Cybersecurity Awareness Month — Secure Our World

Cybersecurity Awareness Month 2023 is this October and the department of OCIS encourage all users to own their role in protecting themselves and their connected devices. The theme this year is Secure Our World.

The website consists of general information, tips, and best practices on protecting yourself online, your digital home devices. Our goal is to help you make the most of today's technology safely and securely.

Welcome to the fourth and final week of National Cybersecurity Awareness Month. This week, our focus is on “Recognizing and Reporting Phishing.” Phishing attacks increased by 61% in 2022, according to Slash Next. Email and text phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. In fact, 30% of small businesses consider phishing attacks to be their top cybersecurity concern.

It’s important for every individual to spot phishing’s red flags and stop and think before clicking on a link or attachment in a message.

Phishing Prevention Resources:

- - You can find more information in Recognize and Report Phishing Attacks on the National Cybersecurity Awareness Alliance site.
  - Learn more about phishing in a Recognizing and Reporting Phishing Infographic.

Helpful Phishing Prevention Tips:

- - Be wary of malicious links in messages offering a “reward” or “free gift.”
  - Tips for Spotting a Phish: 1) They create a sense of urgency or claim to need help. 2) They ask for your personal info. 3) They want you to download a file or click on a link.
  - Do not verify your account in response to an unsolicited email or text by logging into a webpage or updating your credentials.
  - If you receive a suspicious email or text, do not click on any links — even the unsubscribe link — or reply to the email.
  - A phishing scheme can also install malware onto your device.
  - If you are able to recognize spam or phishing emails, just delete them.
  - If you suspect an email is phishing for your information, it’s best to report it quickly to your IT help desk.
  - Only verify account information using customer service contact and website information provided in monthly statements or original account documentation.

Phishing Facts and Figures:

In response to a NCA survey:

- - 72% of respondents reported that they checked to see whether messages were legitimate (not phishing or a scam) compared to 10% who reported not doing so.
  - Nearly half of the participants (48%) reported phishing emails to the sender (the person or entity the cybercriminal tried to impersonate by sending the phishing email).
  - 42% of the participants said they used the reporting capability on a platform (e.g., Gmail) “very often” or “always”.

Welcome to the third week of National Cyber Security Awareness Month. Our theme this week is “Updating Your Software.” Despite a NCA survey in which nearly 2 in 5 respondents say they either “sometimes,” “rarely,” or “never” install software updates, applying the latest software updates and security fixes is one of the easiest ways to keep your information secure. Additionally, you can enable auto-updates for your devices to avoid the ‘remind me later’ button and stay one step ahead of cybercriminals.

Resources:

You can find more information on Updating Your Software on the National Cybersecurity Awareness Alliance site.
Learn about software update pitfalls and best practices in a Software Updates Infographic.

Helpful Tips:

Turn on automatic updates on all your devices. Set it and forget it!
Stop clicking “Remind me later.” Don’t hesitate to update!
Keep a clean machine with current security updates, web browser, and operating system.
Uninstall any apps you no longer use.
Download software from legitimate sources.
Don’t fall for phishy fakes!

Facts and Figures:
In response to a NCA survey:

68% of the participants reported installing the latest updates and software as soon as they are available.
Of those who reported installing the latest updates to their devices, 45% had turned on automatic updates. A further 21% note that they take immediate action when they receive a notification.

In response to a Symantec survey:

Just 20% of Android devices use the latest and safest OS version

Welcome to Week 2 of Cybersecurity Awareness Month, which focuses on “Using strong passwords and a password manager.” As our online lives expand, we’ve gone from having just a few passwords to many, and we might manage upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. Password managers can help you make accounts safer by recommending strong, unique passwords and making it easier to manage and use those passwords. This week, we’re clearing up misconceptions about password managers and demonstrating how they can help secure your online accounts and data.
Password Resources:

You can find more information on passwords and password managers on the National Cybersecurity Awareness Alliance site.
Learn the value of password managers with this Password Infographic.

Helpful Password Tips:

Every one of your passwords should be at least 12 characters long.
Each account needs to be protected with its own unique password.
Each unique password should be a combination of upper-case letters, lower case letters, numbers, and special characters (like >, !?).
Running out of password ideas? Let password managers do the work for you.
Lock up your password list. Replace your written list of passwords with a password management tool — you only have to remember one strong password for the password manager.
A password manager is best the way to create and maintain strong passwords for the ever-increasing number of online accounts we log into.
A password manager encrypts passwords before they leave your device. It also reminds you to change passwords regularly and evaluate their strength.

Password Facts and Figures:
In response to a Ponemon Institute survey:

53% of people rely on their memory to manage passwords.
75% of people said they don’t know how to create secure passwords in the first place.

In response to a LastPass survey:

81% of the total number of breaches leveraged stolen or weak passwords.
61% of employees use the same passwords for multiple platforms.

In response to a Google survey:

Only 45% of adults would change a password after a breach.

In response to a Business Insider:

28% of adults in the US use the same password for all their online accounts.

October is dedicated to Cybersecurity Awareness Month, a worldwide initiative to promote safer and more secure online experiences. CUNY is proud to participate in the NCSAM program, in collaboration with the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. Throughout October, you will receive weekly messages on four key cybersecurity behaviors:

Week 1 — Enabling multi-factor authentication
Week 2 —Using strong passwords and a password manager
Week 3 — Updating software
Week 4 —Recognizing and reporting phishing Attacks

This Week 1 is focused on “Enabling Multi-Factor Authentication (MFA)” — an important and easy way to help keep your accounts and online information secure.  Already available for most online banking and retail websites and mobile applications, you should choose to enable MFA wherever and whenever it is available to you.  At CUNY, Microsoft MFA already serves as an additional layer of cybersecurity protection when accessing your Microsoft Office 365 account. You can expect the MFA protection to be extended to other CUNY applications and services in the coming months.
MFA Facts and Figures:
In response to a NCA survey:

Less than two-thirds, specifically 57% of the respondents, had heard of MFA.
Among those who were aware of MFA, a significant majority, around 79%, had applied MFA to their online accounts.
An even higher percentage, 94%, of those who had implemented MFA continued to use it.

In response to a Duo Labs survey:

Two-factor authentication has become more popular over the last two years, with 79% of US/UK respondents saying they used it in 2021, compared to 53% who used it in 2019.
SMS text messages are the most common second factor US/UK users choose when logging into two-factor authentication accounts, at 85%.

MFA Resources:

Check this guide to find out which websites do or do not have multi-factor authentication available.
Find more information on Enabling Multi-Factor Authentication (MFA) on the National Cybersecurity Awareness Alliance site.
Learn the value of MFA with this MFA Infographic.

Helpful Cybersecurity Tips: Training and documentation resources are available on the CUNY MFA website

CUNY requires that all students, faculty and employees follow these Cybersecurity Best Practices
Protect yourself against secret shopper, personal assistant and other online scams
Follow CUNY’s Best Practices for Secure Learning, Teaching and Working Remotely
When using Zoom, follow CUNY’s Zoom Security Protocols
CUNY students may already be enrolled by their college in CUNY’s online cybersecurity awareness course through their learning management system (Blackboard). The course duration for students is 25 minutes. Faculty and staff can take the CUNY’s online cybersecurity awareness course via the directlink or through Blackboard (learning management system) as well. The course duration for faculty & staff is 40 minutes.