Cyber Security Awareness

Cyber Security Awareness

With the increase of technological conveniences that make our lives easier, we are sharing more of our information now than ever before. This occurs not just through your smart phone or computer but also through your smart watch, the Bluetooth in your car, or even through the app that operates the lights in your apartment. We are constantly connected to the internet which can make us vulnerable to cyber-attacks.

There is no fool proof way to avoid cyber-attacks but here are a few ways to keep yourself safe:

National Cyber Security Awareness Month 2020
Do Your Part, #BeCyberSmart!

October is Cybersecurity Awareness Month. Do Your Part. #BECYBERSMART banner

October is National Cyber Security Awareness Month and this year the theme is #BeCyberSmart!

Being Cyber Smart is not only about learning the basics on how to protect yourself and others online but also in keeping up with the cyber trends and keeping in mind that the ever changing world of technology can bring upon new threats. Here are a few resources you can check to stay current with Cyber Security.

National Cybersecurity Alliance logo

StaySafeOnline.org - The National Cyber Security Alliance is a non profit organization founded to promote cybersecurity and to create awareness and education on how to stay safe online.  Visit this site for a vast collection of resources and information on all things concerning cyber security with a particular focus on protecting businesses.

Stop Think Connect logo

StopThinkConnect.org - This site encourages users to consider the consequences of their online actions before taking them.  They do this through safety awareness campaigns, by sharing free content on cyber security and educating the digital world.  Visit this site for resources such as infographics, videos, posters and memes to help educate yourself and your communities.

CISA logo

CISA.gov - The CISA (Cybersecurity & Infrastructure Security Agency) is the nation's response to the defense against cyber threats.  If you have been a victim of a cyberattack or need to report an incident, you can stop here for the proper procedures.

When In Doubt, Throw It Out!

October is Cybersecurity Awareness Month. When In Doubt, Throw It Out! banner

October is National Cyber Security Awareness Month and this year the theme is #BeCyberSmart!

COVID-19 scams:
Throughout the epidemic, cyber criminals have been impersonating government or medical officials and offering COVID-Testing, financial benefits, medical equipment or asking for relief efforts.  There have also been a surge of “Work-from-Home” scams circulating that once responded to, leave the victim financially damaged.

  • Use trusted sources to check facts or claims you receive via email.  Instead of clicking in the links within the message, go directly to the main website  of the source the email claims to be from, within your browser.
  • Never reveal personal or financial information in an email.  Remember, official institutions, especially the government, will not request such information from you via email.
  • If an offer seems to good to be true, it probably isn’t.

Phishing & impersonation email scams:
Be wary of any emails asking for personal information such as passwords, financial information, social security numbers, etc.  These could be from cyber criminals looking to steal your information or identity.  Also be wary of suspicious emails with attachments or embeded links.  They could possibly contain malware designed to destroy your computer/device’s system.  Malicious links could lead you to dummy websites that will prompt you to login so that criminals can access your accounts.

  • If you are looking to verify whether an email is legitimate, try to contact the person or company directly using information provided through s reputable website or profile information NOT with the info in the email.  If the email appears to be from someone within the Hostos or CUNY community, check campus directories for contact information to verify.
  • Pay attention to URLs before clicking on links.  The URL might look official but use a different spelling or domain (i.e. a “.com” site instead of .”net).
  • Remember: When in Doubt, Throw it Out.  That includes emails, text messages or messages from social media sites especially from strangers or that were unsolicited.
  • If you receive a suspicious email in your Hostos inbox, you can forward it to ReportSpam@hostos.cuny.edu.

For more information on how to Be Cyber Smart be sure to visit StaySafeOnline.org

If You Connect It, Protect It!

IMG3October is Cybersecurity Awareness Month.  If You Connect It, Protect It! banner

October is National Cyber Security Awareness Month and this year the theme is #BeCyberSmart!

While we are working and learning from home, now more than ever we are spending much of our time on the internet.  In addition to our computers, we have devices such as smart appliances, mobile phones and other devices that are always connected and vulnerable to attacks.  Here are some tips on how to keep your devices safe.

