Tag Archives: 20231012

October is CyberSecurity Awareness Month

Greetings! I’m Kristen Howard, the new Information Security Officer at Simmons University. My main goal is to work with faculty, staff, and students to raise awareness about cybersecurity and foster a secure online setting. By partnering together, we can protect the university’s information and enable a safe and effective digital environment for everyone in our community.

This month we will focus on the human role in cybersecurity.

See Yourself in Cyber. #BeCyberSmart.

Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school. 

4 Things You Can Do to #BeCyberSmart

Security Awareness Training and Phishing Tests

One of the ways we can protect ourselves is through security training on a regular basis.  This reinforces our knowledge of cybersecurity over time and becomes part of our subconscious defense behavior.  Beginning in November, we will make short learning videos available on a monthly basis for people to review.  After that, it’s time to test our Phishing skills and apply what we have learned in the form of fake Phishing emails.  Can you spot the Phish?   

About Your Role

When we say See Yourself in Cyber, we mean see yourself in cyber no matter what role you play. As an individual or consumer, take steps to protect your online information and privacy. Faculty, staff, and service providers can take ownership of their role by putting cybersecurity in place to prevent incidents while protecting the University’s brand and reputation. Administrators support critical operations and are a part of the network of functions and systems that others rely on.

Remember: your role plays an important part in ensuring cybersecurity for the larger ecosystem!

Avoid Becoming a Social Engineering Victim – Four Questions to Ask Yourself:

Social engineering is a scam where a cybercriminal attempts to trick someone into taking an action against their own best interests. Usually, the action results in the victim providing confidential information (like their login information) or installing malware on their computer. Most social engineering attacks have four common traits, which signal a far higher likelihood of a scam if all are present.

Image describe process of possible scenarios

Long Image Description:

Did the message arrive unexpectedly? Yes. Is it the first time the sender has asked you to perform the requested action? Yes. Does the request include a stressor, such as “You need to do this now”? Yes. Can performing the request harm your interest? Yes. If you answer yes to all of them, you should go out of your way to confirm the request is legitimate. Use a trusted method like calling or texting the sender before taking any action.

Not every message with these four traits is absolutely a social engineering scam. Our email inboxes, voicemail and postal mailboxes are full of unexpected requests; that is life. But when these four traits are present, stop, look, and think before you act!

Phishing and Social Engineering 

Phishing and social engineering campaigns are still a top source of ransomware and other malware[1]. 

Phishing is a type of cybersecurity attack where malicious actors send messages pretending to be a trusted person.  Social Engineering is the psychological manipulation of people into performing actions like installing malicious software, clicking a malicious link, or divulging sensitive information.

Reduce your chances of your falling victim to phishing attacks!

Beware of messages that:

  • Do not clearly identify themselves or their company
  • Come from an email address that does not match the company’s domain
  • Do not give full contact information such as the title of sender, the company’s physical address, or phone number
  • Make too good to be true offers with no strings attached
  • Ask to pay an upfront fee or asks you to transfer money for them
  • Ask to give your credit card or bank account numbers
  • Ask to send copies of personal documents
  • Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.

If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.

[1] 2023 Verizon Data Breach Investigations Report (DBIR)

Please send any questions or concerns to Simmons Information Security Officer, Kristen Howard, or the Technology Service Desk.