Cybersecurity Awareness Month

In our increasingly digital world, protecting our data and maintaining privacy is more crucial than ever. Cyber threats affect every member of our university community and put both our personal and university information at risk. 

2024 Cybersecurity Awareness Month

Every October we recognize Cybersecurity Awareness Month. A collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance, Cybersecurity Awareness Month is an international initiative to raise awareness about online safety and cybersecurity with the goal to educate people on how to protect their data and keep themselves safe online.

This year’s theme is ‘Secure Our World’, a reminder that there are simple ways to protect yourself, your family, and your work and research from online threats. The campaign focuses on the top four ways to stay safe online:

  • Use strong passwords and a password manager
  • Turn on multifactor authentication
  • Update software
  • Recognize and report phishing

Below you’ll find concrete steps you can take to stay informed and vigilant against cybersecurity risks during cybersecurity awareness month and beyond.

Week 1: Use Strong Passwords and a Password Manager

Use Strong Passwords Header

Create complex passwords in the form of a passphrase that is at least 12 characters long, combines letters, numbers, and symbols, and is unique to each site. Don’t forget to change passphrases regularly! 

Need help managing all your passwords? A password manager automatically stores your passwords in a secure, encrypted database, can autofill them when you arrive at a site, and can help you generate a strong password when needed.

A good password is:

  • Long – At least 12 characters 
  • Unique – Never reuse passwords. Each account needs its own unique password. 
  • Complex – Use a passphrase consisting of a combination of upper- and lower-case letters, numbers and special characters. Some websites will even let you include spaces.

In addition to saving your passwords, a password manager will also protect your identity, notify you of potential phishing websites, and alert you when a password has potentially become compromised. There are many different free or paid password managers available for personal or business use. Some examples include: 

Free Password Managers

Subscription Password Managers

Week 2: Enable Multi-factor Authentication

Enable Multi-Factor Authentication Header

In the cyber world, MFA stands for multi-factor authentication. Multifactor authentication is a security measure that adds an extra layer of protection by requiring users to provide more than just a password to access an account or application. 

The university has already enabled DUO multi-factor authentication on all major university accounts and services in order to ensure your accounts are as secure as possible. Whenever possible, we recommend turning on two-factor authentication for additional accounts, such as social media accounts, private email accounts, Microsoft360, or LinkedIn. The more factors you use, the better your security.

Week 3: Keep Your Software Up to Date

Keep your software up to date header

Keep your computers, tablets, and smartphones updated with the latest security patches and antivirus software. 

When downloading a software update to your personal or professional device, be sure the update is coming from the company that created the software. Hacked, pirated or unlicensed versions of software often contain malware or cause more problems than they solve. To ensure the legitimacy of the update, visit the update page or settings page in the application that you are updating.

The easiest way to ensure your programs and applications are updated regularly is to turn on automatic updates within the program or app settings and make sure you accept all updates when prompted.

Week 4: Recognize and Report Phishing

Recognize and Report Phishing Header

Never click on any links, attachments, or email addresses within the suspicious message. Forward the message only to IT Central.

How to Spot a Phishing Scam:

  • Do you recognize the sender?
  • Were you expecting an email from the sender?
  • Is it a strange or abrupt business request?
  • Does the sender’s email address match the person asking for a response?
  • Does it stress an urgency to click on hyperlinks or attachments?
  • Does it come through an unusual channel, such as a job offer via text?
  • Does it contain an offer that’s too good to be true?
  • Does it include language that’s alarming or threatening?
  • Is the greeting ambiguous or very generic?
  • Does it ask you to send personal information, passwords, or MFA codes?

To Report a Scam:

  • Click the radio button on the right of the email 
  • Select “Report Phishing” to alert Google
  • You can also select “Block Sender” if you are certain that the message is malicious. Never forward or click on any links or email addresses within the suspicious message.
  • You should also contact IT at itcentral@newschool.edu to report the suspected phishing scam and allow the IT team to investigate and block any additional phishing attempts.
  • Once you have reported the message to IT Central, please delete the message.