Information Security Alerts
To meet growing technological needs and to protect against evolving cyber threats, Information Security engages with the campus community to increase cybersecurity awareness, incentivize cybersecurity, encourage the adoption of best practices, and implement a shared sense of responsibility for cybersecurity at our institution. This page will be updated as information and/or alerts--from CISA, other Federal agencies, and the public sector--are identified.
Shields Up Guidance
From state- sponsored hacks to the relentless tide of ransomware, the stakes have never been higher. And it's the same all over the world. We do not have all the answers, nor do we know what will happen next. But from a cybersecurity standpoint, we do know that continuing to focus on the fundamentals is key to protecting ourselves at home and at work. While the sense of urgency may have changed, the way cyber attackers target us has not. Here are the basics to focus on:
- Implement multi-factor authentication on your accounts. A password isn’t enough to keep you safe online. By implementing a second layer of identification, like a confirmation text message or email, a code from an authentication app, a fingerprint or Face ID, you’re giving your bank, email provider, or any other site you’re logging into the confidence that it really is you. Multi-factor authentication can make you 99% less likely to get hacked. So enable multi-factor authentication on your email, social media, online shopping, financial services accounts. And don’t forget your gaming and streaming entertainment services!
- Update your software. In fact, turn on automatic updates. Bad actors will exploit flaws in the system. Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too. Leverage automatic updates for all devices, applications, and operating systems. (See CISA Known Vulnerabilities Catalog)
- Think before you click. More than 90% of successful cyber-attacks start with a phishing email. A phishing scheme is when a link or webpage looks legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. If it’s a link you don’t recognize, trust your instincts, and think before you click.
- Use strong passwords, and ideally a password manager to generate and store unique passwords. Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on.
What's more, there is going to be a tremendous amount of false information spread on the Internet. Do not trust or rely on information from new, unknown, or random social media accounts, such as posts on LinkedIn, Instagram, Facebook, or Twitter. Many of these accounts have been created on these sites for the sole purpose of putting out fake information (fake news). Instead, follow only well-known, trusted news sources that verify the authenticity of information before they broadcast it.
Donations to many are important and if you wish to donate to a cause in support of recent events, do your due diligence to ensure sure you are donating to a well-known, trusted charity. There will be many scams attempting to trick people into donating to fake charities run by cybercriminals.
Please continue to focus on the fundamentals you have learned from the semi-annual Cybersecurity training and you will go a long way to protecting the institution's data as well as your personal information no matter who the cyber attacker may be. Contact informationsecurity@clayton.edu if you have any questions.
Ransomware Awareness for Holidays and Weekends
This holiday season, it is important to remain diligent in defending against ransomware attacks by staying up to date on the best practices for malware prevention. Ransomware is a form of malicious software (“malware”) that encrypts data on a device, rendering that data, and the systems that rely on them, unusable. Cyber threat actors often demand a ransom to provide a decryption key, or may threaten to publicly disclose sensitive files and information gained during the ransomware attack (if the ransom is not paid). Throughout the COVID-19 pandemic, it is reported malicious cyber actors used various COVID-19 related scams to target businesses and agencies across the U.S.
Alerts