Awareness Training/ Malware & Phishing Efforts
The best ways to inform campus IT users with methods which increase knowledge and foster good computing habits is through IT security awareness training.
At an institution as large as ours, the IT user's role is governed by several multi-faceted processes, procedures and policies. Each process, procedure and or policy is designed to preserve the integrity and availability of institutional data worked with and to ensure a reasonable expectation of privacy, without infringing on the overall mission of the University.
The awareness training materials offered to campus include a combination of seminars/presentations, online resources and printed materials. The following links offer guidance to the appropriate online best practices, policies and tools to increase awareness efforts as they relate to each individual's role safeguarding IT security and privacy on campus.
Compliance Training
Compromised accounts/systems are usually as a result of a user falling for some form of cleverly worded social engineering trick. These ploys get users to give out personal information such as the HawkID and pass phrase, which allow criminals access to provisioned campus systems and services their accounts have access to. Manipulation attacks could likewise entice users to click a link that brings them to an infected website. Malware that infecting systems this way, usually hook in and take hold via vulnerabilities from the unpatched or out of date system.
We have all heard the saying that there is strength in numbers. Without team effort, many projects and processes fail. A team only succeeds when all of the members understand the team goals, individual roles and how each person’s performance and commitment contribute to achieving the goals of the group.
Individuals should be encouraged to toughen and tighten up as much of their personal environment as they can, with the idea that if each team member does so; the result is an overall almost impermeable barrier to attack. Compliance is everyone’s responsibility. For more information on what you can do to secure your personal workstation look at the resources below.
Anti-Phishing Resources
Defending against Spam
Phishing
How to spot fake e-mail addresses
How to Recognize and Avoid a Phishing Scam,
Recognizing a deceptive web links
Spotting a deceptive web address
How to identify a forges email address
Below are links to external web resources that can help users get up to speed on the various tactics hackers use to manipulate you for your information.
OnGuardOnline.gov - Phishing game:
- https://consumer.ftc.gov/scams
- http://phish-education.apwg.org
- http://www.onguardonline.gov/phishing
CISA - Cyber Essentials Tool kits - https://www.cisa.gov/publication/cyber-essentials-toolkits
USA Learning
- https://securityawareness.usalearning.gov/cdse/multimedia/games/cybertrivia/index.html
- https://securityawareness.usalearning.gov/cdse/multimedia/games/TomorrowsInternet/story.html