University of Chicago Cybersecurity Awareness Month

Cybersecurity awareness month logo

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet. 

Source: National Cybersecurity Alliance

 

What is Cybersecurity Awareness Month?

Cybersecurity Awareness Month – observed every October – is a government and private sector partnership that raises awareness about cybersecurity and best practices for preventing cyberattacks and the spread of malware. Cyberattacks can result in serious problems for the University and its faculty, such as the alteration and misrepresentation of faculty data, the loss of private information the University is legally bound to protect, or a massive shutdown of the University’s online operations.

The University of Chicago joined more than 1,700 other organizations by committing to support this campaign as a Cybersecurity Awareness Month Champion. As part of that effort, the Information Security team will share weekly blog posts that include helpful and interesting facts and recommendations selected to keep members of the University community informed about the latest security concerns and empowered to do their parts to keep themselves and the University safe.

2024 Focus

Now in its 21st year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance (NCSA)  and the Cybersecurity and Infrastructure Security Agency (CISA) with the overarching theme for 2024:

“Secure Our World”

This year, we are focusing on four key behaviors instead of weekly themes:

Events & Activities

The theme for Cybersecurity Awareness Month 2024 is “Secure Our World”. Launched in 2023, Secure Our World empowers everyone to understand the simple ways to protect the University, you, and your family from online threats. We’re increasingly connected through digital tools and more of our sensitive information is online. This convenience comes with risks. Each of us has a part to play in keeping ourselves and others safe. It’s easy to do and takes less time than you think.

Join us for exciting events and activities that will test your cybersecurity and reinforce secure behaviors that you can use in your daily lives.

2024 Cybersecurity Awareness Tech Talks

Tech Talk Tuesdays

When you register and attend the full webinar, your chance to win a Cybersecurity Awareness care package increases.

Help Chip Secure his password

Digital Escape Room

Help Chip get out of a tough spot and teach this young bot how to stay safe online (log in required).

Custom Wordle Game

Cybersecurity Terms Wordle

Can you solve this week’s cybersecurity-themed Wordle puzzle in 6 attempts?

Paper Destruction Event

October 29 – 30
9:00 a.m. – 3:00 p.m.
Location TBD
Open to the University of Chicago Community!
Sponsored by the Biological Sciences Division

Level Up your cybersecurity game

Level Up Your Cybergame Trivia Gameshow

Be a part of the team that helps UChicago take home the W. Register (via Zoom) to play!

Cybersecurity Awareness Month Videos

CAM Faculty Spotlight: Harold Pollack

Harold Pollack, PhD, Co-Director of the Health Lab and Helen Ross Professor, Crown Family School of Social Work, Policy, and Practice

Professor Harold Pollack on securing passwords with Provost Katherine Baicker

Harold Pollock's Guide to Basic Computer Security Practices

 

Cybersecurity Awareness Month 2024 Blog Posts

MFA Fatigue (aka MFA Exhaustion) Explained

The average smartphone user in the US receives more than 46 notifications on their mobile device per day. That’s almost two notifications an hour. Every half hour, the user needs to break away from what he is doing at the moment to look at the phone. Cyber criminals make good use of this fact, knowing that there is a good chance that the victim will unknowingly agree to something they shouldn’t.

Stop! This is a sure sign that something is wrong and your account is most likely compromised. Remember, if you didn’t expect it, don’t accept it. Contact your local IT department or email security@uchicago.edu immediately.

Read more about MFA Fatigue and what you should do.

Job Fraud Threats Targeting Our Students

A common misconception about cyber attackers is that they use only highly advanced tools and techniques to hack into peoples’ computers, accounts, lives. Cyber attackers have learned that the easiest ways to steal your information, hack your accounts, or infect your systems is by simply tricking you into doing it for them using a technique called social engineering. Gone are the days of the hacker sitting at their keyboard hammering out lines of code to gain access to data.

Phishing emails are targeting colleges and universities using free resources found on the Internet, such as Google forms. These threats disproportionately impact students. Many of these phishing emails are designed to entice students with an easy, work-from-home job.

Learn how to detect a fraudulent job offer and how to report it.

New Sextortion Emails Meant to Motivate You to Act

A new twist on an old scam. Scammers are diligently working to make their phishing emails more convincing. I often imagine them holding brainstorming sessions on how to raise their scams to the next level. In addition to using leaked data from breaches, these scammers also use information designed to be helpful to everyone, such as Google maps and street views, to add a personal touch to their emails.

Learn more about Sextortion and how to report it.

QR Code Phishing (aka Quishing) Explained

This blog post is part of a monthly series exploring the ever-evolving tactics of today’s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain—reconnaissance and initial compromise—in the context of email threats.

The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today’s dynamic threat landscape. – Tim Bedard and Tyler Johnson, Proofpoint. Read more about reconnaissance and initial compromise.

Find samples of Quishing emails.

Securing Your Digital Life with Multi- Factor Authentication

It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminal to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security. Read more about the benefits of enabling MFA.

Here’s Why You Shouldn’t Feel Intimidated About Exploring a Career in Cybersecurity

Are you intrigued by the idea of pursuing a career in cybersecurity but find the IT landscape overwhelming? If so, you’re not alone! Many people in the IT or cybersecurity field didn’t start with a degree in those areas or follow a traditional path. As concern about cybersecurity grows, so does the demand for cybersecurity professionals.

Get more information and resources that can help you as you explore a career in Cybersecurity.

Where's My Report Phish Button?
IT Services has implemented an easier way to report suspicious emails from your University Outlook or Gmail inbox. This feature, called Report Phish, allows you to report phishing or other suspicious emails with the click of a button. The Report Phish button will gather a complete copy of the reported email for automated analysis and send to the Information Security team for further action in stopping a potential phishing attack.
 
Learn How to Refuse the Phishing Bait

Whether a large-scale onslaught or a smaller, more targeted campaign, all successful phishing and email-based ransomware attacks are disruptive and damaging on some level. And the simple reality is that they rely on human error; in order for cyberattacks to succeed, someone, somewhere, needs to take the bait.

It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home. Here are simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails.

Managing your Passwords and PINs

Protect your passwords and PINs like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.

Password managers will help you store your passwords and PINs safely. This tool lets you create strong, unique passwords for each account without having to remember all of them. Think of a password manager like a digital safe. It securely stores and manages usernames, passwords, and PINs for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember.

Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely. Read the full blog post here.

Blog Archive

5 Ways to Outsmart a Social Engineer - Oct 4, 2021
The 2021 Verizon Data Breach Investigations Report (DBIR) draws on 29,207 incidents investigated in 2020, over 5,200 of which were confirmed breaches. Social engineering and basic web application attacks caused the majority of data breaches. Among these breaches, a whopping 85% were attributed to a “human element.” Learn how to identify commonly used social engineering tactics and stop cybercriminals in their tracks. Read the full blog post.
Cybersecurity Career Awareness Week - Oct 19, 2021
The University of Chicago is joining NIST and other organizations in promoting the exploration of information security career paths during Cybersecurity Career Awareness Week (October 18-23, 2021). This week-long campaign during Cybersecurity Awareness Month is an opportunity to inspire, engage, and inform everyone about the career options available within the field of information security. Read the full blog post.
Protecting Yourself Against Ransomware Attacks - Oct 11, 2021
Ransomware attacks are not only affecting businesses; colleges and universities are also prime targets for attacks. Surprisingly, education is the most affected sector for malware attacks when compared to other industries like business and professional services, retail and consumer goods, and high tech. Learn what you should do to protect yourself. Read the full blog post.