Introduction

This Week 3 is focused on "Recognizing and Reporting Phishing." Stay alert for unexpected messages requesting personal information. Refrain from sharing personal or sensitive information like bank account numbers, social security numbers, or student IDs with unfamiliar sources. If you encounter phishing attempts, report them and delete the message. Always be cautious and take a moment to assess before clicking on links or attachments.

Recognizing and Reporting Phishing Resources:

• Learn how to Recognize and Report Phishing on the National Cybersecurity Awareness Alliance site
• Secure Our World: Phishing Tip Sheet (CISA)
• How to Recognize and Avoid Phishing Scams (Federal Trade Commission)

Helpful Cybersecurity Tips:

• Pause Before Clicking: Take a few seconds to verify if the email is legitimate before clicking any links or attachments
• Watch for Urgent or Alarming Language: Be cautious of emails pressuring you to act quickly or making threatening demands
• Check for Spelling and Grammar Errors: Phishing emails often contain mistakes or poorly written content
• Verify the Sender's Email Address: Look closely at the sender's email for minor misspellings or unusual domain names
• Avoid Sharing Personal Information: Legitimate companies won't ask for sensitive details via email-ignore such requests

Recognizing and Reporting Phishing Facts and Figures:

Our emails and supporting information are available from the National Cyber Security Awareness Month (NCSAM) page on the CUNY website. We also provide a growing security resources list on the CUNY Information Security pages. You may also want to visit the OUCH! website to read recent security articles or subscribe to the world's leading, free security awareness newsletter designed for technology users.

If you have any questions about any of this information, please contact your college's Information Security Manager.

Introduction

This Week 2 is focused on "Turn on Multi-Factor Authentication (MFA)." A password alone isn't enough to fully secure your online accounts. Activating MFA greatly reduces your chances of being hacked. Be sure to enable MFA on all accounts that support it, particularly for email, social media, and financial platforms. At CUNY, Microsoft MFA already serves as an additional layer of cybersecurity protection when accessing your Microsoft Office 365 account and for secure remote access to CUNY network resources.  

Multi-Factor Authentication (MFA) Resources:

• You can find more information on Turn on Multi-Factor Authentication on the National Cybersecurity Awareness Alliance site
• Secure Our World: MFA Tip Sheet (CISA)
• Check this 2factorauth web page to find out which websites do or do not have multi-factor authentication available
• Training and documentation resources are available on the CUNY MFA web page

Helpful Cybersecurity Tips

• CUNY requires that all students, faculty and employees follow these Cybersecurity Best Practices
• Protect yourself against secret shopper, personal assistant and other online scams
• Follow CUNY's Best Practices for Secure Learning, Teaching and Working Remotely
• When using Zoom, follow CUNY's Zoom Security Protocols
• CUNY students may already be enrolled by their college in CUNY's online cybersecurity awareness course through their learning management system (Blackboard). The course duration for students is 25 minutes. Faculty and staff can take CUNY's online cybersecurity awareness course through the Blackboard learning management system under Organizations. The course duration for faculty and staff is 40 minutes.

Multi-Factor Authentication (MFA) Facts and Figures:

The National Cybersecurity Alliance 2023 Oh, Behave! report lists the following cybersecurity survey responses:

• Only 40%  of people use Multi-Factor Authentication (MFA), even though it is a highly effective security measure  
• 34%  of people started using MFA after receiving cybersecurity training 
• Younger generations (Gen Z and Millennials) are more likely to have heard of and use MFA, with 77% awareness, while 37% of Baby Boomers and 41% of the Silent Generation have never heard of it
• 79% of respondents were familiar with multifactor authentication and 70% of those who have heard of MFA know how to use it

Our emails and supporting information are available from the National Cyber Security Awareness Month (NCSAM) page on the CUNY website. We also provide a growing security resources list on the CUNY Information Security pages. You may also want to visit the OUCH! website to read recent security articles or subscribe to the world's leading, free security awareness newsletter designed for technology users.

If you have any questions about any of this information, please contact your college's Information Security Manager.

Introduction

This Week 1 is focused on " Use Strong Passwords and a Password Manager." Strong passwords should be long, random, unique to each application/service, and incorporate all four character types: uppercase, lowercase, numbers, and symbols. Password managers are an essential tool to help you generate and securely store strong passwords for each of your accounts.

Passwords Resources:

• You can find more information on Use strong passwords and a password manager on the National Cybersecurity Awareness Alliance site
• Secure Our World: Passwords Tip Sheet (CISA)
• Tips for Stronger Passwords (Consumer Reports)

Helpful Password Tips:

• Make passwords long: At least 13 characters (the longer, the better!)
• Use random strings or passphrases: Mix letters, numbers, and symbols or use unrelated words
• Create unique passwords for each account: Never reuse passwords across different accounts
• Use complex combinations: Upper- and lower-case letters, numbers, and special characters
• Use a password manager: Simplifies password management, storing unique, complex passwords securely

Password Facts and Figures:

The National Cybersecurity Alliance 2023 Oh, Behave! report lists the following cybersecurity survey responses:

• Only 38% of people use unique passwords for all their accounts
• 60% of people use strong passwords, indicating a gap in password security practices
• 46% of people create passwords that are 9 to 11 characters long, shorter than the recommended 13 characters

Our emails and supporting information are available from the National Cyber Security Awareness Month (NCSAM) page on the CUNY website. We also provide a growing security resources list on the CUNY Information Security pages. You may also want to visit the OUCH! website to read recent security articles or subscribe to the world's leading, free security awareness newsletter designed for technology users.

If you have any questions about any of this information, please contact your college's Information Security Manager.