October: Cybersecurity Awareness Month

Deadline: 12 p.m., Oct. 18, 2023

Do you want to put your art and graphic design skills to the test, and help increase cybersecurity awareness? CSM is hosting a Student Cybersecurity Awareness Poster Contest to help spread awareness of Cybersecurity Awareness to the CSM community. Choose from one of the following themes to design your poster:

• Multifactor Authentication
• Password Security
• Software Updates
• Recognizing and Reporting Phishing

The winner of the contest will have their design displayed on all campuses, CSM social media, and the HawkTalk e-Newsletter. Share your skills and talents and join us in moving our community forward together in the cyberworld!

How to Enter the Contest: 

Complete Contest Entry Form

Poster submission size: 11" x 17"  or 24" x 36"

Once the form is received, a link to the MS Team Site will be emailed to the student to upload their design file.

Judging

The CSM Information Management team (IMT) shared Cybersecurity Awareness information to students at each of the campuses’ Fall Festivals the week of October 10. Students stopped by the IMT table for helpful tips on how to stay safe online and door prizes.

In January 2023, the CSM Information Management Team (IMT) and the Human Resources Division (HRD), recommended to the President’s Council, a requirement for mandatory, annual Cybersecurity training by all CSM employees.  The recommendation was made to increase the education, understanding, and knowledge of tips and best practices which help support safe and secure usage of IT resources. Most organizations, including the federal government, require an annual course in cybersecurity awareness training. 

The cybersecurity awareness training is important for our CSM users because it will:   

• teach CSM users internet safety tips and best practices, increase user awareness of activities they should avoid, and help users protect their computers, applications, and network devices from cyber-attacks. The training also helps users protect their online accounts from being hacked or stolen; 
• help prevent phishing attacks, decrease user susceptibility to phishing attacks, and reduce malware risks; 
• help prevent cyber-attacks by teaching users’ cybersecurity tips and best practices; and  
• help ensure the confidentiality, integrity, and availability of CSM data, systems, and applications.  

The new Cybersecurity Basic course will officially kick off this October 2023!  The IMT Network Security Team has partnered with faculty from the School of Professional and Technical Studies to offer 30 minute in-person and Zoom sessions through the month of October.  Please see the chart below for a list of full offerings. In addition to the in-person and Zoom sessions in October, IMT will continue to host additional in-person and Zoom sessions each month. Employees may choose to meet the new annual training requirement by attending an in-person session, Zoom session, or by completing the online course. Employees will have until September 2024 to complete the training requirement for the 2023-2024 year.  

How to Register:  

• To register for a Live Session in the month of October, log into NEOED and search Cybersecurity Live Training in the course catalog. This will pull up all the October Live/Zoom Sessions. You will be able to click on the session you’d like to attend by clicking enroll.  
• To register for the online self-paced course offered through the year, log into NEOED and search IMT-1145 in the course catalog. Click on enroll to register.  
• For more information on how to register for a course through NEOED Learn, please visit  IMT’s Technical Training Intranet page: https://csmd.sharepoint.com/sites/IMT/SitePages/Training/it-training.aspx.     

Multifactor Authentication Multi-factor authentication allows you to protect yourself in multiple ways. Wouldn’t it be nice if you could protect your password with another password? Multi-factor authentication gives you this power – think of it like placing your housekeys in a safety deposit box that can only be opened by a facial scan. In some cases, this metaphor isn’t far off from reality.

What is Multi-factor Authentication?

Multi-factor authentication is sometimes called two-factor authentication or two-step verification, and it is often abbreviated to MFA. No matter what you call it, multi-factor authentication is a cybersecurity measure for an account that requires anyone logging in to prove their identity multiple ways. Typically, you will enter your username, password, and then prove your identity some other way, like with a fingerprint or by responding to a text message.

Why go through all this trouble?

Because multi-factor authentication makes it extremely hard for hackers to access your online accounts, even if they know your password. It might seem like a lot of work, but once you have multi-factor authentication set up, proving your identity usually adds just a second or two to the log-in process. And the peace of mind multi-factor authentication provides is well worth it.

CSM does require multi-factor authentication for Microsoft M365, but we recommend that you implement multi-factor authentication for any account that permits it, especially any account associated with work, school, email, banking, and social media. For more information on CSM’s required multi-factor authentication visit: Multi-Factor Authentication (MFA) (csmd.edu).

