Cybersecurity Awareness Month 2024

Cybersecurity Awareness Month: Secure Our World

As we step into October, we are excited to announce the start of Cybersecurity Awareness Month, a crucial initiative dedicated to online safety and data protection. This year, our theme is “Secure Our World!” which emphasizes the importance of simple yet effective actions that each of us can take to protect our personal and University data from cyber threats.

Cybersecurity Awareness Month is led by the Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance. For more information about ways to keep our world secure visit https://www.cisa.gov/cybersecurity-awareness-month and https://staysafeonline.org/programs/cybersecurity-awareness-month/. 

In an era where large-scale data breaches and cyberattacks are all too common, it’s vital that we stay informed and vigilant. Cybersecurity Awareness Month serves as a powerful reminder that even small, everyday actions can make a significant difference in safeguarding our digital lives and the security of our community.

We’ll be concentrating on these essential practices to enhance our online security:

Week 1: The Importance of a CyberSecurity Culture
Cybersecurity Culture

As Cybersecurity Awareness Month unfolds, let’s take a moment to reflect on the importance of cultivating a robust cybersecurity culture. In our increasingly digital world, where information flows freely and technology permeates every facet of our lives, safeguarding our digital assets is more critical than ever.

Cybersecurity isn’t just the job of UVA ITS; it's a shared responsibility that involves every member of the University community, students, staff, and faculty. A strong cybersecurity culture helps us all understand and mitigate risks, ensuring that our data, systems, and personal information remain secure. Here’s why fostering this culture is essential:

Prevention of Data Breaches: 
With the growing sophistication of cyber threats, a vigilant and informed community can be the first line of defense against data breaches. When everyone is aware of potential threats - such as phishing scams, malware, and ransomware - they are more likely to take proactive measures to prevent them. 

Safeguarding Sensitive Information: 
The University handles vast amounts of sensitive information, from academic records and research data to the personal details of students and staff. A culture that emphasizes the importance of data protection ensures that this information remains confidential and secure.

Promoting Safe Online Behavior: 
By embedding cybersecurity practices into daily routines, we can promote safe online behavior. This includes creating strong passphrases, regularly updating software, and being cautious about the information we share online.

Enhancing Response to Incidents: 
In the event of a cybersecurity incident, a well-informed community can respond more effectively. Awareness and training help individuals recognize and report suspicious activity quickly, minimizing potential damage.

We strive to promote a cybersecurity-conscious environment through several key elements. Education and training on cybersecurity best practices through annual courses, workshops, and online resources. The University provides clear policies and procedures on our website to help everyone understand their role in utilizing best practices to maintain security. We encourage the reporting of suspicious activities and provide support in addressing security issues.

As we observe Cybersecurity Awareness Month, let’s commit to strengthening our cybersecurity culture. By working together and embracing best practices, we can protect the University’s valuable digital assets and contribute to a safer, more secure academic environment. Let’s make every click, every login, and every online interaction count towards a more secure future.

Stay informed, stay vigilant, and let’s build a culture of cybersecurity that empowers us to secure our world.


 

Additional Resources

Cybersecurity Culture at UVA Video
The Importance of Cybersecurity Awareness Infographic
Cybersecurity Awareness Month Digital Signage

Week 2: Strong Passwords
Strong Passwords

Passwords are the keys to your digital kingdom. Use them wisely. 

Your passwords are the key to securing your systems, your accounts, and the University. Make your shield even stronger by using strong passwords. Cyber attackers have developed sophisticated methods to guess or brute force passwords, and they are continually getting better at it. This means they can compromise your passwords if they are short or easy to guess, such as your pet’s name. 

When creating a password, make sure to avoid using common words such as months, seasons, graduation, or birth years, etc.… Also avoid using University specific words like Wahoowa, Hoos, or Cavman. These are easily guessable. Remember, the more characters your password has, the stronger it is and the harder it is for an attacker to guess. 

