Cybersecurity Awareness

October 2024

National Cyber Security Awareness Month

October is National Cyber Security Month, and our campus is working to bring you a diverse selection of webinars this year.  In collaboration with the CSU system, we want to promote speakers, seminars, and presentations currently numbering over 35 sessions , addressing such topics as AI, hacking and fraud, phishing, various talks by the FBI, and more.  Please visit  to learn more and register.

We will have our weekly Cyber Clinics via Zoom, where you can drop in and ask questions about current security issues and concerns.  The schedule for those will be sent via email each week.

 

 

Current Risk Topics

 

 

World Events 

With recent events in the news like Ukraine and Russia, we know you have questions and concerns.  One of those may be about cybersecurity, and are you or the campus at risk?   We don’t have all the answers, nor do we know what will happen next.  We do know that, from a cybersecurity standpoint, it is important to focus on the fundamentals of security awareness, which are key to protecting yourself both at home and at work. While the sense of urgency may have changed, how cyber attackers target us has not.

By fundamentals, we mean focusing on these three key points. 

  • Phishing: Phishing and related scams are when cyber attackers attempt to trick or fool you into doing something you should not do.   Often these scams are sent as emails, but they can also try to trick you with text messaging, phone calls, or on social media.  Anytime someone is creating a tremendous sense of urgency and rushing you to take an action, or someone is promoting an offer that is too good to be true, this is most likely an attack.

  • : Strong passwords are the key to protecting your online, digital life.  Make sure each of your accounts is protected by a unique, long password. The longer your password the better.  To keep it simple, use passphrases, a type of password made up multiple words like “honey-butter-happy”.  Whenever possible, enable Multi-Factor Authentication (MFA) on your important accounts, as we have with Duo for your campus account.

  • :  Keep your computers, devices and apps updated and current by enabling automatic updating on all your devices. Cyber attackers are constantly looking for new vulnerabilities in the devices and software you use.  Keeping them automatically updated makes sure these known weaknesses are fixed and your devices have the latest security features.

In addition, there is going to be a tremendous amount of false information spread on the Internet.  Do not trust or rely on information from new, unknown or random social media accounts, such as posts on LinkedIn, Instagram, Facebook or Twitter.  Many accounts on these sites were created for the sole purpose of putting out fake information.  Instead, follow only well-known, trusted news sources who verify the authenticity of information before they broadcast it.  Finally, if you wish to donate to any causes in support of recent events, once again make sure you are donating to a well-known, trusted charity.  There will be many scams attempting to trick people into donating to fake charities ran by cyber criminals. 

If you accidentally send your account credentials via email, immediately change your password by following the steps listed at /netid/.  Contact the ITS Service Desk at  to submit a ticket or to speak with a technician.  If you receive an email that you believe could be a phishing message, forward it to the Information Security Office at iso@csueastbay.edu.  

 

 

NSA Guidance on Securing Wireless Devices While in Public 

The National Security Agency (NSA) has an information sheet with guidance on securing wireless devices while in public.  These recommendations apply to government teleworkers as well as the general public, and include steps you can immediately take. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.

Some of the key points:

  • Avoid connecting to public wifi, such as those offered by coffee shops or airports.
  • Turn off Bluetooth when you are not actively using it.
  • Keep your devices updated, and never unattended.
  • Reboot mobile phones periodically.
  • Use Multi-Factor Authentication wherever possible.

References:

The announcement and link to the full information sheet about securing wireless devices in public can be found at: 

 

 

References:

More information about Phishing can be found on this page: /security/protect-yourself-from-phishing.html

 

"Zoom Bombing" - Protect Yourself While Teleconferencing with Zoom

Hijacking of Zoom teleconferences, known as “Zoom-bombing”, can take place if the proper security options are not used when scheduling a teleconference.

Each virtual teleconference application has its own unique settings and configurations, with Zoom being no different.  The ISO recommends the following steps be taken to increase the security of your Zoom sessions:

  • Require registration, and allow only authenticated users to join your meeting.
  • Disable join before host, and use the “waiting room” feature to control attendees.
  • Do not share links to your session publicly (like using social media). Instead, send the link directly to specific users.
  • Keep your session private: require a meeting password.
  • Set screen sharing to “Host Only”.
  • Put suspicious attendees “on hold”, blocking their audio and video connection without removing them from your session. Then, you can verify their identity, and re-add or drop them entirely.
  • Enable “Mute Upon Entry”.
  • Turn off file transfer and annotation, and disable private chat for your attendees.

Please note: during any online conferencing, be aware of what type of information is being shared.  While you may not be actively recording the Zoom meeting using the software directly, there is no method to determine another remote user is not recording their screen.  The CSU has “Data Classifications” that identify what types of information may fall into which category, so be thoughtful about what you might be discussing. 

If you have any questions about securing Zoom, please contact the Information Security Office at iso@csueastbay.edu.

References:

Data Classifications:

/security/information-security-policy/level-1-data-examples.html

 

The FBI movies on cyber security awareness:

The Company Man: Protecting America's Secrets - A short film aimed at educating anyone with a trade secret about the threat and how they can help mitigate it. Based on an actual case, The Company Man: Protecting America's Secrets illustrates how one U.S. company was targeted by foreign actors and how that company worked with the FBI to resolve the problem and bring the perpetrators to justice.

View this movie online .

Game of Pawns - To help raise awareness of the foreign intelligence recruitment threat to U.S. college students while studying overseas, the FBI offers a variety of useful resources, including the below interview with a former student caught up in illegal activity.

View this movie online .

Who should I contact if I have more questions?

Please contact the Information Security Office at: iso@csueastbay.edu