Phishing Emails are a trap, don’t get Hooked!  Cybercriminals like to go phishing, but you don’t have to take the bait. Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device. No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit. Here are some quick tips on how to clearly spot a phishing email:

• Does it contain an offer that’s too good to be true?
• Does it include language that’s urgent, alarming, or threatening?
• Is it poorly crafted writing riddled with misspellings and bad grammar?
• Is the greeting ambiguous or very generic?
• Does it include requests to send personal information?
• Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
• Is it a strange or abrupt business request?
• Does the sender’s e-mail address match the company it’s coming from?
• Look for little misspellings like pavpal.com or anazon.com

 
Uh oh! I see a phishing email. What do I do?

 Don’t worry, you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition. If the email came to your csmd email, report it to the IMT Help Desk (help@csmd.edu) as quickly as possible. If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. Remember, DON’T CLICK ON LINKS, JUST DELETE. You can take your protection a step further and block the sending address from your email program. Here’s how to…

• Block a sender on Outlook
• Block a sender on Gmail
• Block a sender on Mac Mail
• Block a sender on Yahoo! Mail

 
Trust your gut and report suspicious emails

Report suspicious CSMD emails to the CSM IMT Help Desk:

help@csmd.edu    301-934-7740

Hours: M-TH 7:30 a.m. – 8:00 p.m., F 7:30 a.m. – 4:00 p.m.,

S 8:00 a.m. – 1:00 p.m., and Sundays (email only) 8:00 a.m. – 1:00 p.m.

Some email platforms let you report phishing attempts. If you suspect a personal email is phishing for your information, it’s best to report it quickly.

Here’s how:

• Report a phish on Outlook
• Report a phish on Gmail
• Report a phish on Mac Mail

You can also report a phishing attempt to the Federal Trade Commission here.

One of the easiest ways to boost your cybersecurity is to always keep software and apps updated. Every day, software and app developers focus on keeping their users and products secure. They’re constantly looking for clues that hackers are trying to break into their systems, or they are searching for holes where cybercriminals could sneak in, even if they’ve never been breached before. To fix these issues and improve security for everyone who uses their services, upstanding software companies release regular updates. If you install the latest updates for devices, software, and apps, not only are you getting the best security available, but you also ensure that you get access to the latest features and upgrades. However, you can only benefit if you update! Don’t fret, updating software is easy, and you can even make it automatic.

 Here are four easy-to-remember tips to keep in mind when it comes to updates:

1. Automatic updates make your life easier

You don’t have to check your Settings tab every morning – you can usually set up automatic updates so that updates are downloaded and installed as soon as they are available from the device, software, or app creator. Note that you might have to restart your device for the updates to fully install. It is best to do this right away, but you can often schedule this to happen during times when you aren’t using your device, like the middle of the night. Plenty of us stay lazy and secure – although you probably should check your software update settings every so often (quarterly is good) to ensure everything is set to your liking!

2. Get Updates from the source

Before downloading anything, especially software and app updates, be sure you know the source. Only download software to your computer from verified sources, and only download apps from your device’s official app store. The device, software, or app developer itself should be sending you updates, not anyone else. And remember, pirated, hacked, or unlicensed software can often spread malware, viruses, or other cybersecurity nightmares to your network. Ruining your computer, phone, tablet, or other device isn’t worth it!

3. Don't fall for fakes!

On the web, you’ve probably come across suspicious pop-up windows that urgently demand you download a software update. These are especially common on shady websites or if there is malware already on your machine. These are always fake – they are attempts at phishing. Don’t click any buttons on these pop-ups and close your browser. Many web browsers will warn you if you are attempting to visit an unsecure web address or one that could contain malware. Heed these warnings and don’t take the bait!

4. Make it a habit

Even if you don’t have automatic software updates turned on, make updating your device, software, and apps a regular habit. Oftentimes, you will be notified that updates are available. Even if it is a pain to close out of your programs and restart your device, it is worth it to do this right away, especially if the update patches an urgent security flaw. You should check your app and device settings on a regular basis, and you should check monthly if you don’t have automatic updates turned on (although weekly is better). Remember that updates are part of our digital lifecycle, and if you embrace them, you’ll have more peace of mind, the latest security, and the best new features!