Passphrases

While more secure, long, complex passwords can be difficult to remember. To help you create strong passwords that are easy to remember and type, create a passphrase instead. Passphrases are nothing more than a sentence or group of random words. For example, you can use a passphrase like:

Correct horse battery Staple

Notice how many characters this passphrase has, yet it’s easy to both type and remember. You can make any password or passphrase comply with any service’s complexity rules by replacing a letter with a number, such as replacing the letter “o” with the number “0”, using lower- and uppercase letters, or adding symbols, such as spaces or punctuation. 

In addition to creating strong passwords, be careful how you use them. Here are several key steps that will protect your passwords:

  • Use a different, unique password for each of your accounts. That way, if one of your accounts is hacked and your password is compromised, your other accounts are still safe.

  • Refer to UVA Information Security for more information on setting a secure passphrase.

  • Can't remember all your unique passwords? Consider using a password manager. This is a special program that securely stores all your passwords for you. You only need to remember the password to your password manager. The University provides LastPass for faculty, staff, and students.

Two-Factor Authentication

Many online accounts offer something called two-factor or two-step verification. This is where you need more than just your password to log in, such as codes sent to your smartphone, or codes generated by a token. Whenever possible, always enable stronger authentication methods like these. Solutions like two-step verification are one of the most effective steps you can take to protect your accounts. For more information about Duo, the University required two-factor authentication, click here.

3 Password Hygiene Tips

  1. Never share your password with anyone else, including fellow employees. Remember, your password is a secret; if anyone else knows your password, it is no longer secure. 

  2. Do not use public computers, such as those at hotels or libraries, to log into sensitive accounts, such as those for work or your online bank account. Since anyone can use these computers, they may be infected with malware that captures all your keystrokes. Only log into sensitive accounts from trusted computers or mobile devices you control.

  3. Finally, be careful of websites that require you to answer personal questions when creating an account. These questions are used if you forget your password and need to reset it. The problem is that answers to these questions are often public knowledge and can easily be found on the internet. Make sure that if you answer personal questions you use only information that is not publicly known.

If you accidentally share your password with someone else or believe your password may have been compromised or stolen, be sure to change it immediately and contact the UVA Help Desk or UVA Information Security.

Adapted from SANS Institute, Passwords

 

Additional Resources

Best Practices for UVA Passwords Video
6 Tips for Secure Passwords Infographic
Passwords Digital Signage

 

Week 3: Multi-Factor Authentication
Multifactor Authentication

As we observe Cybersecurity Awareness Month and embrace the theme of "Secure Our World," it's crucial to recognize and implement essential security measures that protect our digital environments. One such measure that significantly enhances our defense against cyber threats is Multi-Factor Authentication (MFA). MFA can serve a vital role in safeguarding our University community.

Multi-Factor Authentication (MFA) is a security protocol that requires users to verify their identity through multiple layers of authentication before accessing an account or system. Unlike traditional methods that rely solely on a password, MFA strengthens security by incorporating additional verification factors. These typically include:

1. Something you know like a password or PIN.

2. Something you have like a smartphone or security token.

3. Something you are like fingerprints or facial recognition.

Relying on passwords alone can leave systems vulnerable to cyberattacks such as phishing or brute force. MFA adds an extra layer of protection, making it significantly more difficult for unauthorized individuals to access sensitive information. If a password is compromised, MFA provides an additional barrier that prevents unauthorized access, protecting accounts even if credentials are stolen.

The University of Virginia uses the multi-factor authentication tool Duo. It integrates smoothly with existing University systems and applications, providing an additional layer of protection for University data. If you have additional questions about multi-factor authentication at the University, visit https://in.virginia.edu/2steplogin. Adopting MFA wherever possible can help secure our world.


Additional Resources
2 Step Verification Factsheet
Multi-Factor Authentication Digital Signage

Week 4: Spot the Phish
Spot the phish

As a member of our University community, it’s crucial to stay informed about the evolving tactics of cybercriminals, particularly phishing schemes. These fraudulent attempts to obtain sensitive information can target students, faculty, and staff alike, often masquerading as legitimate communications. Here are key indicators to help you identify phishing emails and protect your personal and university information.

