CYBER SECURITY AWARENESS MONTH
WEEK FOUR:
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Each week in October, we will provide information and tips from IST and leading cybersecurity organizations on protecting yourself online. Our goal is to help you make the most of today's technology…safely and securely.
Cybersecurity is the art of protecting networks, devices, and data from unlawful access or criminal use. Today, much of your personal information is stored either on your computer, smartphone, tablet, other smart devices, etc. Knowing how to protect your digital devices is important not just for individuals, but for organizations, as well.
The (CISA) Cybersecurity & Infrastructure Agency’s campaign for 2022 has been, “See Yourself in Cyber” while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. Your security and the security of the university depends on making responsible online decisions. Making the internet safe and secure requires all of us to take responsibility for our own cybersecurity behavior.
Top 5 Cyber Hygiene Best Practices:
- Think Before You Click: Recognize and Report Phishing: If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware. Inspect hyperlinks in emails. Hover over links to verify their source. When making a transaction, ensure that URLs begin with “https.” The added “s” indicates encryption is enabled to protect users’ information.
- Use Strong Passwords: Creating strong passwords is vital to cybersecurity. Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Protect your personal information: If people have key details from your life, your job title, birth date, and full name, which you may have shared online, they can attempt a phishing attack on you. Cybercriminals will also try to manipulate you into skipping normal security protocols.
- Backup your data: Routinely backup data on all computers, and make sure that the backup is stored offline. Backup all data including documents, databases, spreadsheets, financial files, etc.
- Use anti-virus software and keep it up to date: This is an important protective measure against cybercriminals and malicious threats. If you see a software update notification, act promptly.
Visit the IT Security Awareness website for more information.
#CyberSecurityAwareness #CybersecurityAwarenessMonth #CyberSecMonth
WEEK THREE: IDENTIFYING PHISHING ATTEMPTS
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Each week in October, we will provide information and tips from IST and leading cybersecurity organizations on protecting yourself online. Our goal is to help you make the most of today's technology…safely and securely.
Think Before You Click
Phishing is when criminals use fake emails to lure you into opening them, clicking malicious links and handing over your personal information or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for.
Know the Signs of a Phish
- The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:
- Contains an offer that’s too good to be true (Such as high paying job offers)
- Language that’s urgent, alarming, or threatening
- Poorly-crafted writing with misspellings, and bad grammar
- Greetings that are ambiguous or very generic
- Requests to send personal information
- Urgency to click on an unfamiliar hyperlinks or attachment
- Strange or abrupt business requests
- Sending e-mail address doesn’t match the company it’s coming from
- You can also visit the IS&T Phish Bowl to see a list of recent Phishing attempts.
Reporting a Phish
If you recognize a phishing email that has made it to your inbox, do your part to
keep WCU #Cyberaware and forward the message to the IS&T Help Desk (helpdesk@wcupa.edu)
or click on Report button if available on your toolbar.
WEEK TWO - PASSWORDS AND MULTI-FACTOR AUTHENTICATION
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. Each week in October, we will provide information and tips from IST and leading cybersecurity organizations on protecting yourself online. Our goal is to help you make the most of today's technology…safely and securely.
Choosing a Strong Password: Password guidelines have evolved over the years, as have the major points that make a strong password and strong password practices. While unique configurations of characters and complex combinations of letters, numbers and symbols remain useful to make a strong password, the most important aspects of password creation are now length (preferably 12 - 16 characters at a minimum) and NEVER re-using a password on multiple sites, services or accounts. The National Cybersecurity Alliance (NCA) provides guidance on creating strong passwords.
Learn More:
https://staysafeonline.org/online-safety-privacy-basics/passwords-securing-accounts/
Understanding Multi-Factor Authentication (MFA): By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you are you, like accessing an authenticator app, entering a PIN code, or texting a code to your mobile device. In some cases, a secure token, which is a separate piece of hardware (like a key fob that holds information) can also be used to verify a person’s identity.
Deny a Duo login approval request if you did not initiate it. Imagine you are getting coffee with friends and you receive a Duo Multifactor authentication request on your phone. You suspect that it is fraudulent because you are not trying to log into any systems or accounts. What should you do? You should deny the request.
WEEK ONE - CYBERSECURITY AWARENESS TRAINING
October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. West Chester University Information Services and Technology (IS&T) is once again participating in the Cybersecurity Awareness Month program run by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security to create awareness about cybersecurity.
Each week in October, we will provide information and tips from IST and leading cybersecurity organizations on protecting yourself online. Our goal is to help you make the most of today's technology…safely and securely.
According to a report from Inside Higher Ed, 74% of ransomware attacks are successful. Along with regularly updated resources, such as the IS&T Phish Bowl and topical KB articles, IS&T provides annual security awareness training to comply with U.S. Department of Education GBLA requirements and mandates recently passed by PASSHE Executive Leadership Group.
Effectiveness of Cybersecurity Awareness Training: Training is not just about compliance, a recent report from Cofense (formerly PhishMe) found that users who have completed a security awareness training program are far more likely to report a suspicious email than those who have not. Their study also found that 82% of trained users reported a simulated phish within an hour of receiving it, 52% reported it within 5 minutes, and 19% within 30 seconds. https://expertinsights.com/insights/50-phishing-stats-you-should-know/
Awareness Training Simulated Phishing Exercises at WCU: Cybersecurity Awareness Training campaigns will continue to be a cornerstone of the Cybersecurity Defense Plan for West Chester University, including the utilization of simulated phishing campaigns. Annual security awareness training will be provided each Spring through KnowBe4 to faculty and staff, while cybersecurity education for students is actively being conducted through a D2L Module, Student Cybersecurity Awareness in Navigating Digital Learning.
Simulated Phishing Exercises are low-consequence methods of introducing users to email phishing scams without the negative impact of falling victim to a true malicious phishing campaign. The objective is to educate users on how to identify the common signs of a malicious message. These exercises will also serve as a gage to the preparedness of the campus community and effectiveness of our own awareness training campaigns.
#CyberSecurityAwareness #CybersecurityAwarenessMonth #CyberSecMonth