Cybersecurity Month 2022

October is Cybersecurity Month!

All month long IT and EdTech are celebrating cybersecurity month by discussing ways to stay safe while on the web on campus!

Email Phishing increased 34% in 2021, and is the #1 type of cybercrime according tot he FBI

Always check the following to determine phishing:

  • Am I expecting this type of message?
  • Is the person sending the message someone who normally makes these kinds of offers or requests?
  • Are the contact links consistent with the sending address. If the offer is being made from an @wooster.edu email address is the contact listed an @wooster.edu address?

It’s Phishing, what do I do with it?

  • Do not click on any link, or respond to the email
  • Block unknown or randomized emails

Do I need to report it?

  • Outlook has a way to report phishing directly to Microsoft.
  • Use your best judgement, phishing emails sent to your @wooster.edu email can be forwarded to helpdesk@wooster.edu

Tips for Creating a Strong Password

Do:

  • Use a longer password. Your password should be at least ten characters long, although for extra security it should be even longer.
  • Try to include numbers, symbols, and both uppercase and lowercase letters.
  • Random passwords are the strongest. If you’re having trouble creating one, you can use a password generator instead.

Don’t:

  • Never use personal information such as your name, birthday, user name, or email address. This type of information is often publicly available, which makes it easier for someone to guess your password.
  • Don’t use the same password for each account. If someone discovers your password for one account, all of your other accounts will be vulnerable.
  • Avoid using words that can be found in the dictionary. For example, swimming1 would be a weak password.

Update often:
Always keep your software updated when updates becomes available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.

Make It Automatic:
Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.

Get it From the Source:
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These ; these often contain malware and cause more problems than they solve.

Watch for Fakes:
Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured or it could contain malware.

What is MFA?

Multi-Factor Authentication (MFA) is a system that verifies a user’s identity at login by requiring multiple forms of credentials such as your password and a trusted device (A phone or tablet).

Why MFA?

Implementing MFA makes it more difficult for a threat actor to gain access to business premises and information systems, such as remote access technology, email and billing systems, even if passwords or PINs are compromised through phishing attacks or other means

MFA at the College of Wooster

Microsoft offers us a few options for our second factor:

  • text message token
  • phone call token
  • authenticator app, available for iOS and Android devices

Information and Planning strongly encourages everyone to setup the authenticator application as one of the MFA options. This will allow access via your mobile device when Wi-Fi is available, but phone service is not. This option is especially important while traveling in areas without cellular access.

*Please set-up as many ways to authenticate as you can.

Thanks for joining us!
See you next year for more cybersecurity conversations and fun!