Welcome to week #1 of CSAM, Cybersecurity Awareness Month, with a focus on Be Cyber Smart, which is a reminder to implement cybersecurity best practices to keep your information safe. We encourage you to keep the following tips & reminders top of mind:
Phishing continues to be a serious threat
Everyone gets phished. It’s not “another person’s problem”. Simply clicking on a malicious link or attachment could compromise your device, data, identity and more. Do not click on embedded links or attachments in unexpected messages. Things to be on the lookout for in communications – a sense of urgency, an unfamiliar tone or language, offers that sound too good to be true, unusual requests and requests for sensitive information.
Social engineering only succeeds if you are tricked
Stay one step ahead of social engineers. Remember that scammers may target you in person or electronically, using email, SMS, phone calls, web pop-ups, malicious websites, and social media.
Strong passwords are key
A weak, reused or shared password can easily lead to password compromise and allow scammers to access your accounts. Use lengthy (12+ characters) passphrases that are unique to your life, so they’re hard to guess but easy for you to remember, e.g., “getting coffee at the corner deli is part of my morning routine”.
Treat mobile devices like personal computers, because they are. Good device hygiene includes regularly updating all devices
Keep all of your device operating systems, applications, browsers and browser plug-ins updated. Remove apps you no longer use. Updates address security vulnerabilities, which are possibly being exploited. Use VPN (virtual private network) in connection with Wi-Fi and disable auto connection to Wi-Fi and bluetooth when not in use.
Don’t underestimate the importance of physical security
Physical security is easy to implement but often overlooked, and it involves not letting unfamiliar people tailgate behind you as you swipe into restricted spaces, locking your screen and desk when you step away from your workstation, shredding or properly storing sensitive information you no longer need, and following a clean desk policy, which includes making sure none of your passwords are “on display” on a post-it or note and making sure that all sensitive information and devices have been secured.
Don’t forget about social media precautions
Social media has become a common place for cyber attacks to occur as well as a source of information for scammers who seek to harvest information and launch targeted attacks. Don’t be tricked by disinformation campaigns and phishing attempts. Apply the same level of caution and scrutiny to social media updates/posts that you apply to reviewing your email messages. Be careful not to overshare about yourself, others, or your employer, and do not connect with people you do not know. Be wary of requests for sensitive information and offers that sound too good to be true.
Remote work recommendations
Many of us may be working in a hybrid model or may be continuing with a fully remote schedule. For a refresh of NYU teleworking best practices, please see: NYU Tech Guide to Teleworking.
The importance of incident response
Please report known or suspected security incidents to security@nyu.edu.
More security tips & reminders to come as CSAM progresses. . . . happy fall!
