Refresh your memory on cybersecurity best practices
It's been more than six months since many University operations began working from home. In that time, most of them have found a rhythm and established a routine. But in at least one area – cybersecurity – University Information Technology Services leaders say employees cannot let their guard down.
October is National Cybersecurity Awareness Month, and Rhonda Royse, information technology security program manager for the Information Security Office, says it's a good opportunity to make sure you continue to follow best practices when it comes to protecting your personal and University data.
"While it's easy to say, 'I've been using Zoom for the past six months, I've got this down,' there are always people out there trying to understand how they can get into the system," Royse says. "We can never be complacent with security – especially when we're dealing with the sensitive information we use at the university level."
While employees have had six months to get used to Zoom and other technology designed to make working from home easier, malicious actors have had those same six months to adapt their methods. At the beginning of the pandemic, Royse says, many phishing attempts centered around phony coronavirus-related charity opportunities or offers for COVID-19 testing. Now, many involve fraudulent employment opportunities or someone portraying themselves as a supervisor asking an employee to perform a task.
As part of the effort to keep employees informed about different types of phishing scams, Royse and her team have developed a phishing quiz to help employees spot the difference between a phishing attempt and a legitimate email.
Royse says one of the most important things employees can do is to report phishing attempts and other incidents to the Information Security Office.
"This isn't a shame thing at all," Royse says. "It helps us become more secure as a general campus. We can look at individualized emails and we can block them moving forward if we can understand who is sending them. It's really a community effort."
Here are more of Royse's cybersecurity reminders for University employees.
Follow best practices for Zoom security.
- Don't post links to internal meetings publicly.
- Use meeting passwords for an extra layer of security.
- Adhere to HIPAA privacy guidelines.
- Make sure you're using updated antivirus/antimalware software (Sophos is provided for free for University faculty, staff and students).
- Update your programs when you're notified to do so.
- Use the campus virtual private network to ensure a secure connection from your home computer, laptop or mobile device to the University network.
- Your passwords are your first line of defense against cybercrime. Keep passwords easy to remember, but hard to guess, and don't write them down where others can see them.
- Ensure any Duo authentication requests are from you. Don't approve them if they're not.
- Review your data classification and handling standards, which outline who is allowed to access different types of information and what precautions must be taken to protect against unauthorized access.
More information, including links, resources and the latest phishing alerts, is available on the University's Information Security website.