University of Chicago Cybersecurity Awareness Month
The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.
Source: National Cybersecurity Alliance
What is Cybersecurity Awareness Month?
Cybersecurity Awareness Month – observed every October – is a government and private sector partnership that raises awareness about cybersecurity and best practices for preventing cyberattacks and the spread of malware. Cyberattacks can result in serious problems for the University and its faculty, such as the alteration and misrepresentation of faculty data, the loss of private information the University is legally bound to protect, or a massive shutdown of the University’s online operations.
The University of Chicago joined more than 1,700 other organizations by committing to support this campaign as a Cybersecurity Awareness Month Champion. As part of that effort, the Information Security team will share weekly blog posts that include helpful and interesting facts and recommendations selected to keep members of the University community informed about the latest security concerns and empowered to do their parts to keep themselves and the University safe.
2023 Focus
Now in its 20th year, Cybersecurity Awareness Month continues to build momentum and impact co-led by the National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) with the overarching theme for 2023:
“See Yourself in Cyber”
This year, we are focusing on four key behaviors instead of weekly themes:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software, apply security updates often
- Recognizing and reporting phishing
Cybersecurity Awareness Month Videos & Blog Posts
CAM Faculty Spotlight: Harold Pollack
Harold Pollack, PhD, Co-Director of the Health Lab and Helen Ross Professor, Crown Family School of Social Work, Policy, and Practice
2023 Blog Posts
QR Code Phishing (aka Quishing) Explained
This blog post is part of a monthly series exploring the ever-evolving tactics of today’s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain—reconnaissance and initial compromise—in the context of email threats.
The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today’s dynamic threat landscape. – Read more about reconnaissance and initial compromise.
Find samples of Quishing emails.
Here’s Why You Shouldn’t Feel Intimidated About Exploring a Career in Cybersecurity
Are you intrigued by the idea of pursuing a career in cybersecurity but find the IT landscape overwhelming? If so, you’re not alone! Many people in the IT or cybersecurity field didn’t start with a degree in those areas or follow a traditional path. As concern about cybersecurity grows, so does the demand for cybersecurity professionals.
Get more information and resources that can help you as you explore a career in Cybersecurity.
Securing Your Digital Life with Multi- Factor Authentication
It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminal to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security. Read more about the benefits of enabling MFA.
Learn How to Refuse the Phishing Bait
Whether a large-scale onslaught or a smaller, more targeted campaign, all successful phishing and email-based ransomware attacks are disruptive and damaging on some level. And the simple reality is that they rely on human error; in order for cyberattacks to succeed, someone, somewhere, needs to take the bait.
It can feel overwhelming sometimes given that we, as the targets, need to be right all the time while the attackers only need to be right once. But the good news is that small steps can amount to big strides when it comes to protecting data, devices, and systems at work and at home. Here are simple, practical cybersecurity awareness training tips you can use to identify and avoid malicious emails.
Managing your Passwords and PINs
Protect your passwords and PINs like the valuable assets they are. Your login credentials are often the only things that protect your money and data from cybercriminals. Keeping your credentials safe means not writing them down, not sharing them, and not letting others watch when you enter them.
Password managers will help you store your passwords and PINs safely. This tool lets you create strong, unique passwords for each account without having to remember all of them. Think of a password manager like a digital safe. It securely stores and manages usernames, passwords, and PINs for all of your individual accounts. To access the information, you create a strong master password. This master password is the key to your “safe” and the only password you need to remember.
Tip: Don’t store your login credentials in a browser. While it might seem convenient to let your browser save your login information, avoid this habit. Not all browsers store usernames and passwords securely. Read the full blog post here.
Where's My Report Phish Button?
Activate Automatic Updates Now
When your devices indicate a software update notification, there’s a tendency to select “remind me later” instead of installing updates immediately. According to a National Cybersecurity Alliance survey, one-third of people say that they “sometimes,” “rarely,” or “never” install software updates. However, software updates patch security flaws and help protect your data and devices from malicious actors.
Current software and security updates are the best defenses against a host of viruses, malware, and other online threats. Ensure your devices, operating systems, software, web browsers, and apps (like Zoom) are running the latest versions.
We recommend four steps to protect your personal information:
- Update devices, software, and apps often
- Turn on automatic update installations whenever possible
- Download software updates directly from the source
- Remember to backup data and devices regularly (either in the cloud or on an external hard drive)
Read the full blog post.