University of Chicago Cybersecurity Awareness Month
The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.
Source: National Cybersecurity Alliance
What is Cybersecurity Awareness Month?
Cybersecurity Awareness Month – observed every October – is a government and private sector partnership that raises awareness about cybersecurity and best practices for preventing cyberattacks and the spread of malware. Cyberattacks can result in serious problems for the University and its faculty, such as the alteration and misrepresentation of faculty data, the loss of private information the University is legally bound to protect, or a massive shutdown of the University’s online operations.
The University of Chicago joined more than 1,700 other organizations by committing to support this campaign as a Cybersecurity Awareness Month Champion. As part of that effort, the Information Security team will share weekly blog posts that include helpful and interesting facts and recommendations selected to keep members of the University community informed about the latest security concerns and empowered to do their parts to keep themselves and the University safe.
2024 Focus
Now in its 21st year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) with the overarching theme for 2024:
“Secure Our World”
This year, we are focusing on four key behaviors instead of weekly themes:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software, apply security updates often
- Recognizing and reporting phishing
Events & Activities
The theme for Cybersecurity Awareness Month 2024 is “Secure Our World”. Launched in 2023, Secure Our World empowers everyone to understand the simple ways to protect the University, you, and your family from online threats. We’re increasingly connected through digital tools and more of our sensitive information is online. This convenience comes with risks. Each of us has a part to play in keeping ourselves and others safe. It’s easy to do and takes less time than you think.
Join us for exciting events and activities that will test your cybersecurity and reinforce secure behaviors that you can use in your daily lives.
Tech Talk Tuesdays
When you register and attend the full webinar, your chance to win a Cybersecurity Awareness care package increases.
Digital Escape Room
Help Chip get out of a tough spot and teach this young bot how to stay safe online (log in required).
Cybersecurity Terms Wordle
Can you solve this week’s cybersecurity-themed Wordle puzzle in 6 attempts?
Paper Destruction Event
October 29 – 30
9:00 a.m. – 3:00 p.m.
Location TBD
Open to the University of Chicago Community!
Sponsored by the Biological Sciences Division
Level Up Your Cybergame Trivia Gameshow
Be a part of the team that helps UChicago take home the W. Register (via Zoom) to play!
Cybersecurity Awareness Month Videos
CAM Faculty Spotlight: Harold Pollack
Harold Pollack, PhD, Co-Director of the Health Lab and Helen Ross Professor, Crown Family School of Social Work, Policy, and Practice
Professor Harold Pollack on securing passwords with Provost Katherine Baicker
Harold Pollock's Guide to Basic Computer Security Practices
Cybersecurity Awareness Month 2024 Blog Posts
MFA Fatigue (aka MFA Exhaustion) Explained
The average smartphone user in the US receives more than 46 notifications on their mobile device per day. That’s almost two notifications an hour. Every half hour, the user needs to break away from what he is doing at the moment to look at the phone. Cyber criminals make good use of this fact, knowing that there is a good chance that the victim will unknowingly agree to something they shouldn’t.
Stop! This is a sure sign that something is wrong and your account is most likely compromised. Remember, if you didn’t expect it, don’t accept it. Contact your local IT department or email security@uchicago.edu immediately.
Read more about MFA Fatigue and what you should do.
Job Fraud Threats Targeting Our Students
A common misconception about cyber attackers is that they use only highly advanced tools and techniques to hack into peoples’ computers, accounts, lives. Cyber attackers have learned that the easiest ways to steal your information, hack your accounts, or infect your systems is by simply tricking you into doing it for them using a technique called social engineering. Gone are the days of the hacker sitting at their keyboard hammering out lines of code to gain access to data.
Phishing emails are targeting colleges and universities using free resources found on the Internet, such as Google forms. These threats disproportionately impact students. Many of these phishing emails are designed to entice students with an easy, work-from-home job.
Learn how to detect a fraudulent job offer and how to report it.
New Sextortion Emails Meant to Motivate You to Act
A new twist on an old scam. Scammers are diligently working to make their phishing emails more convincing. I often imagine them holding brainstorming sessions on how to raise their scams to the next level. In addition to using leaked data from breaches, these scammers also use information designed to be helpful to everyone, such as Google maps and street views, to add a personal touch to their emails.
Learn more about Sextortion and how to report it.
QR Code Phishing (aka Quishing) Explained
This blog post is part of a monthly series exploring the ever-evolving tactics of today’s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain—reconnaissance and initial compromise—in the context of email threats.
The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today’s dynamic threat landscape. – Read more about reconnaissance and initial compromise.
Find samples of Quishing emails.
Securing Your Digital Life with Multi- Factor Authentication
It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminal to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security. Read more about the benefits of enabling MFA.
Here’s Why You Shouldn’t Feel Intimidated About Exploring a Career in Cybersecurity
Are you intrigued by the idea of pursuing a career in cybersecurity but find the IT landscape overwhelming? If so, you’re not alone! Many people in the IT or cybersecurity field didn’t start with a degree in those areas or follow a traditional path. As concern about cybersecurity grows, so does the demand for cybersecurity professionals.
Get more information and resources that can help you as you explore a career in Cybersecurity.
Where's My Report Phish Button?
Learn How to Refuse the Phishing Bait
Whether a large-scale onslaught or a smaller, more targeted campaign, all successful phishing and email-based ransomware attacks are disruptive and damaging on some level. And the simple reality is that they rely on human error; in order for cyberattacks to succeed, someone, somewhere, needs to take the bait.
It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home. Here are simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails.
Managing your Passwords and PINs
Protect your passwords and PINs like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.
Password managers will help you store your passwords and PINs safely. This tool lets you create strong, unique passwords for each account without having to remember all of them. Think of a password manager like a digital safe. It securely stores and manages usernames, passwords, and PINs for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember.
Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely. Read the full blog post here.