1. URGENT Subject Lines

Phishing emails often create a sense of urgency to manipulate your emotions. Look for subject lines that demand immediate action or instill fear. Phrases like “Your account will be suspended!” or “Immediate action required!” are red flags. Be wary of emails that urge you to act quickly without providing sufficient context or verification.

2. Too Good to Be True Offers

Phishing attempts frequently use enticing offers to lure you in. If an email promises something that seems excessively beneficial, such as a large scholarship or unexpected funds, approach with caution. Cybercriminals often prey on curiosity and greed, so verify the legitimacy of such claims before taking any action.

3. Check the Sender's Address

Always scrutinize the sender's email address. Phishing emails often appear to come from official organizations, including your bank or the university, but a closer look may reveal that the “From” or “Reply-To” address is a personal account, such as one ending in @gmail.com. If the email seems suspicious, do not engage and report it to our IT department.

4. Generic Greetings

Phishing emails often start with generic salutations like “Hello Valued Customer” instead of using your name. This is a common tactic used by cybercriminals who may not know your identity and are casting a wide net. Legitimate communications from the university or other official entities typically address you by your name.

5. Pressure to Bypass Security Policies

Be cautious of any sender who pressures you to ignore security protocols or internal policies. Phishing emails may push you to act against standard practices, such as clicking on dubious links or providing sensitive information. Remember, no legitimate organization will ask you to compromise security for convenience.

6. Requests for Sensitive Information

If you receive an email asking for sensitive information—such as your password, bank account details, or credit card numbers—consider it a red flag. No reputable institution will request such information via email. Always use secure channels for sharing sensitive data and verify requests through official communication methods.

 

As we navigate the digital landscape, it’s imperative to remain vigilant against phishing attacks. If you encounter a suspicious email, do not engage. Instead, report it to our IT support team immediately. Together, we can create a safer environment for the University.

Report any suspected phishing emails to [email protected] and the using the Report Button in Outlook.

By staying informed and cautious, we can protect ourselves and our university from phishing threats. Remember, when in doubt, verify!

 

Additional Resources
7 Signs of Phishing Infographic

Phishing Can Happen to Anyone Digital Signage

Week 5: Install Updates and Patches
Install Updates and Patches

In today's digital landscape, where our University relies heavily on technology for research, teaching, and administration, keeping software and patches up to date is more crucial than ever. Regular updates not only enhance functionality but also play a pivotal role in ensuring the security and integrity of sensitive academic data.

One of the primary reasons for updating software is to mitigate security vulnerabilities. Cyberattacks targeting our University have become increasingly sophisticated, with hackers exploiting outdated software to gain unauthorized access to sensitive information. By promptly applying patches, institutions can defend against known vulnerabilities, reducing the risk of data breaches that can compromise both faculty and student information.

Software updates often come with performance improvements and new features that can enhance user experience. For faculty and students relying on specific applications for research and coursework, these updates can facilitate smoother operations and more effective tools. Staying current ensures that users benefit from the latest advancements, making work more efficient and productive.

While it may seem time-consuming or costly to implement regular updates, the potential savings far outweigh the investment. A single data breach can result in substantial financial losses, legal fees, and damage to the University's reputation. By prioritizing software updates, we can prevent incidents that would require costly recovery efforts.

Encouraging a proactive approach to software maintenance fosters a culture of cybersecurity awareness within our University community. By educating students and staff about the importance of updates, institutions empower individuals to take responsibility for their own digital safety. This collective vigilance can significantly enhance the overall security posture of the university.

In a world where technology is integral to academia, keeping software and patches up to date is not merely a best practice—it is a necessity. By prioritizing regular updates, we can protect sensitive data, improve operational efficiency, and ultimately foster a safer academic environment. 

Additional Resources
Benefits of Updates and Patches Infographic
Update Today Digital Signage