Throughout October, WPI's Information Security team offers tips and resources to keep logins, online activity, devices and data safe. Since 2004, Cybersecurity Awareness Month has been a collaborative effort between government and industry to ensure that all Americans have the information they need to stay safer and more secure online. Co-led by the National Cyber Security Alliance (NCSA) and the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA), WPI has joined as a champion to educate our community!
As CISA explains, "This year’s theme — See Yourself in Cyber — demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people . NCSAM will focus on the “people” part of cybersecurity, providing information and resources to help educate our community, enabling all individuals to make smart decisions whether on the job, at home or at school – now and in the future.
See Yourself in Cyber
When we say See Yourself in Cyber, we mean see yourself in cyber no matter what role you play. As an individual or consumer, take basic steps to protect your online information and privacy...Learn how your organization plays a part in ensuring cybersecurity for the larger ecosystem. Finally, there is a global need for skilled, diverse workers with technical skills to meet the cyber challenges of today and tomorrow, so find out if this is the career field for you."
Did You Know...
Why do we need NCSAM?
Ransomware attacks on higher education increased during 2021, and 74% were successful according to Inside Higher Ed.Inside Higher Ed
Here are a few more reasons from Varonis.Varonis
- 95% of cybersecurity breaches are caused by human error. (World Economic Forum)
- In 2021, 40% of breaches featured phishing, 11% involved malware, and 22% involved hacking. (Verizon).
- Around 26% of all web traffic is bad bot traffic. (Imperva)
- On average, a company falls victim to a ransomware attack every 11 seconds. (Cybersecurity Ventures)
Topics & Tips
Here are the focus topics of the month! You can also peruse information on the WPI Information Security Hub site.WPI Information Security
It landed in Junk Mail for a reason!
Phishing & Junk Mail
Try not to think of your Junk mail as a secondary Inbox! Messages landed there because the filter identified features commonly found in phishing, spam and other unwanted types of messages. Never open attachments, click links, or call phone numbers from these messages. Only check junk mail for email you were expecting to arrive in your Inbox that did not appear.We encourage reporting suspicious messages.More about phishing, & links to information about CEO Fraud, smishing, vishing.
Beware MFA FatigueMFA Fatigue Video (01:06)
Multi-factor Authentication (MFA) can only be a barrier to intruders if you verify carefully! It is vital that you ensure the verification username and location are truly your login being authenticated. For example in the Authenticator App, make sure it is your own exact email address before you press Approve.
WIRED explains how MFA fatigue was used in the September 2022 UBER breach:
"The attacker... claims that they first gained access to company systems by targeting an individual employee and repeatedly sending them multifactor authentication login notifications. After more than an hour, the attacker claims, they contacted the same target on WhatsApp pretending to be an Uber IT person and saying that the MFA notifications would stop once the target approved the login.
Such attacks, sometimes known as “MFA fatigue” or “exhaustion” attacks, take advantage of authentication systems in which account owners simply have to approve a login through a push notification on their device rather than through other means, such as providing a randomly generated code. MFA-prompt phishes have become more and more popular with attackers. "Read more about how MFA protects WPI
Out-of-date software can be the open door for scammers. WPI-managed computers get Operating System updates, but browsers and other third party products need to be updated as well. For personally-managed computers, WPI IT relies on the owners to update their software, which is an important factor in keeping our environment secure.
Software downloads are common way to receive malware. Use WPI softwere resources when possible. For github, etc. can request code review consult from Information Security.
Be aware of what non-WPI resources are opened on WPI computers, and vice versa. [more to say here?]Safe Software DownloadsInstall from Software Center (WPI-owned devices)
A few key reminders:
Your WPI password should be unique!, If you have multiple WPI accounts, each should have a unique password - please don't use the same for all.
Don't save passwords in a browser. Password managers can be helpful (for non-WPI accounts) especially on mobile phones.Read more about password managers and other safety tips
Careers in Cybersecurity - Oct. 4 5:00 PM
Join us in Fuller Labs # 311 to hear about paths you can take to a career in Cybersecurity and enjoy refreshments! Prof. Robert Walls from Computer Science, and IT's Information Security team offer insight into courses, scholarships, and their cybersecurity journey. If you missed it, here is the recording:Careers in Cybersecurity RecordingCybersecurity at WPI from CSCybersecurity ProfessionalsCybersecurity Supply/Demand Heat MapCybersecurity Career Pathway2021 Event Recordings
Game Night - Oct. 5 5:00 PM
Can you protect a power plant from cyberattacks? Student organizations Women in Cyber Security and the Cyber Security Club host Decisions and Disruptions in Salisbury Labs #305- pizza, too!Game Night Details
Catch the Phish! Oct 25
How much do you know about phishing? Stop by our table in Gordon Library from 11 AM - 2 PM. Show us what you know or learn something new to prevent becoming a victim to scammers. Free giveaways, too!
Spot the Trick, Get a Treat Oct 27
Spot the trick, get a treat! Tricksters aren't so scary once you recognize their methods. Visit our table in the Campus Center 11 AM - 2 PM for games and giveaways.