  1. Secure your Wi-fi connection at home.  Your wi-fi is the best way for cyber criminals to access your network and devices. Be sure to change the default settings for username and password and make your passwords hard to guess by using a combination of numbers, letters and symbols.
  2. Enable Multi-Factor Authentication whenever possible.  This will ensure that only you can access your online banking, social media accounts, email or any other account that requires logging in.  If MFA is available for your online accounts, you’ll be able to connect it to your mobile phone or a third party authenticator app to confirm your identity.
  3. Update your software for the latest security updates.  For all your devices, it’s important to enable automatic updates or to update whenever prompted.  Also be sure to protect your devices even further with antivirus software.
  4. Check your App permissions when downloading and using new applications.  You could possibly have malicious applications running on your smartphone that are gathering your personal information without your knowledge.  Delete apps that you no longer use or need and be sure to deny privilege requests that don’t make sense to you or seem suspicious.  Be sure to only download apps from trusted sources.
  5. Watch what you post on social media.  Keep your private information such as personal addresses, your physical location, social security numbers, account numbers, passwords, etc. to yourself.  You may not realize that even the most random details you share about your life can let criminals know details about you in order to target you.

For more information on how to Be Cyber Smart be sure to visit StaySafeOnline.org

National Cyber Security Awareness Month 2018

5 Cyber Security Myths That Need To Be Debunked
5 Cyber Security Myths That Need To Be Debunked
<click image to download a .pdf version>

National Cyber Security Awareness Month 2017

Week One: What Is Cyber Security?
Week One: What Is Cyber Security?
<click image to download a .pdf version>

Week Two: Cyber Security at Hostos (Faculty & Staff)
Week Two: Cyber Security at Hostos (Faculty & Staff)
<click image to download a .pdf version>

Cyber Security at Hostos (Students)
Cyber Security at Hostos (Students)
<click image to download a .pdf version>

Week 3: Cyber Security At Home
Week 3: Cyber Security At Home
<click image to download a .pdf version>

Week 4: The Other Side of Cyber Crime
Week 4: The Other Side of Cyber Crime
<click image to download a .pdf version>

Be Cyber Smart for the Holidays! – Find out how

Cybersecurity Holiday Advisory
<click image to download a .pdf version>

Anti-Virus Software

Having anti-virus protection is essential to preventing serious damage to your computer caused by viruses. Many internet service providers (ISP) have free anti-virus software available for customers. Call your ISP or log in to your account to find out how you can download your free copy.

McAfee anti-virus software is also available for free through the CUNY eMall. To download, log into CUNY Portal to access the e-Mall.

CUNY Portal

CUNY eMall

Security Updates

Keep up with the latest security updates and patches for your software, web browsers and operating systems. Most programs will update automatically to keep up with defense against viruses and malware. Make sure automatic updates are turned on if that option is available.

Strong Password Management

Create strong passwords to protect your accounts online. A word or phrase of at least 8 characters that combines letters, numbers and symbols is a great start. Avoid using common words or easy to guess information such as a pet's name or your birthday. Never share your password with anyone and watch out for anyone attempting to obtain your password through an email or over the phone.

Safe Wireless Computing

Before using Wi-Fi in a public place such as a café or in a hotel, be sure to confirm the name of the network first with staff to ensure that the hot spot is genuine. Avoid doing any shopping, banking or any other sensitive activities while connected. Also, create a password for your personal computer to prevent anyone from accessing your information remotely. If available, use your own mobile network connection or wireless hotspot, which is typically more secure than public Wi-Fi.

Protect Your Mobile Devices

Your mobile devices are considered computers and need protection as well. Be sure to secure your phone with a passcode as they tend to contain a lot of personal information about yourself and others. When downloading an app, also make sure you review the privacy policy and understand what data the app has access to such as location, access to social media and your contacts.

Geotagging and Location Sharing

Be wary of geotagging and inadvertently sharing your location through your pictures especially while away from home or on vacation. You could be leaving yourself and your home vulnerable to suspecting burglars. Be sure to disable the function on your smartphones and change the permissions for social media apps. When sharing pictures, convert them to .PNG file format and publish them from your desktop or laptop instead.

What Are Some of the Most Common Internet Scams?

