![\"\"](\"\/tech\/files\/2020\/09\/CAM_LOCKUP_HORIZONTAL_full_color-636x200.jpg\")
<\/p>\n<\/p>\n
As National Cybersecurity Awareness Month draws to a close, we are writing to let you know that we will be conducting a University-wide phishing simulation in the coming weeks. The purpose of this exercise is to practice recognizing the common characteristics of phishing messages and what to do (and not do) when you receive one. If you \u201cbite\u201d on our phish hook, you will see a BU web page letting you know that it was us and identifying how you might have known the message was false.<\/p>\n Why is this an important <\/strong>exercise now?\u00a0<\/strong>On March 6, 2020 the Department of Homeland Security (DHS) sent a warning to all Americans that cyber actors were sending emails with malicious attachments or links to fraudulent websites exploiting the Covid-19 pandemic. They followed up on March 13 encouraging all organizations to adopt a heightened state of cybersecurity and then issued a Covid-19 cyber threat update warning that the frequency and severity of attacks will increase over the coming weeks and months. Boston University is conducting this training as a direct response to this threat.<\/p>\n What can you do to prepare?\u00a0<\/strong> Visit our phishing page to learn what the warning signs are, how to identify or flag a suspicious email, and how to report a suspicious email to Boston University: https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/phishing\/<\/a><\/p>\n In addition, the National Cyber Security Alliance has launched a Covid-19 resource library in an effort to provide updated information on current scams, cyber threats and remote working: https:\/\/staysafeonline.org\/covid-19-security-resource-library\/<\/a><\/p>\n Falling for our simulated phish will not have any negative impact or consequence for you. It will only provide you with quick, helpful guidance to consider in the future. However, responding to or clicking on a link within a real<\/em> phishing message will put you and the University at risk. We urge you to be cautious at all times when using email.<\/p>\n Stay cyber safe!<\/p>\n <\/div>\n<\/div>\n<\/strong><\/p>\n Passwords are increasingly easy to compromise. They can often be phished, stolen, or even guessed! Let\u2019s be honest, our passwords need some help (enter Two-factor authentication…<\/i>) Two-factor authentication (2FA) is a validation method that requires two or more verification factors to gain access; something you know<\/i> \u2013 \u00a0your password or security questions \u2013 plus something you have<\/i> \u2013 \u00a0a smartphone app or mobile device. This additional layer of protection significantly increases your security, protecting you even if your password is compromised.<\/span> Here at the University, we use Duo for our two-factor authentication (Duo 2FA). If you\u2019re using BU Works or the Student Link you\u2019re already using Duo 2FA. We\u2019re excited to add Duo 2FA for BU Google accounts (which includes BU Gmail) on November 12, 2020. <\/span> We know MFA makes our accounts significantly harder to compromise, but are we using it correctly?<\/span> TIP OF THE WEEK:<\/span><\/b> Take an active part in your security by following these practices for using Duo 2FA:<\/i><\/span> \u2022\u00a0Monitor your Duo prompts<\/strong>: When you log in to access your account, you\u2019ll receive a Duo prompt on your mobile device. If someone else attempts to access your account, you will also receive a prompt. Click \u201cDeny\u201d on any prompt you did not initiate! This will stop anyone on the other end from gaining access. You\u2019ll then be prompted to answer \u201cWhy are you denying this request\u201d clicking on \u201cIt seems fraudulent\u201d will trigger a support ticket through the IT Help Center so we may investigate further.<\/span> \u2022\u00a0Use the App<\/strong>: If you can use the smartphone app to approve Duo requests this is the best way to go. It\u2019s simple and easy to use, provides clear information about the source of the request, and it saves the university money over the phone call and SMS options. <\/span> \u2022\u00a0Make sure your information is up to date:<\/strong>\u00a0It\u2019s critical to ensure that you know what devices and phone numbers Duo has associated with you Make sure your second factor information is correct and up to date in the app. If you get a new phone number or device, make sure to update Duo<\/a> right away!