University of Chicago Cybersecurity Awareness Month

Cybersecurity awareness month logo

The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet. 

Source: National Cybersecurity Alliance

What is Cybersecurity Awareness Month?

Cybersecurity Awareness Month – observed every October – is a government and private sector partnership that raises awareness about cybersecurity and best practices for preventing cyberattacks and the spread of malware. Cyberattacks can result in serious problems for the University and its faculty, such as the alteration and misrepresentation of faculty data, the loss of private information the University is legally bound to protect, or a massive shutdown of the University’s online operations.

The University of Chicago joined more than 1,700 other organizations by committing to support this campaign as a Cybersecurity Awareness Month Champion. As part of that effort, the Information Security team will share weekly blog posts that include helpful and interesting facts and recommendations selected to keep members of the University community informed about the latest security concerns and empowered to do their parts to keep themselves and the University safe.

2023 Focus

Now in its 20th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance (NCSA)  and the Cybersecurity and Infrastructure Security Agency (CISA) with the overarching theme for 2023:

“See Yourself in Cyber”

This year, we are focusing on four key behaviors instead of weekly themes:

Cybersecurity Awareness Month Videos & Blog Posts

CAM Faculty Spotlight: Harold Pollack

Harold Pollack, PhD, Co-Director of the Health Lab and Helen Ross Professor, Crown Family School of Social Work, Policy, and Practice

Harold lives the mantra “Eat. Sleep. Cybersecurity.” Watch as he shares his view on securing passwords with Provost Katherine Baicker.

To understand Harold Pollack’s Guide to Basic Computer Security practices, you don’t even have to be Shmuel Weinberger, Andrew MacLeish Distinguished Service Professor of Mathematics. Word to that!

2023 Blog Posts

QR Code Phishing (aka Quishing) Explained

This blog post is part of a monthly series exploring the ever-evolving tactics of today’s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain—reconnaissance and initial compromise—in the context of email threats.

The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today’s dynamic threat landscape. – Read more about reconnaissance and initial compromise.

Find samples of Quishing emails.

Here’s Why You Shouldn’t Feel Intimidated About Exploring a Career in Cybersecurity

Are you intrigued by the idea of pursuing a career in cybersecurity but find the IT landscape overwhelming? If so, you’re not alone! Many people in the IT or cybersecurity field didn’t start with a degree in those areas or follow a traditional path. As concern about cybersecurity grows, so does the demand for cybersecurity professionals.

Get more information and resources that can help you as you explore a career in Cybersecurity.

Securing Your Digital Life with Multi- Factor Authentication

It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminal to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security. Read more about the benefits of enabling MFA.

Learn How to Refuse the Phishing Bait

Whether a large-scale onslaught or a smaller, more targeted campaign, all successful phishing and email-based ransomware attacks are disruptive and damaging on some level. And the simple reality is that they rely on human error; in order for cyberattacks to succeed, someone, somewhere, needs to take the bait.

It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home. Here are simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails.

Managing your Passwords and PINs

Protect your passwords and PINs like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.

Password managers will help you store your passwords and PINs safely. This tool lets you create strong, unique passwords for each account without having to remember all of them. Think of a password manager like a digital safe. It securely stores and manages usernames, passwords, and PINs for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember.

Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely. Read the full blog post here.

Where's My Report Phish Button?
IT Services has implemented an easier way to report suspicious emails from your University Outlook or Gmail inbox. This feature, called Report Phish, allows you to report phishing or other suspicious emails with the click of a button. The Report Phish button will gather a complete copy of the reported email for automated analysis and send to the Information Security team for further action in stopping a potential phishing attack.
 
Activate Automatic Updates Now

When your devices indicate a software update notification, there’s a tendency to select “remind me later” instead of installing updates immediately. According to a National Cybersecurity Alliance survey, one-third of people say that they “sometimes,” “rarely,” or “never” install software updates. However, software updates patch security flaws and help protect your data and devices from malicious actors.

Current software and security updates are the best defenses against a host of viruses, malware, and other online threats. Ensure your devices, operating systems, software, web browsers, and apps (like Zoom) are running the latest versions.

We recommend four steps to protect your personal information:

  • Update devices, software, and apps often
  • Turn on automatic update installations whenever possible
  • Download software updates directly from the source
  • Remember to backup data and devices regularly (either in the cloud or on an external hard drive)

Read the full blog post.

Blog Archive

5 Ways to Outsmart a Social Engineer - Oct 4, 2021
The 2021 Verizon Data Breach Investigations Report (DBIR) draws on 29,207 incidents investigated in 2020, over 5,200 of which were confirmed breaches. Social engineering and basic web application attacks caused the majority of data breaches. Among these breaches, a whopping 85% were attributed to a “human element.” Learn how to identify commonly used social engineering tactics and stop cybercriminals in their tracks. Read the full blog post.
Protecting Yourself Against Ransomware Attacks - Oct 11, 2021
Ransomware attacks are not only affecting businesses; colleges and universities are also prime targets for attacks. Surprisingly, education is the most affected sector for malware attacks when compared to other industries like business and professional services, retail and consumer goods, and high tech. Learn what you should do to protect yourself. Read the full blog post.
Cybersecurity Career Awareness Week - Oct 19, 2021
The University of Chicago is joining NIST and other organizations in promoting the exploration of information security career paths during Cybersecurity Career Awareness Week (October 18-23, 2021). This week-long campaign during Cybersecurity Awareness Month is an opportunity to inspire, engage, and inform everyone about the career options available within the field of information security. Read the full blog post.