Body
Cybersecurity Awareness Month
This article compiles all the information and security tips that were sent out for cybersecurity awareness month of October. Following are the topics included:
Introduction
Password Best Practices
Phishing and Ransomware
Open Wi-Fi
Promoting Sound AI Practices
Don't be Spooked by Bad Actors!
Cybersecurity Awareness Month
October is Cybersecurity Awareness Month! Throughout Cybersecurity Awareness Month, YSU delved into a plethora of critical topics to enhance the understanding and preparedness of the campus community. These included exploring the nuances of password security - emphasizing best practices and the assurance that YSU will never solicit your password. Furthermore, we dissected the techniques and dangers of Phishing, shined a light on the mysteries of the dark web, and equipped individuals with the necessary steps to navigate a data breach effectively.
Moreover, the initiative shed light on mobile security by outlining best practices such as managing app permissions, staying updated on software patches, and exercising caution when connecting to public Wi-Fi networks. Lastly, it explored the secure distribution of information through encryption using tools like OneDrive or Microsoft Teams.
Password Best Practices
The most critical component to protecting your account is creating a strong password. Creating a strong password makes it difficult for bad actors to gain unauthorized access to your account and associated personal information.
Here is a video to show importance of strong password:
|
Here are some helpful considerations regarding passwords:
|
- Avoid using significant life attributes in your password. For example, names of significant others, parents, or children.
- Avoid using significant dates such as birthdays or anniversaries.
- Use a combination of numbers, upper and lowercase letters, and special characters.
- Try not to use the same password for multiple systems. You can create variations of your favorite passwords by adding additional numbers, rotating upper and lowercase letters, adding additional special characters, or changing the order of characters in your password.
- Please remember that YSU faculty or staff will never ask you for your password, so keep it safe and store it in a secure place like a trusted password manager. NEVER share your YSU password with anyone.
|
Phishing and Ransomware
New attempts are made each day to steal your private information and passwords. To combat this, it’s often best to take everything you receive in email, phone, and text with a grain of salt. If it seems too good to be true, its often too good to be true.
To report phishing attempts, you can use the ‘Report Phish’ button to report any phishing attempts directly within your Outlook client. The PhishAlarm® phishing button empowers users to report phishing emails and other suspicious messages with one mouse click, and PhishAlarm® Analyzer helps our YSU response teams identify the most pressing threats with Abnormal threat intelligence.
Here are detailed instructions on how to use this function.
Here is a link to video showcasing phising and ransomeware attack :
To avoid ransomware attacks, it is best to not open any unknown links or attachments that you receive in email or any other online communication. Ransomware can be hidden in Word documents and other executable files, so be careful opening anything from a non-trusted sender on YSU devices.
|
Here are some helpful considerations:
|
- YSU nor any reputable organization will ever ask you for your password. This includes asking by phone!
- Any personal identifiable information (PII) would be collected by official university forms or documents. YSU nor any organization would collect this information using an unsecured platform such as email.
- If you are ever in doubt, do not open suspicious email messages or links. Learn how to identify if an email is fraudulent.
- If you receive an email that appears to be from someone you know, but you are unsure, pick up the phone and call the individual or organization that sent you the email. At YSU, when in doubt, it is best to call the IT Service Desk at 330-941-1595.
- Free is not always good. Look carefully at information you need to provide before downloading software or signing up for a "free" service. If something sounds too good to be true, it probably is!
|
Open Wi-Fi
Working and studying remotely has become popular in the last decade. Wi-Fi often outperforms mobile networks including 5G and 4G LTE, so many users connect to Wi-Fi when possible, even from their smartphones. This can be at a coffee shop, hotel, airport, or your favorite restaurant
Here is a video showcasing use open Wi-Fi and its vulnerability:
Keep in mind that free, open, unsecured Wi-Fi is not a safe way to connect online. Bad actors can setup fake networks in an attempt to steal your information. Additionally, even if the place of business advertises the use of their Wi-Fi, there may be little to no protection of data transfer over that network.
|
Here are some helpful considerations:
|
- Confirm that you are connecting to the correct network. You can ask a representative which network is correct if it's not clear in the list of available networks. Bad actors will often setup Wi-Fi networks that use similar names or descriptions of the organization.
- Carefully read terms and conditions before connecting to a provided Wi-Fi network. Many organizations will have a guest portal available for customer access. Often, these portals will be configured with a welcome page containing information you must acknowledge before receiving network access. This often frees the organization of any liability regarding data compromise or damage to your device/computer.
- Use vigilance when shopping online, accessing accounts that contain personal data (including your YSU Account) or access your bank account over these networks.
- Make sure any antivirus software and firewalls are enabled and up to date.
|
Promoting Sound AI Practices
Artificial intelligence (AI) is gaining immense popularity across the globe, serving as a significant tool for information gathering, problem-solving, and fostering innovative ideas. However, like all technology available online, it comes with its own set of cybersecurity challenges. It is essential to engage with AI responsibly, particularly concerning the information you share (notably sensitive data), the accuracy of the outputs it generates, and safeguarding the integrity of your information and intellectual property.
Don't be Spooked by Bad Actors!
|
As we continue to embrace the spirit of October and Cybersecurity Awareness Month, we turn our attention to a spine-chilling topic: Bad Actors.
Beware of Bad Actors! These malicious individuals thrive on trickery and deception, utilizing social engineering tactics to snatch your personal information right from under your nose.
How to Identify Them:
|
- Phishing Emails: Keep an eye out for unsolicited messages requesting sensitive information. Sometimes, the email looks to have been sent from someone you know, your employer, or an organization you are involved in. They often appear legitimate but may contain strange language, fake threats, or urgent calls to action.
- Unusual Requests: Be cautious of unexpected communications asking for personal data or credentials, especially if they create a sense of urgency.
- Suspicious Links: Avoid clicking on links from unknown sources, as they may lead to fake websites designed to harvest your information. Bad Actors often setup fake websites, mimicking reputable websites such as shopping sites or digital forms to collect data, only to be harvested for malicious intent.
|
- Verify Requests: Always check with the source before providing any information.
- Use Strong Passwords: Strengthen your defenses with complex passwords and change them regularly.
- Enable Two-Factor Authentication: YSU employs two-factor authentication to help protect your account for unauthorized logins. Use Two-Factor Authentication on all of your accounts, if available, to add an extra layer of security to your accounts to deter unwanted access.
|
|
Vigilance to the tactics of Bad Actors will help minimize your chances of becoming a victim.
If you ever suspect your account has been compromised, please contact the IT Service Desk at 330-941-1595.
|