<\/span> \u2022\u00a0Contact the IT Help Center if you lose your mobile device<\/strong>: The IT Help Center can remove your connected device ensuring someone isn\u2019t able to access your accounts if they have possession of your phone or tablet.<\/span> For more information on Duo visit:\u00a0https:\/\/www.bu.edu\/tech\/support\/duo\/<\/a><\/span> You can also add Duo 2FA if you have an BU Office365 account by\u00a0opting in<\/a>. In addition, you should add 2FA to your personal accounts like\u00a0Facebook<\/a>\u00a0and your bank. Even the Starbucks app allows you to add 2FA to your account!<\/span> Hit \u201caccept<\/em>\u201d on enabling 2FA wherever and whenever possible for an extra layer of\u00a0security for the rest of your week!<\/span><\/p>\n <\/div>\n<\/div>\n<\/strong><\/p>\n Phishing remains the number one source of cyber-attacks & breaches globally, and here at Boston University. Being the victim of a phishing attack not only jeopardizes University resources, it can result in financial loss, identity theft, and take substantial time and effort to resolve. <\/span><\/p>\n During the pandemic, cyber criminals have aimed at taking advantage of the all the information and uncertainty surrounding COVID-19. Attackers are always looking for new opportunities to exploit vulnerable situations and we must be especially vigilant to prevent them from taking advantage of this crisis. If you are unsure of information that you have received electronically about the University\u2019s response to COVID-19 do not click on any links or download attachments. The most current and accurate information is always available on BU\u2019s\u00a0Back2BU<\/a>\u00a0webpage or our\u00a0Covid-19 Testing Data Dashboard.<\/a><\/p>\n What is phishing?<\/span><\/strong>\u00a0Phishing is an attempt to criminally and fraudulently acquire sensitive information such as usernames, passwords, or credit card details by posing as a trustworthy entity in an electronic communication. This includes email, telephone or text messages.<\/span><\/p>\n What can I do to prevent falling for a phishing attack?<\/span><\/strong>\u00a0Stop, think & evaluate any digital communications. Be critical of unsolicited or unexpected emails or messages, especially those that instill a sense of urgency. Click with caution and always verify the source.<\/p>\n What actions do I take if I suspect I\u2019ve received a phishing communication?<\/span><\/strong>\u00a0Forward any suspected phishing emails to\u00a0<\/span>abuse@bu.edu<\/a><\/em>\u00a0and then DELETE IT! If you do respond to a phishingemail, the most important action to take is to\u00a0<\/span>change your password<\/a>\u00a0immediately and contact the\u00a0IT Help Center<\/a>.<\/p>\n So how can BU better help our community in combating phishing during this time? Well this leads us to our…<\/span><\/em><\/p>\n TIP OF THE WEEK:<\/strong>\u00a0Check out the\u00a0BU Phish Bowl<\/a>\u00a0for the latest scams that have been reported by our community. Being vigilant and knowing what is out there will prepare you for when a phish makes its way into your inbox. This website will show you actual (and timely) phishing scams that have made it onto our network so you can identify and avoid getting hooked!<\/span><\/em><\/p>\n For more information on phishing and how to spot a phish\u00a0visit:<\/span><\/em><\/strong>\u00a0https:\/\/www.bu.edu\/tech\/support\/information-security\/security-for-everyone\/phishing\/<\/span><\/a><\/em><\/p>\n DO YOUR PART #BeCyberSmart<\/strong>\u00a0and remember taking the extra step to stop,\u00a0 think and reach out to verify a digital communication will keep you and the University safer. Take it further by passing on your knowledge to family & friends.<\/p>\n WHAT\u2019S NEW IN ZOOM? <\/strong>Join us this Thursday 10\/15 at 5pm for a Demo & Discussion of the latest security features for securing your sessions! Resister here: https:\/\/bostonu.zoom.us\/meeting\/register\/tJclc-mgpz4pGNFmGdhBISgU58GAXAgM-gDo<\/a><\/p>\n Stay safe & phish-free!<\/p>\n <\/div>\n<\/div>\n<\/strong><\/p>\n Happy October! This month kicks off Cybersecurity Awareness Month a collaborative effort between the U.S. Department of Homeland Security and the cybersecurity industry to raise awareness about the importance of protecting your information online. This year\u2019s theme is \u201cDo Your Part. #BeCyberSmart<\/strong>.