October is Cybersecurity Awareness Month!

Do Your Part. #BeCyberSmart2
Cybersecurity is Everyone's Job
October means CSAM
Week 1_ Be Cyber Smart3
Week 2_ Fight the Phish3
Week 1_ Be Cyber Smart1
Do Your Part. #BeCyberSmart2
Cybersecurity is Everyone's Job
October means CSAM
Week 1_ Be Cyber Smart3
Week 2_ Fight the Phish3
Week 1_ Be Cyber Smart1
previous arrow
next arrow

Held every October, Cybersecurity Awareness Month (CSAM) is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats.

Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. SUNY College of Optometry is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security.


Cybersecurity Awareness Month’s overarching theme for 2022 is: “See Yourself in Cyber”.

This year’s theme demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future.


Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a seemingly endless newscycle dedicated to cybersecurity mishaps and concerns. And with this onslaught of negative news, it can be easy for everyday individuals to become overwhelmed and to feel powerless in the face of the “insurmountable” threats posed by cybersecurity. But in actuality nothing could be further from the truth.

With all of the jargon that is typically thrown around in relation to cybersecurity there is a longstanding misperception that cybersecurity is beyond everyday people and that it should be left to the professionals. Moreover, there is a prevailing sense among the public that breaches are simply a fact of life and that we should just learn to deal with them. But this just isn’t true. In fact, everyday people have a huge role to play in cybersecurity threat prevention, detection, and remediation. For example, according to IBM, 95% of breaches have human error as a main cause. Therefore, everyday day technology users are very much the first line of defense when it comes to thwarting cybercrime. Unfortunately though, many individuals are not aware of some of the best practices for boosting cybersecurity and how easy they are to use.


This year, the Cybersecurity Awareness Month’s main focal areas revolve around four key fundamental cybersecurity best practices that everyday people can implement today to enhance their own cybersecurity and create a more secure world for everyone:

Recognize and Report Phishing

Recognizing and reporting phishing – still one of the primary threat actions used by cybercriminals today.

Use Strong Passwords and a Password Manager

Understanding the benefits of using a password manager and dispelling existing myths around password manager security and ease of use.

Enable Multi-Factor Authentication

Enabling multi-factor authentication on personal devices and business networks.

Update Your Software

Installing updates on a regular basis and turning on automated updates.

2022 Cybersecurity Awareness Month Topics

Recognize and Report Phishing
Read More

Recognize and Report Phishing

When criminals go phishing, you don’t have to take the bait.

Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for.


FACTS AND FIGURES

  • 38% of cyber attacks on US companies involve phishing. (Parachute)
  • 72% of respondents reported that they checked to see whether messages were legitimate (i.e. phishing or a scam) compared to 10% who reported not doing so. (NCA)
  • Only 60% of adults could define what “phishing” is. (Google)

See it so you don’t click it.

The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:

  • Contains an offer that’s too good to be true
  • Language that’s urgent, alarming, or threatening
  • Poorly-crafted writing with misspellings, and bad grammar
  • Greetings that are ambiguous or very generic
  • Requests to send personal information
  • Urgency to click on an unfamiliar hyperlinks or attachment
  • Strange or abrupt business requests
  • Sending e-mail address doesn’t match the company it’s coming from

Oh no! I see a phishing email. What do I do?

Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.

If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.

If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.

Here’s how to…


Let them know.

Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly.

Here’s how to…


ADDITIONAL RESOURCES

Phishing Tip Sheet (CISA)
Phishing Infographic (NCSA)
To Click or Not To Click: That is the Question (NCSA)
Attack Spotlight: Microsoft Office 365 Credential Phishing (ProofPoint)
Attack Spotlight: OneDrive Phishing Campaign (ProofPoint)
Attack Spotlight: Scammers Mimic Real Banking Emails (ProofPoint)
How to Recognize and Avoid Phishing Scams (FTC)
Spotting a Vaccine Phishing Scam: Can You Find the Red Flags? (NCSA)

Use Strong Passwords and a Password Manager
Read More

Use Strong Passwords and a Password Manager

Don’t take a pass on password managers.

