University of Chicago Cybersecurity Awareness Month
The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.
Source: National Cybersecurity Alliance
Join Us For These Upcoming Events
(Click to image to see the lineup)
What is Cybersecurity Awareness Month?
Cybersecurity Awareness Month – observed every October – is a government and private sector partnership that raises awareness about cybersecurity and best practices for preventing cyberattacks and the spread of malware. Cyberattacks can result in serious problems for the University and its faculty, such as the alteration and misrepresentation of faculty data, the loss of private information the University is legally bound to protect, or a massive shutdown of the University’s online operations.
The University of Chicago joined more than 1,700 other organizations by committing to support this campaign as a Cybersecurity Awareness Month Champion. As part of that effort, the Information Security team will share weekly blog posts that include helpful and interesting facts and recommendations selected to keep members of the University community informed about the latest security concerns and empowered to do their parts to keep themselves and the University safe.
Cybersecurity Awareness Month 2023’s Focus
Now in its 20th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) with the overarching theme for 2023:
“See Yourself in Cyber”
This year, we are focusing on four key behaviors instead of weekly themes:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software, apply security updates often
- Recognizing and reporting phishing
New blogs, events, and activities for 2023 will be posted soon.
Cybersecurity Awareness Month Blog Posts:
Archived Blog Posts
Learn How to Refuse the Phishing Bait
Whether a large-scale onslaught or a smaller, more targeted campaign, all successful phishing and email- based ransomware attacks are disruptive and damaging on some level. And the simple reality is that they rely on human error; in order for cyberattacks to succeed, someone, somewhere, needs to take the bait.
It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home. Here are simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails. Read the full blog here.
You’ve gotta watch this!
Dude, Where's My Report Phish Button?
IT Services has implemented an easier way to report suspicious emails from your University Outlook or Gmail inbox. This feature, called Report Phish, allows you to report phishing or other suspicious emails with the click of a button. The Report Phish button will gather a complete copy of the reported email for automated analysis and send to the Information Security team for further action in stopping a potential phishing attack. Read the full blog here.
Managing your Passwords and PINs
Protect your passwords and PINs like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.
Password managers will help you store your passwords and PINs safely. This tool lets you create strong, unique passwords for each account without having to remember all of them. Think of a password manager like a digital safe. It securely stores and manages usernames, passwords, and PINs for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember.
Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely. Read the full blog post here.
Top 10 Worst Passwords
Multi-factor Authentication for the Win!
Multi-factor authentication (MFA) or two-factor authentication (2FA) prompts a user to input a second set of verifying information when logging in. MFA is a highly effective action that anyone can take to drastically reduce the chances of cybercriminals accessing your accounts or personal information.
Password theft and successful credential compromise attacks have skyrocketed, which is another driving force behind MFA adoption.
While MFA or 2FA may result in a few extra steps during the login process, it is an essential tool to safeguard data and it can be the difference between a successful and unsuccessful attempt by a cybercriminal. Read the full blog post here.
Activate Automatic Updates Now
When your devices indicate a software update notification, there’s a tendency to select “remind me later” instead of installing updates immediately. According to a National Cybersecurity Alliance survey, one-third of people say that they “sometimes,” “rarely,” or “never” install software updates. However, software updates patch security flaws and help protect your data and devices from malicious actors.
Current software and security updates are the best defenses against a host of viruses, malware, and other online threats. Ensure your devices, operating systems, software, web browsers, and apps (like Zoom) are running the latest versions.
We recommend four steps to protect your personal information:
- Update devices, software, and apps often
- Turn on automatic update installations whenever possible
- Download software updates directly from the source
- Remember to backup data and devices regularly (either in the cloud or on an external hard drive)
5 Ways to Outsmart a Social Engineer - Oct 4, 2021
The 2021 Verizon Data Breach Investigations Report (DBIR) draws on 29,207 incidents investigated in 2020, over 5,200 of which were confirmed breaches. Social engineering and basic web application attacks caused the majority of data breaches. Among these breaches, a whopping 85% were attributed to a “human element.” Learn how to identify commonly used social engineering tactics and stop cybercriminals in their tracks. Read the full blog post.
Protecting Yourself Against Ransomware Attacks - Oct 11, 2021
Ransomware attacks are not only affecting businesses; colleges and universities are also prime targets for attacks. Surprisingly, education is the most affected sector for malware attacks when compared to other industries like business and professional services, retail and consumer goods, and high tech. Learn what you should do to protect yourself. Read the full blog post.
Cybersecurity Career Awareness Week - Oct 19, 2021
The University of Chicago is joining NIST and other organizations in promoting the exploration of information security career paths during Cybersecurity Career Awareness Week (October 18-23, 2021). This week-long campaign during Cybersecurity Awareness Month is an opportunity to inspire, engage, and inform everyone about the career options available within the field of information security. Read the full blog post.
Cybersecurity First - Oct 25, 2021
Cybersecurity is the art of protecting networks, devices, and data from unlawful access or criminal use and the practice of guaranteeing confidentiality, integrity, and availability of information. Communication, transportation, shopping, and medicine are just some of the things that rely on computers systems and the Internet now. Much of your personal information is stored either on your computer, smartphone, tablet or possibly on someone else’s system. Knowing how to protect the information that you have stored is of high importance not just for an individual but for an organization and those in it. Read the full blog post.