\u201d<\/span> Every year, in alignment with Cybersecurity Awareness Month, the BU Information Security Team reaches out weekly in an effort to communicate simple tips, resources and best practices to help our community become safer online. More than any other time in history, now is the time to be proactive about your online wellness<\/span>. So remember:\u00a0If you connect it, protect it.<\/em><\/span> Let\u2019s dive into the first topic for Cybersecurity Awareness Month 2020, our new best friend:\u00a0Zoom<\/em>!<\/i><\/span> TIP OF THE WEEK<\/span><\/strong>: Check out the new and improved BU Zoom security guide:\u00a0<\/span> BU has\u00a0<\/span><\/span>compiled a helpful guide for faculty, staff and students to Zoom security features. The\u00a0Guiding Questions<\/em>,\u00a0Security Features<\/em>\u00a0and\u00a0Planning Guide<\/em>\u00a0will walk you through maximizing and securing your sessions.\u00a0<\/span><\/span> In addition, join us for a demo & discussion:\u00a0What’s new in Zoom?<\/em>\u00a0<\/span>on Thursday October 15th at 5pm EST.\u00a0<\/span>Get more\u00a0<\/span>details and register\u00a0<\/span>here: Here are some highlights to get you started:<\/span> Don\u2019t go public with your meetings:<\/span><\/strong>\u00a0Posting meeting links, IDs, and passcodes on a public forum invites unwanted guests. Instead, send meeting details directly to attendees. Running a public event? Link to an event page hosted on a BU website or consider requiring registration for your meeting.<\/span> Utilize waiting rooms to your advantage:<\/span><\/strong>\u00a0You can enable waiting rooms when you create a meeting or at any point during the meeting. Waiting rooms allow hosts to be selective about who can enter a session.<\/span> Use security features real-time<\/span><\/strong>:<\/span><\/strong>\u00a0<\/span><\/b><\/span>In a meeting and have a security concern? Don\u2019t disrupt it by ending the meeting; hosts & co-hosts can use the Security button to quickly remove participants or adjust features, including the ability for participants to unmute themselves.<\/span> Make sure you\u2019re using the latest & greatest version:<\/span><\/strong>\u00a0Updating not only your Zoom but all apps & operating systems is the simplest thing you do to stay up to date with the latest protections (and cool features!)<\/span>.<\/span> We\u2019ve tried to\u00a0<\/span><\/span>make Zoom security simple\u00a0<\/span>with the updated Zoom guide. Zoom has provided even more helpful information through their blog:\u00a0https:\/\/blog.zoom.us\/<\/a>\u00a0<\/span> What\u2019s up next<\/span><\/strong>: Next week we\u2019ll take you phishing with us!<\/span> Coming Soon<\/span><\/strong>: In the coming months we\u2019re excited to roll out Duo Two-Factor authentication for your BU Google accounts. Stay tuned for more information!\u00a0\u00a0<\/strong>\u00a0<\/span><\/p>\n <\/div>\n<\/div>\n<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":4697,"featured_media":0,"parent":110387,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/99649"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/4697"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=99649"}],"version-history":[{"count":51,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/99649\/revisions"}],"predecessor-version":[{"id":137187,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/99649\/revisions\/137187"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/110387"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=99649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Week 4: October 28th, 2020<\/h3>
<\/strong><\/p>\nWeek 4: University Phishing Simulation<\/strong><\/h2>\n
Week 3: October 21st, 2020<\/h3>
<\/strong><\/span><\/p>\nWeek 3: Two-Factor Authentication<\/strong><\/h2>\n
Week 2: October 13th, 2020<\/h3>
<\/strong><\/p>\nWeek 2: Phishing<\/strong><\/h2>\n
Week 1: October 7, 2020<\/h3>
<\/strong><\/p>\nWeek 1: <\/strong>Zoom Security<\/strong><\/h2>\n
\n<\/span>https:\/\/www.bu.edu\/tech\/services\/cccs\/conf\/online\/zoom\/getting-started\/meeting-security\/<\/a>\u00a0<\/span>
\nhttps:\/\/www.bu.edu\/tech\/support\/information-security\/cam\/events\/<\/a><\/span>