2024 marks the 21st annual Cybersecurity Awareness Month!
On this month in 2004, the President of the United States and Congress declared the month of October to be Cybersecurity Awareness Month, a dedicated month for the public and private sectors, and tribal communities to work together to raise awareness about the importance of cybersecurity.
Trick-or-Treat!
Well a trick for sure, but no treat. A Very Real-life Tale of Social Engineering at UWRF!
Last year as the end of September approached and DoTS began preparing for this newsletter our student community was sent an email. The emails appeared to come from prominent faculty members advertising for a student research assistant. The note essentially read "Research assistant needed" and described a believable post-Covid scenario in which the student position would be on site helping a professor working on out-of-state research. The scam goes on to offer a cell number to text for more info, adding a "first come, first serve" comment, time pressuring the victim. The pay is reasonable, the ask sounds legitimate, the next part is the spooky twist. 
Once a communication line is established and trust fostered, the impostor asks the student to provide a bank account routing number. The impostor claims on-site research needs. This leads to a seemingly real deposit, in this case $1800.00. Once the money "shows up," the impostor claims to have made a mistake and asks for a refund. The student sends their actual real money back to the impostor's account. The bank later informs the student that the check was fraudulent and the money is gone... the impostor now ghosts the victim, keeping their monies.
Although this story happened last year, this has happened many times since then and continue to happen every year. Morale of this story... it's hard, and there is no shame in falling victim, these scams work for a reason, but be aware, online bank statements can be deceiving and verifying all cash transactions before leaving your account is advised! Take your time and don't be rushed.
ππππππππππππππππππππππππππππππππππππππππππππππππππππππππππππ
Linked-In Security Course
Annual cybersecurity training is required here at River Falls, but lots of great resources available via Link-In as well. We liked this one!
Cybersecurity at Work - Social Engineering Overview
Caroline Wong is the vice president of Cobalt.io, a cybersecurity services firm. Caroline has been named as one of the Top 10 Women in Cloud by CloudNOW, and received a Women of Influence Award in the One to Watch category from the Executive Women's Forum. She authored the popular textbook Security Metrics, A Beginner's Guide. Learn how to identify and avoid phishing, malware, counterfeit apps, and social engineering attacks. Plus, get tips on adhering to cybersecurity best practices for wireless networks, online accounts, software, intellectual property, and more.
π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦π¦
Changes Since Last Year
Admin By Request now allows individual university accounts to elevate administrator privileges on local workstations.
What and why?
-
Allows for task completion by the user without a call to the service center. The tool prompts for a description of the task. The application allows the user to complete the process while an admin session runs in the background.
-
The user will more securely run normal operations on their computer as a standard user (without administrator rights).
-
This is the concept of βLeast Privilegeβ The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access β or permissions β needed to perform his/her job functions.
-
Application installations will still need to be submitted through DoTS for software review before installation.
ππππππππππππππππππππππππππππππππππππππππππππππππππππππππππ
4 Simple Steps!
-
Use strong passwords and a password manager: Strong passwords are critical to protecting data. They are long, random, unique, and include all four-character types (uppercase, lowercase, numbers, and symbols). Password managers are a powerful tool to help you create long, random, and unique passwords for each of your accounts. Plus, they make storing passwords and user IDs easy. Strong passwords are required at River Falls already βοΈ
-
Turn on multifactor authentication (MFA): You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable multifactor authentication on all your online accounts that offer it, especially email, social media, and financial accounts and use authentication apps or hardware tokens for added security. Learn more about multifactor authentication. Available and protecting us here on campus for years βοΈ
-
Recognize & report phishing: Phishing emails, texts, and calls are the number one way data gets compromised. Be cautious of unsolicited emails, texts or calls asking for personal information. Avoid sharing sensitive information or credentials over the phone or email unless necessary and donβt click on links or open attachments sent from unknown sources. Verify the authenticity of requests by contacting the individual or organization through a trusted channel. Report phishing attempts to the appropriate authorities or IT department. Learn to recognize the signs of phishing and report these incidents to protect data and devices. Outlook has built-in reporting tools, but calls with questions to the DoTS Service Center are encouraged! βοΈ
-
Update software: Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date. If you're using a UWRF-issued laptop, you're receiving our system updates and security patches! βοΈ
π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»π»
Division of Technology Services - DoTS Security Resources
Technology Services maintains a portfolio of security tools and processes for handling operational, daily security. We also provide public documentation.
β οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈβ οΈ
DoTS wishes you a Happy and Cybersafe Autumn!