October is Cybersecurity Awareness Month and an important time to educate the University community about ways to remain safe from online threats. The Information Security Office is providing tips and resources to raise awareness of information security best practices and help you protect your personal information. Use these resources to know exactly what to do and how to report a potential cyberattack.
Most breaches are a result of "hacking humans". Humans can be the weakest or strongest line of defense, depending on training and situational awareness. During October, we are asking community members to take four simple actions: Stop. Look. Think -- and then Act.
The University's annual mandatory information security awareness training (available in EDGE Learning) includes the latest information about social engineering and spear-phishing attacks at the University, ways to recognize and thwart these attacks, and actions to take if your personal information has been compromised. All faculty, staff, graduate assistants, student workers, and Designated Campus Colleagues (DCCs) with access to University Information Resources are required to complete security awareness training. Log in to EDGE Learning to ensure your information security training is current.
Follow these important Information Security tips:
- Install trusted anti-malware software on all your devices (computers, smartphones, tablets).
- Choose passwords that are long, unique, and complex.
- Do not click links, open attachments, or respond to emails with urgent or unusual requests, such as purchasing a gift card. Contact the alleged sender via an alternate form of communication (e.g., phone call) to verify if the request is legitimate.
- Regularly update your devices and software to get the latest security patches. If possible, enable automatic updates.
- Limit what you share online, especially on social media, and be careful when granting app permissions (e.g., allowing apps to use your location unless it is absolutely necessary).
- Do not approve unsolicited "push" notifications to your phone or other devices. If you receive an unsolicited push notification request, change your password immediately.
- Report a suspicious email by forwarding it to firstname.lastname@example.org. Check the ISO Phishing Alerts page for recently reported phishing emails.