Be Cyber Smart and Think Before You Click. Bad actors are intensifying their efforts to trick unsuspecting users into scams that can steal your credentials, inject malware onto devices, or obtain credit card information by falsely selling products.  Most recently, they have started using the COVID-19 Omnicron variant, and false DUO alerts as a lure to trick you. Higher education institutions are often targeted especially during this stressful time of year when users are focused on finals, projects and holiday shopping and less likely to spot a scam.

Things to consider to navigate the season safely and securely:

Think before you click. If an email looks suspicious or an offer looks too good to be true, it probably is.
Learn how to Report suspicious emails

Don’t fall for fake delivery notifications or text messages.
Learn how to deny a fraudulent Duo Request

Be careful about the apps you download and verify that the publisher is trusted. When ordering online, use trusted sites with https:// in the url and also monitor your bank account and card activity.
understand current global cybersecurity threats

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. West Chester University Information Services & Technology (IS&T) is once again participating in the National Cybersecurity Awareness Month program run by the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security to create awareness about cyber security. This year’s awareness theme is “Do Your Part. #BeCyberSmart.” Each week in October, we will provide information and tips from IS&T and leading Cybersecurity organizations on protecting yourself online. Our goal is to help you make the most of today’s technology…safely and securely.

Cybersecurity Awareness Month encourages everyone to take increased ownership of enhanced online activity and the important security practices that come along with it. The virtual safety of our community, and, ultimately, our nation, depends on our personal online safety practices.

Cybersecurity is important to West Chester University and we are committed to helping our faculty, staff and students become more resilient.

Throughout October you will learn how to:

Be Cyber Smart

Stay Protected While Connected. Take simple actions to keep our digital lives secure, explore the fundamentals of  cybersecurity, learn how to better secure your digital lives and improve the security of your devices. #CyberMonth #Cybersecurity #InfoSec #InformationSecurity #Cybersecurity #StopThinkConnect 

View Week 1 Message 

Fight the Phish

Play hard to get with strangers. Learn how to spot phishing attempts. Phishing can often lead to vulnerabilities that can result in ransomware or other types of malware. #FightThePhish #Phishing #Ransomware #BeCyberSmart #CyberMonth

View Week 2 Message

Social Media Cybersecurity Tips

Never Click and Tell. Limit what you share on social media. Those fun quizzes could be designed to steal your personal information. #NeverClickAndTell #BeCyberSmart #CyberMonth

Social Media Cybersecurity

View Week 3 Message

Think Cybersecurity First

Cybersecurity is a year-round effort and staying safe online is increasingly important as our world continues to operate virtually for so much of work and play. #BeCyberSmart #CybersecurityFirst #CyberMonth #Cybersecurity #InfoSec #InformationSecurity #Cybersecurity #StopThinkConnect

View Week 4 Message

Additional Resources

We should all approach cybersecurity with care in owning, securing, and protecting all our online accounts, data and information. West Chester University offers these resources that you can utilize to keep yourself safe online:

*National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) content is copyrighted and reproduced under the Creative Commons BY-NC-ND 3.0 or Creative Commons BY-NC-ND 4.0 license.

 

 

Training Materials

KnowBe4 User Awareness Training for Faculty & Staff
This is an offering for all faculty and staff. It involves taking a 15 minute online webinar that teaches you the basics of information security and privacy. KnowBe4 is a Security Awareness platform that was originally started by famed hacker, Kevin Mitnick. WCU Employees can get to KnowBe4 by going to https://training.knowbe4.com/ui/login and login with your WCU credentials.

Click for video

Self-Paced Training for Students
Information Services & Technology teams worked with the Office of Digital Learning and Innovation ( ODLI ) to put together a short security awareness class for students on D2L in a site called Navigating Digital Learning. The focus of the training currently is around Phishing Emails.

 

Information Security Tools @WCU

WCU has various methods of offering Information Security and Privacy programs. Information Security can only be achieved with lots of layers (like an onion.) One of those layers is the concept we sometimes call the "Human Firewall." Many times this is the first layer that protects the confidentiality, integrity and availability of data and IT services. This means YOU. However, in order to make that achievable, WCU has provided a few services and educational opportunities to assist you.

Carbon Black

Carbon Black is an Endpoint Detection and Response (EDR) system that detects suspicious activity, uncovering attackers’ behavior patterns and empowering IS&T to detect and stop emerging attacks. As part of a multi-pronged approach to enhance endpoint security monitoring, all university owned laptops and desktops now require an application called Carbon Black.

DUO Multi-Factor Authentication

As many of you have now experienced WCU rolled out Multi-Factor Authentication using Duo technology for many of the applications and services you use on campus. The primary goal for this is to protect your digital identity from being compromised even if your password is exposed to bad actors. Currently, 89-% of all faculty and staff have enrolled into Duo. Students will start the onboarding process this fall as well.

Mimecast Email Security Gateway

We have subscribed to a new email filtering service called MimeCast. This service sits between you and your WCU email account. Mimecast is designed to help protect your account from Unsolicited Email (Spam), Phishing Attempts and Malware. Last Month, 21% of inbound email was rejected by MimeCast. 66% was for email from known bad servers and 7% of those messages was for Spam.

PhishBowl

If you receive a suspicious email, you can visit The Phish Bowl to view a list of latest phishing attempts.  If the email is posted, then the email has already been reported, and you can simply delete the email. How to Spot and report a Phish or Spam email.

Phishing Red Flags:
For your safety and security, please consider the following red flags if you receive a job via email that is not coming from Handshake, or from a professor, student, or staff member at the university that you know and trust.  

  • Is a personal assistant job, or a job where the employer is not named
  • Comes from an email address that doesn’t match the company’s name
  • Does not provide information, such as the title of the person sending the email, the employer’s address or phone number, etc. 
  • Offers to pay a large amount of money for not much work
  • Offers you the job without interviewing you
  • Asks you to pay an application fee or some other fee as a condition of starting employment
  • Wants you to transfer money from one account to another, by wire service, courier or other means, or deposit a check that they send you
  • Requests your bank account or credit card information  

Remember:
No legitimate employer will send payment in advance and ask you to send a portion of it back to them. These jobs are often posted as a personal assistant or administrative assistant and ask for assistance in depositing checks or doing mystery shopping. These checks are fraudulent and can end up costing you hundreds of dollars. 

WCU Career Center - Fridays with Frans, Avoid Job Scams

 

 

 

 

 

 

 

 

 

 

 

 

Back to top of page.