Happy October! Every October, in alignment with Cybersecurity Awareness Month, the BU Information Security Team reaches out weekly to communicate a security topic of importance to the BU community in an effort to keep our community protected. Can we count on you to Do your part. #BeCyberSmart?
Week 4: Cybersecurity resources & test your knowledge
Week 4: October 25th, 2022
Thank you for your engagement in Cybersecurity Awareness Month! As we wrap up our final week, we look beyond BU to trusted sources with good cybersecurity information. Here are some of our favorites:
• CISA The Cybersecurity Infrastructure and Security Agency hosts a wealth of information including how to report incidents, cybersecurity trainings & how-to guides, as well as breaking CISA alerts.
• Brian Krebs Journalist Brian Krebs provides the latest cybersecurity news, follow him on Twitter or via his blog KrebsOnSecurity.com.
• The Internet Crime Complaint Center (IC3) Hosted by the FBI, you can file formal complaints for ransomware attacks, scams or online threats. You can also view the latest alerts issued to by the government.
• Bleeping Computer: Tutorials, cyber-news, downloads and forums make this website a wealth of knowledge for staying up to date and active with cybersecurity information.
• WIRED: The security section of this online magazine is a fun and fast read, covering popular security stories as well as helpful articles like “You need an online password manager. Here are the best ones.”
And after a month of cybersecurity awareness, how do you fare in the Danger Zone? Test your knowledge by playing KnowBe4’s “Danger Zone” game!
Week 3: What are security incidents?
Week 3: October 19th, 2022
Welcome to the third week of Cybersecurity Awareness Month! This week we will talk about reporting incidents. Like knowing how to call the police, understanding how to report cybersecurity incidents is critical to ensuring you get the help you need during a cyber event.
Security incidents are events that indicate BU systems or data have been attacked or compromised. Security incidents include data breaches, malware infections, phishing messages, and ransomware attacks.
We encourage anyone in the Boston University community who is aware of a potential cybersecurity vulnerability or event affecting accounts, data, computers, or networks to report it. Please contact your BU IT support organization or ithelp@bu.eduany time that you think you may have observed a cybersecurity vulnerability or event.
Here are some things to look for:
• Someone else appears to have access to your accounts or devices, as evidenced by changes to your account, records, files, or email that were not made by you.
• You can view personal information you do not think you should be able to see.
• Your computer is behaving as if someone else has control over it, such as the cursor moving, the camera being turned on, or text being typed.
• Someone outside of your known IT support contacts you and seeks your assistance in gaining access to your system or otherwise bypassing security controls.
• You have found a way to circumvent a Boston University cybersecurity system.
To report a phish, forward the email with headers to abuse@bu.edu. Check out this short video on Reporting an incident:
RSVP: In partnership with the School of Public Health, BU Information Security is proud to host Kris Grahame, FBI Boston, to present Foreign Influence & Disinformation Campaigns Online, October 24th from 3:30pm-5pm. For more information and to register visit: https://www.bu.edu/tech/support/information-security/cam/events/
Don’t forget: bring your unneeded paper and electronics to our Shred + Recycle Events today Wednesday October 19th at Agganis Lot and Thursday October 20th on the Med Campus at the Talbot Green!
Week 2: What is ransomeware?
Week 2: October 12th, 2022
At BU, we protect our online identities, services and data with Duo. It’s easy to use and adds significant protection. If your password is hacked through phishing, a data breach, guessing or any other compromise – Duo saves the day, preventing unauthorized access to your account.
Here are tips for and using Duo effectively:
• Whenever possible, use Duo Push through the mobile app – it is the fastest and most secure option.
• NEVER authorize a prompt or call you did not initiate. Whether it’s through the phone or a push, click on “Deny” if you are not expecting the prompt!
• Never provide another person with a Duo authorization passcode.
• Verify that any site asking for authentication via the web uses a ‘bu.edu’ address, with https://shib.bu.edu/, https://adfs.bu.edu/, and https://weblogin.bu.edu/,being the most common.
• The URL should always start with https://. The “s” is critical – it means “secure”.
If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
• Change your BU password immediately: https://weblogin.bu.edu/accounts/changepw
• Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.
Get ready to SHRED! Bring your unneeded paper and electronics to one of ourShred + Recycle Eventson Tuesday October 18th, Wednesday October 19thand Thursday October 20th!
Week 1 October: Using Duo Multifactor authentication effectively
Week 1: October 4th, 2022
At BU, we protect our online identities, services and data with Duo. It’s easy to use and adds significant protection. If your password is hacked through phishing, a data breach, guessing or any other compromise – Duo saves the day, preventing unauthorized access to your account.
Here are tips for and using Duo effectively:
• Whenever possible, use Duo Push through the mobile app – it is the fastest and most secure option.
• NEVER authorize a prompt or call you did not initiate. Whether it’s through the phone or a push, click on “Deny” if you are not expecting the prompt!
• Never provide another person with a Duo authorization passcode.
• Verify that any site asking for authentication via the web uses a ‘bu.edu’ address, with https://shib.bu.edu/, https://adfs.bu.edu/, and https://weblogin.bu.edu/,being the most common.
• The URL should always start with https://. The “s” is critical – it means “secure”.
If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
• Change your BU password immediately: https://weblogin.bu.edu/accounts/changepw
• Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.
Get ready to SHRED! Bring your unneeded paper and electronics to one of ourShred + Recycle Eventson Tuesday October 18th, Wednesday October 19thand Thursday October 20th!
Support us and download a BU Cybersecurity Awareness Virtual Background here:
Cybersecurity Awareness Month was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online.
When Cybersecurity Awareness Month first began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time.
Since the combined efforts of NCSA and DHS have been taking place, the month has grown in reach and participation. Operated in many respects as a grassroots campaign, the month’s effort has grown to include the participation of a multitude of industry participants that engage their customers, employees and the general public in awareness, as well college campuses, nonprofits and other groups.
Between 2009 and 2018, the month’s theme was “Our Shared Responsibility.” The theme reflected the role that we all – from large enterprises to individual computer users – have in securing the digital assets in their control.
In 2009, DHS Secretary Janet Napolitano launched Cybersecurity Awareness Month at an event in Washington, D.C., becoming the highest-ranking government official to participate in the month’s activities. In subsequent years, leading administration officials from DHS, the White House and other agencies have regularly participated in events across the United States.
In 2010, the kickoff of Cybersecurity Awareness Month also included the launch of the STOP. THINK. CONNECT. campaign. President Obama’s proclamation for the month includes STOP. THINK. CONNECT. as the national cybersecurity education and awareness message.
Also in 2010, NCSA began moving the launch of the month to sites around the country. The month has been launched in Seattle and Bellevue, WA, Ypsilanti, MI, Omaha, NE, Boston, MA, Nashville, TN, and Washington, D.C.
Starting in 2011, NCSA and DHS developed the concept of weekly themes during the month. This idea was based on feedback from stakeholders that the many aspects of cybersecurity should be better articulated, making it easier for other groups to align with specific themes. Themes have included education, cybercrime, law enforcement, mobility, critical infrastructure and small and medium-sized businesses.
The collaboration of NCSA and DHS on Cybersecurity Awareness Month is one of the many successful public-private partnerships that are so critical to cybersecurity.