With recent events in the news, we know you have questions and concerns. Some of those may be about cybersecurity. “Am I or is UTHSC more likely to come under attack, am I at greater risk”? We don’t have all the answers, but we do know that attacks are on the rise. From a cybersecurity perspective, focus on the fundamentals. This is key to protecting both yourself and UTHSC. While the sense of urgency may have changed, how cyber attackers target us has not. By fundamentals, we mean focus on these three key points below. The links direct you to SANS newsletters for more in-depth information.
- Phishing: Phishing and related scams are when cyber attackers attempt to trick or fool you into doing something you should not do. Often these scams are sent as emails, but they can also try to trick with text messaging, phone calls, or on social media. Anytime someone is creating a tremendous sense of urgency and rushing you to take any action, or someone is promoting an offer that is too good to be true, this is most likely an attack.
- Passwords: Strong passwords are the key to protecting your online, digital life. Make sure each of your accounts is protected by a unique, long password. The longer your password the better. To keep it simple, use passphrases, a type of password made up of multiple words like “honey-butter-happy”. Also, whenever possible, enable Multi-Factor Authentication (MFA) on your important accounts.
- Updating: Keep your computers, devices and apps updated and current by enabling automatic updating on all your devices. Cyber attackers are constantly looking for new vulnerabilities in the devices and software you use. Keeping them automatically updated makes sure these known weaknesses are fixed and your devices have the latest security features.
In addition, there is going to be a tremendous amount of false information spread on the Internet. This is being done by the Russian government on purpose to confuse people. Do not trust or rely on information from new, unknown, or random social media accounts, such as posts on LinkedIn, Instagram, Facebook, or Twitter. Many accounts on these sites were created for the sole purpose of putting out fake information. Instead, follow only well-known trusted news sources who verify the authenticity of information before they broadcast it. Finally, if you wish to donate to any causes in support of recent events, once again make sure you are donating to a well-known, trusted charity. There will be many scams attempting to trick people into donating to fake charities run by cybercriminals.
We know that times like these can feel a bit scary. This is why we concentrate on SPAR training, to make you prepared to respond to threats. Continue to focus on the fundamentals as we have taught you, and you will go a long way to protecting yourself, no matter who the cyber attacker is.
What else has been reported to email@example.com this past week?
- [Ext] – yep – no Subject line. The bad actors have figured out we can block specific emails based on the subject line, so they try using none. This was another spoofed Dean asking for cell phone numbers.
- [Ext] Order#7845276329842 – another auto-renewal scam that only provides a phone number to dispute the “charge”.
- [Ext] Employee Support Plan for 2022 – an email that DID NOT COME FROM HR, the email enticed people with a “cash assistance program up to $5,000”.
- [Ext] REQUEST: Password almost completed-31619 – a phishing email trying to steal credentials by having users log into a fake site.