Cybersecurity Awareness Month 2023

Thank you for your engagement in Cybersecurity Awareness Month! As we wrap up our final week, we look beyond BU to trusted sources with good cybersecurity information. Here are some of our favorites:

• CISA The Cybersecurity Infrastructure and Security Agency hosts a wealth of information including how to report incidents, cybersecurity trainings & how-to guides, as well as breaking CISA alerts.
• Brian Krebs Journalist Brian Krebs provides the latest cybersecurity news, follow him on Twitter or via his blog KrebsOnSecurity.com.
• The Internet Crime Complaint Center (IC3) Hosted by the FBI, you can file formal complaints for ransomware attacks, scams or online threats. You can also view the latest alerts issued to by the government.
• Bleeping Computer: Tutorials, cyber-news, downloads and forums make this website a wealth of knowledge for staying up to date and active with cybersecurity information.
• WIRED: The security section of this online magazine is a fun and fast read, covering popular security stories as well as helpful articles like “You need an online password manager. Here are the best ones.”

And after a month of cybersecurity awareness, how do you fare in the Danger Zone? Test your knowledge by playing KnowBe4’s “Danger Zone” game!

Welcome to the third week of Cybersecurity Awareness Month! This week we will talk about reporting incidents. Like knowing how to call the police, understanding how to report cybersecurity incidents is critical to ensuring you get the help you need during a cyber event.

Security incidents are events that indicate BU systems or data have been attacked or compromised. Security incidents include data breaches, malware infections, phishing messages, and ransomware attacks.

We encourage anyone in the Boston University community who is aware of a potential cybersecurity vulnerability or event affecting accounts, data, computers, or networks to report it. Please contact your BU IT support organization or ithelp@bu.edu any time that you think you may have observed a cybersecurity vulnerability or event.

Here are some things to look for:

• Someone else appears to have access to your accounts or devices, as evidenced by changes to your account, records, files, or email that were not made by you.
• You can view personal information you do not think you should be able to see.
• Your computer is behaving as if someone else has control over it, such as the cursor moving, the camera being turned on, or text being typed.
• Someone outside of your known IT support contacts you and seeks your assistance in gaining access to your system or otherwise bypassing security controls.
• You have found a way to circumvent a Boston University cybersecurity system.

To report an incident, contact your organization’s IT team or contact the IT Help Center at ithelp@bu.edu or by calling 617-353-HELP (4357). For more information visit: https://www.bu.edu/tech/services/security/cyber-security/sensitive-data/reporting/

To report a phish, forward the email with headers to abuse@bu.edu.
Check out this short video on Reporting an incident:

RSVP: In partnership with the School of Public Health, BU Information Security is proud to host Kris Grahame, FBI Boston, to present Foreign Influence & Disinformation Campaigns Online, October 24th from 3:30pm-5pm. For more information and to register visit: https://www.bu.edu/tech/support/information-security/cam/events/

Don’t forget: bring your unneeded paper and electronics to our Shred + Recycle Events today Wednesday October 19^th at Agganis Lot and Thursday October 20^th on the Med Campus at the Talbot Green!

Here are tips for and using Duo effectively:
• Whenever possible, use Duo Push through the mobile app – it is the fastest and most secure option.
• NEVER authorize a prompt or call you did not initiate. Whether it’s through the phone or a push, click on “Deny” if you are not expecting the prompt!
• Never provide another person with a Duo authorization passcode.
• Verify that any site asking for authentication via the web uses a ‘bu.edu’ address, with https://shib.bu.edu/, https://adfs.bu.edu/, and https://weblogin.bu.edu/,being the most common.
• The URL should always start with https://. The “s” is critical – it means “secure”.

If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
• Change your BU password immediately: https://weblogin.bu.edu/accounts/changepw
• Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.

Get ready to SHRED! Bring your unneeded paper and electronics to one of our Shred + Recycle Events on Tuesday October 18^th, Wednesday October 19^th and Thursday October 20^th!

Here are tips for and using Duo effectively:
• Whenever possible, use Duo Push through the mobile app – it is the fastest and most secure option.
• NEVER authorize a prompt or call you did not initiate. Whether it’s through the phone or a push, click on “Deny” if you are not expecting the prompt!
• Never provide another person with a Duo authorization passcode.
• Verify that any site asking for authentication via the web uses a ‘bu.edu’ address, with https://shib.bu.edu/, https://adfs.bu.edu/, and https://weblogin.bu.edu/,being the most common.
• The URL should always start with https://. The “s” is critical – it means “secure”.

If you clicked on a link and provided your password, or approved a Duo prompt you did not initiate:
• Change your BU password immediately: https://weblogin.bu.edu/accounts/changepw
• Contact the BU IT Help Center: ithelp@bu.edu or 617-353-HELP.

Get ready to SHRED! Bring your unneeded paper and electronics to one of our Shred + Recycle Events on Tuesday October 18^th, Wednesday October 19^th and Thursday October 20^th!