October is National Cybersecurity Awareness Month.
The Information Technology Department provides students, faculty and staff with a variety of tools to stay cyber secure. Throughout October, we will be sharing more cybersecurity articles, tips and best practices to help increase awareness of attacks and preventive measures we can all take to stay cyber secure.
Cybersecurity 101
First, what does it mean to be “cyber secure”? There are a lot of definitions, but IBM defines cybersecurity as the practice of protecting critical systems and sensitive information from digital attacks.
Cybersecurity is not just something for skilled personnel to facilitate, but is something for which we are all responsible, whether it is in relation to personal or University data. And while the concept sounds complex, there are a few simple things you can do to protect your sensitive information.
Cybersecurity Tips To follow
- Do not share sensitive data with others, especially over email. Use your NEOMED OneDrive account to share files and information with others that have legitimate need to know.
- Back up your devices regularly. Again, use OneDrive! With OneDrive, your information is securely backed up to the cloud.
- Do not share passwords. NEOMED IT or Help Desk personnel will never ask you for your password.
- Use unique passwords with 14 or more characters, numbers and special characters for your University and personal accounts.
- Use multi-factor authentication for all online accounts that support it. Check your account settings, often under ‘Security’ or ‘Passwords’, to see if that option is available for you to enable.
- Do not click on links or open email attachments from sources you do not trust. When in doubt, contact the individual through a different means (i.e., phone, other email) to verify the request.
Phishing – ‘The Easy Button’
Chances are you have heard the term “phishing attacks” before. In case you’d like a refresher, phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to manipulate people into downloading malware, sharing sensitive information (e.g., Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose you or the University to significant risk.
Bad actors use these tactics because it’s easier and less expensive to trick people than it is to hack into a computer or network.
How to Report Phishing at NEOMED
NEOMED’s IT Security Team can prevent most of the phishing and spam messages from ever reaching your inbox; however, some messages still make their way through.
If you ever receive a phishing email, the quickest way to report it is to use the “Report Message” button in Outlook. Using this built-in tool will train your inbox to better recognize junk and phishing emails. If you suspect a message to be phishing, under the “Home” or “Message” tabs in Outlook, you can click the “Report Message” button and select “Phishing” from the drop-down menu.
Alternatively, you can forward a phishing email to itsecurity@neomed.edu.
Regardless of the method, the sooner you report a suspected phishing email, the sooner NEOMED IT Security personnel can act on it. There are no consequences to reporting a suspicious email that ends up being a legitimate request – when in doubt, report it!
We sincerely appreciate your vigilance in keeping the University safe and secure! Stay tuned to The Pulse for more articles, tips and best practices – we’ll have some interesting information to share soon regarding the most prevalent phishing attacks we’ve seen at the University.
-- Submitted by Jonathan Wagner, jwagner@neomed.edu