Academic institutions of all sizes have become attractive targets for cyber-criminals and hackers similar to much larger merchant companies, financial services firms and government agencies. It’s important that we understand how to detect and protect ourselves from these attempts to steal and misuse our personal, confidential, financial, and institutional information. Since the use of computers, smartphones, public kiosks, “free” Wi-Fi services and complimentary software applications is prevalent across society, the risks of your data being stolen has grown.
To help you better understand the risks of your data, identity and assets being misappropriated, this website has been developed to communicate the processes and techniques used by criminals to capture your data and what you can do to protect it. Being knowledgeable, aware and vigilant are your key tools to secure against these threats.
Keeping you, and your data safe in an ever-changing world is not easy. No one should be expected to simply know things, without help.
Cybersecurity is the practice of protecting computers, websites, and other local and network systems from digital-based attacks. These attacks are aimed at gathering your personal and professional information, as well as that of your friends, loved ones, and the data of the institutions you attend or work for.
Without cybersecurity awareness all of our data, both personal and institutional, is at greater risk. Increased risk of identity theft, monetary loss, and the loss of information are all effects of a lack of awareness. Knowing what to look for and being familiar with the most common ways your information can be stolen and siphoned off protects you. Awareness is akin to knowing to lock your door when you leave your house.
National Cybersecurity Awareness Month (NCAM) happens yearly each October, and is a joint effort between various industries and the government to help educate and spread awareness of resources that will contribute to their safety online.
Cybersecurity awareness and concern must be included in all of our daily rituals.
Viruses and worms can install themselves in your system without you even knowing it. Once they do, they can use your machine as a base of operations to monetize your system for their benefit. This can be done by forcing ad pop-ups on you, collecting your private data and sending it off to a central location behind the scenes, collecting corporate data and siphoning that off, and more.
Malware is a large umbrella term that encompasses many different forms of attack. The important things to remember are to always report strange events on your machine, to be very careful what you click on and what suspicious emails you open.
Always be aware of links on websites, that they go where they say they do. You can see, on the lower status bar of most modern browsers, the actual destination of the link you intend to follow.
Also, for emails, ensure they are from who they say they are and that any links or attachments within the email are expected before you follow them.
Spam is one of the oldest forms of cybersecurity risk. Though most spam is simply clutter, taking up your time, there are still large groups that use spam to spread every kind of cybersecurity risk we can imagine. Spam, unwanted email from strangers, is often filled with phishing attempts, malware, and more.
Phishing scams actively try to fool you to gather personal and institutional information.
These emails often impersonate people you know: coworkers, school administrators and faculty, financial institutions, service desks and even your personal friends.
The goals of phishing attempts are one of two things:
Below is an example of a phishing email. Note the following:
For a further example, see the email below and note the following:
A whaling attack, also known as whaling phishing, is a specific type of phishing attack that targets high-profile staff or faculty at institutions in order to steal sensitive information. In many whaling phishing attacks, the attacker’s goal is to manipulate the victim into authorizing high-value wire transfers to the attacker.
Pharming is an attempt to redirect traffic from its supposed destination to one the attacker has decided on. This way they can gather information such as account numbers, passwords, and more.
Spyware is often a small program installed on your computing device without asking via a website that a pharming attack took you to, or a spam email linked you to, or carried as an attachment, that will then sit on your computer and send your personal information to a repository. The information collected may include passwords, as well as personal and corporate documents.
Social media sites can be a fantastic way to connect to friends and family, but they are also places users need to be extra careful. Be wary of sharing too much personal information, as this data can be used to guess at passwords and even answer security questions. Be extra critical of strangers, and remember it is easy to claim to be someone, even an expert, without needing to offer proof.
Social media is also a hotbed of bad data, news and other information that may sound good to you but that is factually false, and that can even put you at risk. Always double check sources or information and be skeptical.
Change passwords frequently and never reuse passwords; that way your security will be enhanced.
If you suspect you have been phished you will want to take several steps as soon as possible:
Step 1: Change any passwords on institutional and personal accounts you think may have been compromised, but do so from a different device than the machine in question. Remember if your computer is infected, any new password may be stolen as you type it.
Step 2: Run your anti-virus software.
Step 3: Alert MSM’s Help Desk.
DO keep your computing software up-to-date to install the latest security patches and help block spyware and malware.
DO use different passwords for every account you use so a stolen password has minimal effect on your other accounts.
DO update your passwords regularly so if a password is stolen, it will not grant access to information for long.
DO use complex passwords that are harder for criminals to guess.
DON’T trust all emails by default. Always think before you click a link or reply to an email. If you aren’t expecting the email or the email seems out of place, consider it carefully. Look for links that say they are going to one site but actually lead to another. Check all links carefully by hovering over the link name.
DON’T open suspicious or unexpected attachments. They are often payloads for spyware and malware. Consider where they came from and if they are something you expected to receive.
DON’T count on antivirus and anti-malware software alone to protect you. You must also be aware and critical of your own internet habits to ensure your safety online.
For questions or assistance, please contact the MSM Help Desk:
130 Claremont Avenue
New York, New York 10027
(will be sent in email)