Phishing Attacks

  • What it is: Using an email or malicious website to collect your personal information or to infect your device with viruses.
  • What to watch out for: Cybercriminals may use a legitimate looking site to lure victims to click on a link or email attachment.  A pad lock in the browser window or an "Https" that precedes a URL indicates a secure site.
  • How to avoid it: Type new website URLs directly into the address bar instead of clicking on links.

Imposter/"You've Won" Scams

  • What it is: A phone call or email from a seemingly reliable person requesting that you send money for a family member, friend or government agency. They can also request payment for taxes on a prize or trip that you've won.
  • What to watch out for: Be wary of an email that looks or sounds suspicious, even if it is from a source you’re familiar with.
  • How to avoid it: Any request that urges you to act immediately or an offer that sounds too good to be true could be the signs of a scam.

Identity Theft

  • What it is: The illegal use of someone's personal information to obtain money or credit.
  • What to watch out for: You may have unknown charges on your bank account, see some unusual activity on a credit card or unauthorized applications on your credit report.
  • How to avoid it: Never reveal any personally identifiable information such as your social security number or bank account number to unknown sources.

Click here to find out how you can recover from identity fraud.

Download our free infographic on how to better protect yourself against cyber-attacks!
Available in English and Spanish!
Cybersecurity Infographic (English)
<click image to download a .pdf version>
Cybersecurity Infographic (Español)
<haga click en la imagen para descargar version en .pdf>

Using Zoom - Security & Safety
 

As a result of the pandemic, most of our interactions now occur virtually, and for Hostos students, faculty and staff, the majority of academic and non-academic “meetings” occur via Zoom.

Therefore, it is important to keep in mind certain settings and considerations for your Zoom meetings to avoid any undesirable participants or their actions that could not only be disruptive, but also have other negative impacts on your other attendees.

Always do the following for your Zoom meetings:

  1. Use the “Waiting Room” and/or “Registration” feature to ensure only Approved participants can join your meetings
  2. Require a passcode for your meetings
  3. DO NOT publish your meeting link with passcode to public websites/social media accounts
  4. Do “Generate a random unique meeting ID” for each of your scheduled meetings, especially those which are non-recurring/not with the same participants (do not use your Personal Meeting ID (PMI) for all your meetings) – this prevents someone who should not be in a particular meeting from joining that meeting
  5. Consider using “authenticated users only” especially if you know your attendees/participants should only be Hostos participants who would have to login with their email/password to join your meeting

Keep the following in mind:

  1. In Zoom “Meetings”, all participants can potentially display their video and audio; there is no way to “mute all” or “stop video” for all participants
  2. If you want to ensure no participants can “share” their screen, etc. then make sure to restrict “Who Can Share?” to the Host only (Note: this doesn’t prevent them from doing something in their own video, it only prevents them from sharing with all the other participants in the main meeting window)
  3. If you are planning to have an online Broadcast event (e.g. town hall, guest speaker series, etc.), you should use the Webinar feature instead of a Meeting. The Webinar automatically blocks video/audio for any attendee who is not a pre-approved Panelist/speaker. If you need access to this feature for an event, please contact the IT Department at itjobrequest@hostos.cuny.edu at least 2 weeks prior to your planned event and do not send any Zoom meeting links until your access has been confirmed.

What to do if you have an undesirable participant or content?

  1. Take a screenshot of the behavior/participant name and send it to itjobrequest@hostos.cuny.edu and, if offensive/dangerous, include publicsafety@hostos.cuny.edu
  2. You can “Dismiss” (REMOVE) that participant from the meeting, or SUSPEND PARTICIPANT ACTIVITIES – these can all be accomplished by right-clicking on the attendees name/video
    1. You can also put a participant “On Hold” essentially suspending their audio/video – but this is only available if you do NOT have the Waiting Room enabled
  3. If the link was publicly shared, and the undesired participants try to connect with alternate ID’s, you may need to END (stop) the meeting, create a new meeting link and share with the desired attendees
 
The IT Department offers workshops on how to effectively and securely use Zoom. You can also view some of the Zoom “How To’s” via their website here:
 
Managing participants in a meeting – Zoom Help Center
In-meeting security options – Zoom Help Center
Getting Started – Zoom Help Center
Meeting and Webinar Best Practices and Resources – Zoom Help Center