Cyber Safe
October is Cybersecurity Awareness Month – a time for all of us in the CCRI community to work together to raise awareness about the importance of cybersecurity.
Cyber Safe
Welcome to CCRI's Cyber Safe Awareness Hub!
In our digitally connected world, cybersecurity isn't just an IT concern—it's a responsibility we all share. Whether you're a student, faculty, or staff member, your actions online impact not just you but the entire CCRI community. That's why we've created this Cyber Safe Awareness Hub, your go-to source for staying informed and skilled in cybersecurity best practices.
Why It Matters:
The Information Security Office (ISO) keeps you updated on the latest cybersecurity threats, secure computing practices, and compliance policies. Your online actions leave an audit trail tied to your identity, making it crucial to protect details like email login credentials. Negligence in these areas doesn't just risk your data; it risks CCRI's data and systems as well.
What You Can Do:
- Visit regularly for up-to-date resources and news.
- Participate in training classes and special events aimed at elevating your cybersecurity knowledge.
- Follow suggested steps to protect yourself and be an active participant in securing our shared digital environment.
We Invite You!
We invite every member of the CCRI community to be a part of this collective effort. After all, a security focused community is a CYBER SAFE community, and we're all in this together.
2024 - October Cyber Security Awareness Month
- Week 1 - Recognize and Report Phishing – Don’t Take the Bait
- Week 2 – Creating Strong Passwords
- Week 3 – Enable Multifactor Authentication ( MFA )
- Week 4 – Secure Software is Updated Software
-
Reference:
U.S. Cybersecurity and Infrastructure Security Agency (CISA). "Secure Our World." CISA. Available at: https://www.cisa.gov/secure-our-world. Accessed 20240925.
Tips & Hints
Spam/Phishing Attempt Examples
Scam Targeting DSS Students as Extra Help
This scam appeared to utilize some sort of AI language model to produce a convincing document that was sent out to DSS students. (See ticket for document) The way it was reported was first by a student to the DSS Director, Allison Robinson, who then forwarded it to the Help Desk.
Scammers Pretending to be Rosemary Costigan
This scam was someone posing as Rosemary. They did this by creating a gmail account using Rosemary’s name while also creating an email handle that sounds official such as [email protected]. Reported to the Help Desk by another staff member at the college.
Scammers Pretending to be a System/HD Notification
This scam was someone pretending to be a system attempting to notify a user. The email handle is typically a long or complicated string of text that might trick a user into thinking its an automated response. For exmaple, this tickets email was from
“New verification - Help Desk Console - Accounts <info=Exchange=Account-806533 =new=notice=96215 =unknow> <[email protected]>”
This could lead the victim to believe it’s a legit email/system so they can click links, provide info, etc.
Scammers Pretending to be Meghan Hughes
In this scam they use an email named after Meghan Hughes, as well as an email handle of “[email protected]” to try and trick a staff member.
Scammers Using Compromised CCRI Accounts
Sometimes scammers get access to CCRI accounts, both student and faculty/staff. From there, the scammers will likely send out spam emails internally to avoid the [External] tag.
These can include job offers, tutoring help, etc. Realistically, any scenario the scammers could potentially obtain sensitive information, bank information, or even direct cash they will attempt to use.
Scammers Pretending to Sell Something
It is very often that we receive spam reports for emails attempting to sell items or services. In this example, someone was posing as a Staff member of the college, emailing users to try selling a piano.
This is a tactic often used to obtain personal contact information and, depending on how far the scam gets, your financial information.
Keep an Eye Out for [External] Tags
Any incoming emails originating outside of CCRI will be marked with an [External] tag at the start of the subject line.
Keep an Eye Out for Quarantined Emails
Microsoft's Quarantined Emails feature automatically isolates potentially harmful or suspicious emails, preventing them from reaching the user's inbox. Users can review and release legitimate emails from the quarantine if needed. However, most of the emails that end up in quarantine are actually spam and can be manually deleted or will be automatically deleted after 30 days.
Weekly Tips
Week 1: Security Culture
Tip - Report any suspicious activity promptly. If you see something unusual, don't hesitate to inform the Help Desk or supervisor.
Tip - Always lock your computer when you step away, even if it's just for a few minutes. Locking your computer helps protect your data and prevents unauthorized access.
Tip - Two-Factor Authentication (2FA) is your friend. This adds an extra layer of security and is a strong deterrent against unauthorized access.
Tip - Use Strong and Unique Passwords, avoid using easily guessable passwords or using
the same password for multiple accounts.
Tip – Don’t be the Weakest Link, Security is only as strong as the weakest link in the chain.
Week 2: Ransomware
Tip - Regularly backup important data to a secondary storage location to prevent data loss in case of a ransomware attack.
Tip - Use a reputable antivirus software to add an extra layer of protection to your devices.
Week 3: Social Media and AI
Tip - Share Information, but Wisely.
Tip - Consider your digital footprint carefully. Anything you post online, even seemingly harmless information, can be used to gather details about you. Be mindful of what you share to protect your privacy.
Tip - Be cautious when accepting friend requests on social media, verify profiles to avoid imposters. Scammers may pose as people close to you to lower your guard.
Week 4: You Can Make a Difference
Tip - Participate in Security Training.
Tip - Regularly Update Your Software.
Tip - Practice good cyber hygiene by keeping your devices and software up to date with the latest security patches.