As our lives expand while we do more online, we’ve gone from having just a couple of passwords to today, where we might manage upwards of 100 or more. If you’re like most people, you’re probably using the same password for most of your accounts—and that’s not safe. If your one password gets stolen because of a breach, it can be used to gain access to all your accounts and your sensitive information. But no need to fret, password managers are easy to use and make a big difference.


FACTS AND FIGURES

  • 81% of the total number of breaches leveraged stolen or weak passwords. (LastPass)
  • 28% of adults in the US use the same password for all of their online accounts. (Business Insider)
  • Only 12% of the participants reported using a stand-alone password manager application with another 11% saving their passwords in their browser. (NCA)

Easily manage all your passwords.

So the best way to manage unique passwords for the ever-increasing amount of online accounts we own is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.

Because the password manager stores all your passwords, you don’t need to memorize hundreds of passwords or keep that secret password paper in your drawer. Now, you only need to remember one to unlock your password vault in the manager app, so it makes things so much easier.


What are the advantages of a password manager?

Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages as well.

  • Saves time
  • Works across all your devices and operating systems
  • Protects your identity
  • Notify you of potential phishing websites

Additional Resources

Cybersecurity Basics: Passwords & Password Management tipsheet (CISA)
Passwords Infographic (NCSA)
Using Strong Passwords and a Password Manger (NCSA)
Tips for Better Passwords (Consumer Reports)

Enable Multi-Factor Authentication
Read More

Enable Multi-Factor Authentication

Always enable multi-factor authentication.

It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.


FACTS AND FIGURES

  • Only 26% of companies use multi-factor authentication. (LastPass)
  • Two-factor authentication has become more popular over the last two years, with 79% of US/UK respondents saying they used it in 2021, compared to 53% who used it in 2019. (Duo Labs)
  • SMS text messages are the most common second factor US/UK users choose when logging into two-factor authentication accounts, at 85%. (Duo Labs)

How does MFA work?

By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.

MFA can include:

  • A extra PIN (personal identification number)
  • The answer to an extra security question like, “What’s your favorite pet’s name?”
  • An additional code either emailed to an account or texted to a mobile number
  • A biometric identifier like facial recognition or a fingerprint
  • A yes or no button or unique number generated by an authenticator app (like those from Microsoft, Google or Duo)
  • A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system

What type of accounts offer MFA?

Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. Simply put, use MFA everywhere!


Additional Resources

Enabling Multi-Factor Authentication (NCSA)
Nail The Basics Of Cybersecurity With Multi-Factor Authentication (Forbes)

Update Your Software
Read More

Update Your Software

One of the easiest ways to keep your information secure is to keep your software and apps updated.

Update often.

Always keep your software updated when updates becomes available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.


FACTS AND FIGURES

  • 68% of the participants reported installing the latest updates and software as soon as these are available. (NCA)
  • Of those who reported installing the latest updates to their devices, 45% had turned on automatic updates. A further 21% noting that they take immediate action when they receive a notification. (NCA)
  • Just 20% of Android devices use the latest and safest OS version. (Symantec)

Get it from the source.

When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.


Make it automatic.

Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.


Watch for fakes!

Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not
be secured or it could contain malware.


ADDITIONAL RESOURCES

Cybersecurity 101 Tip Sheet (CISA)
Why is Cybersecurity Important? (CISA)
Software Updates Infographic (NCSA)
Software Updates (NCSA)
Understanding Patches and Software Updates (CISA)


SUNY College of Optometry is

recognized as a CSAM Champion!  

The Cybersecurity Awareness Month Champions represent those dedicated to promoting a safer, more secure and more trusted internet.

Champions include companies and organizations of all sizes, schools and school districts, colleges and universities, nonprofits, government organizations and individuals.


Cybersecurity Awareness Month Champion

Additional information and resources on cyber issues and implementing sound cyber security practices are also available at the following websites:

  • Cybersecurity 101 (CISA)
  • U.S. Department of Homeland Security “Be Cyber Smart”
  • Cybersecurity and Infrastructure Security Agency (CISA)