‘Ask Security Anything’ sessions

October marks the 20th annual National Cybersecurity Awareness Month (NCSAM) led, organized, and initiated by the Department of Homeland Security and the National Cyber Security Alliance. University IT and ISD are hosting “Ask Security Anything” sessions where you can ask security liaisons questions on various topics including phishing, firewalls, and the University’s protocols on using USBs and personal devices in the workplace. The first session will be held on Thursday, October 12, from 11:30 a.m. to 1:30 p.m. Registration is not required for these events. For the schedule of topics and Zoom session link, visit University IT’s Cybersecurity Awareness Month page. University IT will also be releasing weekly videos and games related to NCSAM, with opportunities to win prizes.


Phishing, Vishing, Smishing, and Quishing… Oh my!

There are several different tactics malicious actors use to steal your identity. It is beneficial for you that you familiarize yourself with these scams and their terminology, what they have in common, how they differ from each other and the platforms (texting, emails, etc.) scammers use to try and steal your information. For the full list of terminology, examples and tips to protect yourself from falling victim to these various scams, please visit University IT’s Scams page. Don’t forget to check out the release of games and videos for week 2 on our National Cybersecurity Awareness Month (NCSAM) page for your chance to win a prize.


Social Engineering

Social Engineering is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information. Scammers will use phishing, vishing or other means and pretend to be UR/URMC Help Desk or bank for example to gain your trust and convince you to provide pertinent information needed to steal your identity. Tip: Multifactor Authentication is a great way to protect yourself from unwanted access into your accounts, be sure to use push prompts from Duo rather than through SMS/Phone. Check out our National Cybersecurity Awareness Month (NCSAM) page where we just released our Week 3 video on social engineering and information for our next Ask Security Anything Session on Tuesday, 10/24.


Use strong passwords and passphrases

One of the simplest ways to protect yourself and the University is to use secure passwords for your accounts. Think of your password as the lock on the front door of your home. You want a robust and secure deadbolt to keep out any intruders. To protect yourself, University IT suggests:

  • Using long passphrases rather than a single password.
  • Using 14 or more characters, including spaces.
  • Avoiding the use of easy-to-guess dictionary words.
  • Using the university-provided password tool, Keeper, to store complex passwords safely.
  • Using multifactor authentication on your business and personal accounts, where applicable. The business uses Duo MFA while there are a variety of choices for personal use.

Visit the National Cybersecurity Awareness Month page for the Week 4 video and a tool to test the strength of your password. You can also mark your calendars for the next Ask Security Anything Zoom session taking place on Tuesday, October 24, from 11:30 a.m. to 1:30 p.m. Learn more about the session here.