October is Cybersecurity Awareness Month!

Do Your Part. #BeCyberSmart2
Cybersecurity is Everyone's Job
October means CSAM
Week 1_ Be Cyber Smart3
Week 2_ Fight the Phish3
Week 1_ Be Cyber Smart1
Do Your Part. #BeCyberSmart2
Cybersecurity is Everyone's Job
October means CSAM
Week 1_ Be Cyber Smart3
Week 2_ Fight the Phish3
Week 1_ Be Cyber Smart1
previous arrow
next arrow

Cybersecurity Awareness Month (CSAM) is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations, tribal communities, and individuals committed to educating others on online safety. Now in its 20th year, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices.

SUNY College of Optometry is proud to be recognized as a CSAM Champion supporting this online safety and education initiative, co-managed by the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security.

From mobile to connected home devices, technology is deeply intertwined with our lives. And while the evolution of technology accelerates, cybercriminals are working just as hard to find ways to compromise technology and disrupt personal and business life. Cybersecurity Awareness Month aims to highlight some of the emerging challenges that exist in the world of cybersecurity today and provide straightforward actionable guidance that anyone can follow to create a safe and secure digital world for themselves and their loved ones.

Secure Our World

Starting this year, a brand new, enduring theme was launched that will be used year-round and in future Cybersecurity Awareness Months. “Secure Our World” is a new awareness campaign that aims to broadly promote cybersecurity tips and best practices year-round for all individuals.

Cybersecurity Behaviors

In support of this new campaign, Cybersecurity Awareness Month will be focusing on four key cybersecurity behaviors throughout October:

Use Strong Passwords and a Password Manager

Strong passwords are long, random, unique and include all four character types (uppercase, lowercase, numbers and symbols). Password managers are a powerful tool to help you create strong passwords for each of your accounts.

Turn On Multifactor Authentication (MFA)

You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable MFA on all your online accounts that offer it, especially email, social media and financial accounts.

Recognize and Report Phishing

Be cautious of unsolicited messages asking for personal information. Avoid sharing sensitive information or credentials with unknown sources. Report phishing attempts and delete the message.

Update Your Software

Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check for updates if automatic updates are not available.

We can all collaborate to build a safer, more trusted digital world! By learning these four simple behaviors to stay safe online at home, work and school, and sharing these tips with our community, we can all become significantly safer online.

2023 Cybersecurity Awareness Month Topics

Use Strong Passwords and a Password Manager
Read More

Use Strong Passwords and a Password Manager

As our online lives expand, the average user has gone from having just a few passwords to now managing upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. Password managers can save users the trouble of having to remember multiple passwords and make accounts safer by recommending strong, unique passwords and storing them all in one place.

Facts and Figures

  • Only 33% of individuals create unique passwords for all accounts (NCA)
  • 28% of adults in the US use the same password for all of their online accounts. (Business Insider)
  • Only 18% of individuals have downloaded a password manager (NCA)

Tips and Advice

Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be cracked by computer hackers. The good news is that strong passwords are one of the easiest ways to protect your accounts from compromise and reduce the risk of someone stealing sensitive information, data, money, or even your identity.

Strengthen Your Passwords with These Tips

  1. Longer is stronger: Passwords with at least 12-16 characters are hardest to crack.
  2. Hard to guess: Use a random string of mixed-case letters, numbers and symbols. If you need to memorize a password, create a memorable “passphrase” of 5 – 7 unrelated words. Get creative with spelling and/or add numbers or symbols.
  3. One of a kind: Use a unique password for each account.

Remembering long, unique passwords for every account in our lives is impossible. Rather than write them down or reuse weak passwords, use a password manager.

Password managers generate complex and unique passwords for you, store them all in one place and tell you when you have weak, re-used passwords, or compromised passwords. They can also automatically fill credentials into sites and apps using a secure browser plugin. You only need to remember one master password—the one for accessing the password manager itself. (Tip: Create a memorable long “passphrase” as described above and NEVER write your master password down.

Additional Resources

Cybersecurity Basics: Passwords & Password Management tipsheet (CISA)
Passwords Infographic (NCA)
Using Strong Passwords and a Password Manger (NCA)
Tips for Better Passwords (Consumer Reports)

Turn On Multifactor Authentication (MFA)
Read More

Turn On Multifactor Authentication

In a recent National Cybersecurity Alliance survey, 57% of respondents said they have heard of multifactor authentication (MFA), but many people don’t realize that multifactor authentication is an incredibly important layer of protection in keeping accounts secure. This month, we’re showing others how easy it is to turn on MFA whenever possible.

Facts and Figures

  • Of those who have heard of MFA, 79% had applied it to their online accounts. (NCA)
  • Of that number, 94% said they are still using MFA, showing that once MFA is enabled, users willkeep using it. (NCA)
  • SMS text messages are the most common second factor US/UK users choose when logging into two-factor authentication accounts, at 85%. (Duo Labs)

Tips and Advice

MFA provides extra security by providing a secondary method confirming your identity when logging into accounts. MFA usually requires you to enter a code sent to your phone or email, or one generated by an authenticator app. Push notifications are also common methods of MFA. This added step prevents unauthorized users from gaining access to your accounts, even if your password has been compromised.

