Awareness Training/ Malware & Phishing Efforts

The best ways to inform campus IT users with methods which increase knowledge and foster good computing habits is through IT security awareness training.

At an institution as large as ours, the IT user's role is governed by several multi-faceted processes, procedures and policies. Each process, procedure and or policy is designed to preserve the integrity and availability of institutional data worked with and to ensure a reasonable expectation of privacy, without infringing on the overall mission of the University.

The awareness training materials offered to campus include a combination of seminars/presentations, online resources and printed materials. The following links offer guidance to the appropriate online best practices, policies and tools to increase awareness efforts as they relate to each individual's role safeguarding IT security and privacy on campus.
 

Compliance Training

Compromised accounts/systems are usually as a result of a user falling for some form of cleverly worded social engineering trick. These ploys get users to give out personal information such as the HawkID and pass phrase, which allow criminals access to provisioned campus systems and services their accounts have access to. Manipulation attacks could likewise entice users to click a link that brings them to an infected website. Malware that infecting systems this way, usually hook in and take hold via vulnerabilities from the unpatched or out of date system.

We have all heard the saying that there is strength in numbers. Without team effort, many projects and processes fail. A team only succeeds when all of the members understand the team goals, individual roles and how each person’s performance and commitment contribute to achieving the goals of the group.

Individuals should be encouraged to toughen and tighten up as much of their personal environment as they can, with the idea that if each team member does so; the result is an overall almost impermeable barrier to attack. Compliance is everyone’s responsibility. For more information on what you can do to secure your personal workstation look at the resources below.

Anti-Phishing Resources

Defending against Spam
Phishing

How to spot fake e-mail addresses
      How to Recognize and Avoid a Phishing Scam,
      Recognizing a deceptive web links
      Spotting a deceptive web address
      How to identify a forges email address

Below are links to external web resources that can help users get up to speed on the various tactics hackers use to manipulate you for your information.

OnGuardOnline.gov - Phishing game:

• https://consumer.ftc.gov/scams
• http://phish-education.apwg.org
• http://www.onguardonline.gov/phishing

CISA - Cyber Essentials Tool kits - https://www.cisa.gov/publication/cyber-essentials-toolkits

USA Learning

• https://securityawareness.usalearning.gov/cdse/multimedia/games/cybertrivia/index.html
• https://securityawareness.usalearning.gov/cdse/multimedia/games/TomorrowsInternet/story.html