National Cybersecurity Awareness Month

October marks the 19th annual National Cybersecurity Awareness Month led and organized by the Department of Homeland Security and the National Cyber Security Alliance. Keep a lookout for security tips that will help you stay ahead of incoming cyber threats. You can also visit University IT’s Information Security page to learn more about different scams, how to spot them, and ways to avoid falling victim to a scammer’s tactics.



Do You Duo?

The University uses Duo, a two-factor/multi-factor authentication process to add a second layer of security to your online accounts and IT services, which helps prevent anyone but you from logging in, even if they know your password. You must enroll in Duo to use many important systems, including HRMS, VPN, UR Student, UR Financials, URMC Remote Access Systems, and URMC email. If you receive a Duo authentication prompt you did not initiate, decline immediately, and then answer “Yes” to the follow-up question, “Was this a suspicious login?”. This will automatically open an incident with IT Security to investigate the login attempt that used your credentials. You can also report suspicious activity via email. In either case, change your password immediately through myIdentity.

To enroll, you must be on the University network. If you need Duo but are not on the University network because you are working remotely, call University IT at (585) 275-2000 or URMC and Affiliates’ ISD Help Desk at (585) 275-3200 for assistance.



The key to strong security begins with your password.

One of the simplest ways to protect yourself and the University is to use secure passwords for your accounts. Think of your password as the lock on the front door of your home. You want a robust and secure deadbolt to keep out any intruders. To protect yourself, University IT suggests the following:

  • Use long passphrases rather than a single password.
  • Using 14 or more characters, including spaces.
  • Don’t use easy-to-guess dictionary words.
  • Use the University provided password tool, LastPass, to store complex passwords safely.
  • Use multi-factor authentication (Duo) on your accounts where applicable.
University IT is also implementing a new tool to check for insecure passwords, notify users, and require them to change. Learn more about this tool and other ways University IT is protecting your data.



Identity Theft Resources

Roughly 47 percent of US adults have experienced some sort of identity fraud. The more proactive you are in safe cyber practices (changing passwords regularly, monitoring credit and reports), the more you mitigate your risk. In the event you fall victim, www.identitytheft.gov is a helpful resource to report identity theft and put a recovery plan in action. University IT offers additional tips to keep your cyber security in check here.



All tricks and no treat with student loan debt forgiveness scams

In August, the Biden administration announced plans to forgive up to $20,000 in student loan debt for eligible borrowers. While this has grabbed the attention of millions, scammers are using this as an opportunity to steal your information. Since the announcement was made, fake debt relief applications have been circulating. University IT reminds the University community to keep an eye out for these red flags:

  • “Act immediately” or “first-come, first-served” loan forgiveness applications: University IT reminds you that you have until December 2023 to apply for relief
  • Student alerts that state your loans are flagged for forgiveness pending verification: Remember, don’t click links in texts or emails, and don’t return calls to “verify” your information
  • Pay-to-apply applications: The application is free
Ensure you are using the legitimate site to apply. If you run into a scam, you can submit a complaint to Federal Student Aid or report it to the Federal Trade Commission (FTC). Get more information by reading Federal Student Aid’s article, “How to Avoid Student Loan Forgiveness Scams.”