Follow these Steps to Turn on MFA

  • Open your app or account settings
    • It may be called Account Settings, Settings & Privacy or similar.
  • Turn on multifactor authentication
    • It may also be called two-factor authentication, two-step authentication or similar.
  • Confirm
    • Select an MFA method to use from the options provided. Examples are:
      • Receiving a code by text or email
      • Using an authenticator app: These phone-based apps generate a new code every 30 seconds or so.
      • Biometrics: This uses facial recognition or fingerprints to confirm your identity.

What type of accounts offer MFA?

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. Simply put, use MFA everywhere!

Additional Resources

Enabling Multi-Factor Authentication (NCA)
Nail The Basics Of Cybersecurity With Multi-Factor Authentication (Forbes)

Recognize and Report Phishing
Read More

Recognize and Report Phishing

Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. It’s important every individual stop and think before clicking on a link or opening an attachment and know how to spot red flags. Cybersecurity Awareness Month 2023 guidance provides the tools needed to recognize and report phishing it to their organization or email provider.

Facts and Figures

  • 47% of the participants said they used the reporting capability on a platform (e.g. Gmail, Outlook) “very often” or “always”. (NCA)
  • 72% of respondents reported that they checked to see whether messages were legitimate (i.e. phishing or a scam) compared to 10% who reported not doing so. (NCA)
  • Only 60% of adults could define what “phishing” is. (Google)

Tips and Advice

Phishing occurs when criminals try to get you to open harmful links or attachments that could steal personal information or infect devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get you to respond. The good news is you can avoid the phish hook and keep accounts secure!

Follow these Top Tips

  1. Recognize – Look for these common signs:
    • Urgent or alarming language
    • Requests to send personal and financial information
    • Poor writing, misspellings, or unusual language
    • Incorrect email addresses, domain names, or links (e.g. amazan.com)
  2. Report – If you suspect phishing, report the phish to protect yourself and others.
    • Know your organization’s guidance for reporting phishing. If your organization offers it, you may find options to report via the “report spam” button in your email toolbar or settings.
    • For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message.
  3. Delete – Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

Additional Resources

Phishing Tip Sheet (CISA)
Phishing Infographic (NCA)
To Click or Not To Click: That is the Question (NCA)
Attack Spotlight: Microsoft Office 365 Credential Phishing (ProofPoint)
Attack Spotlight: OneDrive Phishing Campaign (ProofPoint)
Attack Spotlight: Scammers Mimic Real Banking Emails (ProofPoint)
How to Recognize and Avoid Phishing Scams (FTC)
Spotting a Vaccine Phishing Scam: Can You Find the Red Flags? (NCA)

Update Your Software
Read More

Update Your Software

Approximately 2 in 5 survey respondents say they either “sometimes,” “rarely,” or “never” install software updates (NCA). One of the easiest ways to protect accounts and information is to keep software and applications updated. Updates are periodically released to fix software problems and provide security patches for known vulnerabilities. This Cybersecurity Awareness Month, don’t hit the “remind me later” button. Take action to stay one step ahead of cybercriminals.

Facts and Figures

  • 36% of survey participants reported installing the latest updates and software as soon as they became available. (NCA)
  • Of those who reported installing the latest updates to their devices, 62% had turned on automatic updates. (NCA)
  • Just 20% of Android devices use the latest and safest OS version. (Symantec)

Tips and Advice

Keeping software up to date is an easy way improve your digital security. For added convenience, turn on the automatic updates in your device or application security settings! Set it and forget it!

  1. Check for notifications
  2. Devices and applications will usually notify you when the latest software updates become available, but it’s important to check periodically as well. Software updates include devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for web browsers and antivirus software, or apps with financial or sensitive information.

  3. Install updates as soon as possible
  4. When a software update becomes available, especially critical updates, be sure to install them as soon as possible. Attackers won’t wait, and you shouldn’t either!

  5. Turn on automatic updates
  6. With automatic updates, devices will install updates as soon as they become available—Easy! To turn on the automatic updates feature, look in the device settings, usually under Software or Security.

Watch for fakes!

Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured or it could contain malware.

Additional Resources

Cybersecurity 101 Tip Sheet (CISA)
Why is Cybersecurity Important? (CISA)
Software Updates Infographic (NCA)
Software Updates (NCA)
Understanding Patches and Software Updates (CISA)

SUNY College of Optometry is

recognized as a CSAM Champion! 

The Cybersecurity Awareness Month Champions represent those dedicated to promoting a safer, more secure and more trusted internet.

Other CSAM Champions include companies and organizations of all sizes, schools and school districts, colleges and universities, nonprofits, government organizations and individuals.

2023 Cybersecurity Awareness Month Champion

Additional information and resources on cyber issues and implementing sound cyber security practices are also available at the following websites:

  • Cybersecurity 101 (CISA)
  • U.S. Department of Homeland Security “Be Cyber Smart”
  • Cybersecurity and Infrastructure Security Agency (CISA)