October: Cyber Security - We're in This Together

Cyber Security: We’re in This Together

Before the turkeys and mistletoe arrive, we’ve got another festive holiday to celebrate. That’s right, folks: October is National Cyber Security Awareness Month (NCSAM), the most safe computing-y time of the year!

And it’s true, you know, that we really are in this together. Not only do our “oops” moments ripple through the UD community (remember that Google Docs scam earlier this year that spread through the contact lists of infected clickers?), but our moments of cyber-mindful clarity do as well.

So many of you are quick to speak up when something seems amiss on your computer, email or phone line. These reports let UDit’s security team assess and mitigate phish and other threats -- often quickly enough that we never need to send a campus notification. Your reports make a difference, and we’re grateful.

UD or Not UD? That Is the Question.
Speaking of reporting phishy emails, one outcome of phish training is that legitimate emails are getting the cyber-mindful “side-eye”. Even our own on-campus messages to one another can come across as suspicious (*cough* Gmail auto-warnings on our safe computing newsletters *cough*). Emails from legitimate UD entities have been reported to the IT Service Center as suspected phishing.

The reality is that UD business is sometimes conducted through 3rd party software tools that send auto-generated email messages from non-UD domains. There’s a good chance you receive 3rd party messages such as:

  • @teamdynamixapp.com - the IT Service Center’s service request system
  • @eventsairmail.com - HR’s Learning & Development and Wellness course portal

With all your cyber-savviness, you may have inspected these messages for the red flags -- unknown senders, inconsistent URLs, suspicious content. And having done so, you may have been unable to determine if the email was safe. What’s a campus to do?

The more you know the harder it is to take action cartoon

Because we’re in this together, both the receivers of emails AND the senders of email can play a big part in collective awareness. Here’s some quick advice for senders and receivers of campus email:

On the sending end? Personalize. If you’re sending a bulk, auto-generated message, edit the default text. And be sure to clearly include the name of a UD contact person/office for follow-up questions. Consider how your message will be received by cyber-mindful people on the look-out for phishing scams.

On the receiving end? Verify directly. If a questionable message claims to be from a UD person or office, contact that person or office directly to check. Use contact info from the Porches directory if it’s not someone you already know.

So Simple, It’s Scary
If you’ve been worried about our students missing out on all this safe computing info, fret no more! During National Cyber Security Awareness Month we’ll be launching a mini-campaign - Safe Computing: So Simple, It’s Scary - for UD students, with tips to help them stay a little safer online, too. There’s a lot they already know - take a look:

link to video

All Good, Cyber-Mindful Things . . .
Campaigns gotta end sometime. We’re wrapping up “Becoming Cyber-Mindful 2017” and would appreciate hearing your thoughts about cybersecurity on campus and at home. Ten lucky filler-outers will win a cozy UD sweatshirt blanket when our end-of year survey closes at the end of this month. Thanks for taking a few minutes to tell it like it is!

Phish Commish: October Phish-A-Palooza!

Our phish muscles are monster strong, folks - the September training exercise, a spoofed call for hurricane aid from The Salvation Army, only caught .03% unaware. That’s fewer than a dozen of us. We couldn’t find a properly “amazed” emoji, so you’ll have to just imagine one right . . . . here. . .  <<**amazed emoji**>>

Now, to celebrate National Cyber Security Awareness Month, the Phish Commish is preparing a veritable “palooza” of phish exercises - four total, of varying difficulty throughout October. We’ve even got an adventurous group of students joining in the fun. P.C. has carefully crafted these ploys to test our mettle . . . and your safe computing team’s got its money on our mettle!

Equifax Update

Oh, Equifax . . . uugh. Much has been said and unsaid on the topic since our last message (including much about the awful communication job Equifax has done every step of the way). But here are the recommendations we’re hearing consistently:

  1. Monitor your billing statements and credit activity closely (www.annualcreditreport.com lets you pull a credit activity report)
  2. Open a my Social Security account so crooks can’t use stolen information to hijack this extremely important portal for your Social Security benefits.
  3. Consider putting a freeze on your credit accounts (one of us did it by phone -- it took 20 minutes in all and was easy -- more info here)
  4. Consider putting a fraud alert on your files -- usually lasts 90 days
  5. File your tax return as early as possible this year
  6. Do this for your family members, too; or share this list with them

    Some additional info: 

Scam of the Month: UD Tele-Scams

We’ve received reports of telemarketing calls arriving to UD phones from 977-229-xxxx numbers. These auto calls roll off a natural-sounding spiel about winning a vacation cruise and ask questions about household income.

The trick here is that the calls initially look legit, like they’re coming from on-campus. But the UDit telecom team explains that not all 937-229-xxxx numbers belong to UD. Most of our real UD numbers will be between 9-1xxx and 9-5xxx. Just something else to file away in your bank of knowledge.

cyber security tips as Halloween treats

Reading Room

  • Concert-goers, did you know Ticketmaster has introduced “smart tickets” they claim will reduce fraud and improve security? Read more >>
  • Google’s got a National Cyber Security Awareness Month gift for us - starting this October, they’ll remind us to stay alert by marking “http” pages “Not secure” in the Chrome browser. Read more >>   
    example of what a non secure page looks like
  • The New York Times created an interactive feature to estimate how many times your personal information has been exposed to hackers. That’s . . . fun?

    Happy NSCAM, everyone! Put on your cyber-mindful orange and celebrate safe computing with a little thinking before clicking. And maybe cake.

    Oh, and take the cyber-mindful survey, please!

Information Technologies (UDit)

300 College Park
Dayton, Ohio 45469